PRISM-proof system could turn servers into spook-proof fortresses

PRISM-proof system could turn servers into spook-proof fortresses

A young MIT student has invented a new system for storing data which could offer protection against unscrupulous colleagues - and even against the hi-tech tentacles of government organizations with “back doors” into corporate servers.

A young MIT student has invented a new system for storing data which could offer protection against unscrupulous colleagues – and even against the hi-tech tentacles of government organizations with “back doors” into corporate servers.

A young MIT student has invented a new system for storing data which could offer protection against unscrupulous colleagues – and even against the hi-tech tentacles of government organizations with “back doors” into corporate servers.

The system, Mylar takes a different approach to data storage – data is stored in encrypted form on servers at all times (as opposed to the usual practice of storing such data unencrypted). The user’s browser decrypts the data, at a speed which means users, “Won’t notice a difference.”

MIT describes the system as PRISM-proof – in that, even if a system requests data from the server, it will be delivered in encrypted form, according to MIT technology review. Creator Baluca Popa says, ““You don’t notice any difference, but your data gets encrypted using your password inside your browser before it goes to the server,” Popa says. “If the government asks the company for your data, the server doesn’t have the ability to give unencrypted data.”

Other sites made much of the idea that the system would be ‘spy proof’ – although it obviously protects against just one tactic employed by intelligence agencies, rather than providing blanket  protection. Mylar is not simply a data safe, though, as revealed by Popa’s paper– it will be possible to search for files within the encrypted data, although decryption will require the user’s unique key.

The service is already being tested in Newton-Wellesley hospital in Boston – and fits into the hospitals systems so well that the researchers had to rewrite a mere 28 lines of code to use it in the hospital. In tests, the only noticeable difference is a slight slowing of chat communication – latency of around 50ms, according to IT ProPortal.

Speaking to Boy Genius Report, University of Pennsylvania researcher Ariel Feldman believes the service can offer added protection, but says that Internet companies may not necessarily deploy such systems. “It would be a watershed moment if any of these types of systems actually got deployed to millions of users. The real obstacles to adoption are usability and the business case for deploying them.”

 

Discussion