Modern consumer electronic devices such as smartphones and laptops are laden with intimate personal data such as past conversations, photos and videos, medical information, and passwords for services that contain information on our entire lives. This makes the devices of particular interest to law enforcement officials during even routine searches. A particular threat to users is when crossing international borders, as we have repeatedly seen reports that the data on these devices is subject to search and seizure without warrants or even suspicion of wrongdoing. In some cases, travellers have even been compelled to provide PINs, passwords, encryption keys, and fingerprints to unlock their devices. In this position paper, we argue for the use of threshold cryptography to distribute encryption keys into shares, which are then securely transmitted to friends residing at the traveller's destination. When a traveller is subjected to scrutiny at the border, they are technically unable to comply with requests to decrypt their devices. Assuming the traveller is permitted to complete their journey, they must then physically interact with some (user-configurable) threshold number of their friends on that side of the border to recover their encryption keys. In our proposal, attackers must compromise both the traveller and a threshold number of the traveller's friends in order to learn anything about the secret key; the friends are unable to collude without the traveller present. We also implement Shatter Secrets, an open-source prototype Android app aimed at realizing this goal.
展开▼
