Privacy v. Security: new group claims they’ve cracked it
via Flickr © aag_photos (CC BY-SA 2.0)
The formation of an outfit called the Secure Chorus Group was announced today with the goal of promoting an interoperable encrypted communications scheme “for enterprise and government”. The idea is to provide one global standard for encryption key management - one designed to provide a balance between those age-old protagonists: privacy and security.
According to Dr Nithin Thomas of SQR Systems, a founder of the group, Secure Chorus aims to found an ecosystem and a set of open standards to build it. Members so far include Armour Communications, BT, CESG, Cryptify, Cyber Y, Finmeccanica, Samsung, SQR Systems and Vodafone, with more members in the pipeline.
The idea is to work cross-platform, cross-vendor and cross-network and to shoulder out (it hopes) the small, often device-based, islands of proprietary security protocols some of which are currently causing much concern in government and security circles because they can’t be surveilled… at all.
According to Nithin the Secure Chorus approach serves private, corporate and government needs all at once by enabling secure communications to take place but providing a way for the security services (or indeed employers) to look in should the need arise.
“This is not about leaving a ‘backdoor’ for the security agencies,” says Nithin. “The ‘keys’ will be securely locked by the system owner.” So agencies would need a court order get at them and the stored or real-time encrypted information they wanted to look at.
“The encryption keys will be allocated and controlled by the system owner. But the real key here is the interoperability,” says Nithin, “nobody else is doing that.”
“Enterprises need the confidence to know that their communication security solution won't result in isolation and vendor lock-in,”said Elisabetta Zaccaria, founder & CEO of Secure Chorus Group member, Cyber Y.
As you might expect, however, there are voices against this approach. Critics point out that despite the open source nature of the key management system (a feature which would seem to make it difficult to code in a ‘back door’), that system itself is the vulnerability, creating a clear target for someone wanting to hack in and get access to the keys. In particular, say critics, there is a master key, necessary for generating the intermediate private keys - access to this could allow communications to be decrypted in bulk, it’s claimed.
Readers planning to attend the looming Mobile World Congress in Barcelona can get further information from source as the The Secure Chorus Group will be presenting the concept on 23rd February at 14:50, at the UKTI stand in Hall 7.