Cyberkey - TNO for YOU

Nate Abbott

Abbott Business Networks

(All Rights Reserved)

Today I was introduced to a new security product that will shortly be released to market called Cyberkey (http://cyberkey.com).  The concept is simple:

1. Download Cyberkey.  

2. Install Cyberkey (after installing one prerequisite), 

3. Plug two USB sticks into your computer successively as directed, which converts them into special USB keys.

Result:  An encrypted folder appears on your hard drive, Google Drive folder, or DropBox folder, that is locked with the best available encryption and only when you insert your "personal" USB key into your computer.  When you remove the personal USB key from your computer, the folder disappears into a vault that is practically inaccessible to the most powerful super computers in existence.

The USB key that makes your data appear is the second USB stick processed in step 3 above.  The first USB key is your master key, and it allows you to produce replacement keys.  Here is the explanation from the Cyberkey website: "The Master Key holds the keys needed to unlock your Vault. The Personal Key holds scrambled versions of those keys - descrambling requires a PIN that you choose during setup. You keep the Master Key someplace safe - in case you lose your Personal Key - and carry the Personal Key with you."

The secret sauce that makes Cyberkey work is TrueCrypt, which is an open source encryption package that many of us in the industry know and have used to secure data for years.  That is the “prerequisite” that is easily installed before Cyberkey can run.  It is a package that Information Technology professionals, engineers and the like find accessible and easy to use, but average computer users may find baffling.  Cyberkey leverages TrueCrypt's strength, very strong encryption based on the most advanced and reliable crypto in circulation anywhere, and wraps it in a simplifying package that makes it very easy for anyone to use, and to understand the rules about.

The key acronym here is "TNO", or "Trust No One".  If you are in any way concerned about data on your computer becoming known at any time by people who you do not know or trust, then what you want is TNO security.  If you rely on a third party to secure your data, either on your hard drive or in "the cloud", then you are subject to not only the laws governing search and seizure under probable cause, but also the potentially unconstitutional searches that our National Security Agency may conduct.  If you are using truly "TNO" security, then it doesn't matter who gets your data, or who gets access to your data on a third-party storage platform.  Nobody can look at your data because the keys are required to unencrypt the data.  If you destroy the keys, you remove access to the data.  Only your passphrase and TrueCrypt can open the data vault back up, and arguably you cannot be compelled to testify against yourself and give up a thing that you know, such as a passphrase.  As the encryption guru Bruce Schneier says, "Trust the Math".

Such is the extreme reasoning that some of us think about when we consider privacy, however there has been a broader discussion about the new surveillance state that has arisen since 9/11 in the United States and elsewhere in the world.  Democracies are for the first time organizing totalitarian-regime-like surveillance capability that involves intensive analysis of signals as well as data.  Signals would be the stuff that the law permits government agencies to look at without any court approval: TCP/IP addresses, email header information such as "from" and "to" email addresses, time-stamps, cell phone numbers and routing data.  These signals can tell a great deal about us, and they are used by the agencies to establish a cause of further investigation, which may include examining the contents of email messages, text messages, and communications that would be protected under the constitution, but are available to agencies that are engaged in national security protection and anti-terrorism.  Most of my readers will be aware that this discussion has escalated since the defection of Edward Snowden and his revelation of secret NSA documents published by The Guardian and other newspapers internationally.

Regardless of what you feel about our security state and the legitimacy of the Snowden activity, we are affected deeply by the idea that we are being watched.  We need to know that things we want to maintain privately may remain private.  It is our right as citizens of the USA.  There may also be quite a few good business and personal security reasons. The business opportunities are fairly obvious: Law firms dealing with sensitive case material that opponents might be eager to compromise.  Business partners planning a merger, acquisition or sensitive product development effort with valuable intellectual property.  Small business owners with personnel trouble.  All could find this useful.

For this reason, I am enthusiastic about Cyberkey and its accessibility to common computer users, not just the geeky ones who have known and loved TrueCrypt.  If you have two spare USB flash drives of any capacity, including small capacity ones that cost less than $7.00 at Staples or Walmart, and if you have a computer running Windows 7 or later, you can try out Cyberkey for free like I did.  Just go to the Cyberkey website at www.cyberkey.com and follow the simple prompts.  

I spoke to Fred Federspiel, the developer, and he is planning some great extensions to the product once it gets launched and off the ground, including Apple Macintosh support.  Fred has a long background as an engineer and inventor, and I think he is onto something here, bringing Crypto to the masses in a very accessible way. Give it a try and let Fred know what you think.