03 May The ‘key’ to privacy
Scentrics is in the business of securing data – and thus privacy – through encryption, the techniques for locking and unlocking access to information.
It’s not a new science – however, we are about to see a massive transformation in the way that we all embrace privacy across the Internet. This step change is driven by an increasing demand from consumers to ensure that their privacy is protected while they are online. There is also a need for balance — to satisfy public opinion that people intent on harm such as terrorists can’t hide behind a fully encrypted world. And by the appearance of the right technological solution, that for the first time ever is low cost, fully scalable and easily accessible to the masses across the plethora of devices we use every day.
Key issue
All encryption since its early inception has depended on two or more parties having access to a key to lock and unlock data that they want kept private. The issue preventing wider adoption has always been how to create, distribute and manage all the keys needed to lock and unlock data in real-time across all devices. And also to do this in a way that is low cost and scalable, while meeting the requirements of citizens, enterprise and government policy.
The process for sharing and storing keys in a secure way is a tricky problem for cryptography. If an adversary gains access to the key, then your data becomes accessible. So how do you send someone a key in the first place, in a way that can’t be intercepted? And how do people store that key, so that it can’t be discovered? The key is typically the most vulnerable part of any encryption scheme.
Historically, this was a problem for generals and spymasters, but nowadays, everybody wants access to secure encryption. We want to be able to protect our private messages. We want to be able to buy and sell things online without worry. We want to use online services without our private details becoming public.
Serving a purpose
There are many tools available offering encryption, the most common being variations upon public key infrastructure (PKI). However, these solutions have become plagued by problems around ease-of-use, scalability and accessibility by national security agencies. It is also worth remembering that storing keys on a client device may not meet full regulatory compliance.
The best answer, we believe, is server-centric key management, Scentrics’ unique area of expertise, and not PKI. In this case, a centralised server creates, manages and stores encryption keys. They are downloaded to your device when you need to encrypt or decrypt data, and then erased from its memory.
This allows keys for multiple services and applications to be managed automatically, without the user having to do or remember anything more than a user name and password.
Crucially, this method separates the keys from the encrypted content, which increases security and eliminates several points of weakness. Scentrics can’t ‘see’ and does not store the content its users are encrypting.
It also separates those keys from service providers – the people who provide the app or website in use – which gives greater privacy and control to the user.
Furthermore, Scentrics’ solution allows for legitimised key escrow. ‘Escrow’ means putting something into the hands of a trusted third-party, only to be released if certain conditions are met. When you buy something on eBay, for example, your payment is placed in escrow with the company, and only released if the item you purchased is received as expected.
In Scentrics’ case, the escrow conditions would allow that if a national security agency obtains a court warrant, then Scentrics would supply the keys for the specific encryption actions required, those actions generated within the provisions of the warrant.
Through this combination of important advantages, we can enable mutual trust between citizens, service providers and government.
A better Net
The world is crying out for better privacy on the Net. Indeed, the inventor of the Web, Tim Berners-Lee is currently campaigning for radical improvements to current standards which puts data back into the ownership and control of the citizens who create it.
“A tipping point could be reached where people will realize ‘that data belongs to me’,” he told Wired recently. Such an overhaul of internet standards would require encryption everywhere, for everyone, as the default way to exist on the Net.
This is the new world that Scentrics wants to help realise. The impact of full-time, server-centric encryption of everything people do using the Internet would be nothing short of revolutionary.
Encryption is not evil. It gets a bad name in some quarters as it is seen to protect a small minority of people intent on harming others. However, this is entirely untrue. In the hands of the masses, encryption is a good thing for all the reasons cited above. The key is to ensure it is implemented in the right way, which is where the needs of civil ethics and national security are correctly balanced under a policy of legitimised key escrow.
People would have much more control over their personal data and enjoy much greater privacy and confidence online. The multiple Big Data companies who thrive upon combining personal interactions for information with which to slot people into advertising demographics would still be able to operate but with a new rule book. We would give control to the masses whilst still allowing Big Data Companies access to the necessary profile information to do business. This does not necessitate giving them full access to the all our most personal and private information.
Illegal operations across the Net – from piracy to terrorism and paedophile rings – would be decimated, since all data and interactions online could potentially be linked to named individuals, subject to a court warrant.
We hope you will join us in this privacy revolution.