MIT researchers are working together with the Meteor Development Group on a Mylar project that would allow companies to offer customers fully encrypted Internet services, MIT Technology Review reports. Mylar would extend data security to servers, adding a new layer of encryption to complement the encrypted connection between a personal computer and server. Mylar would actually encrypt the user’s data on a server, requiring the related decryption password in order to access the data. As a result, the data would be safe from prying eyes and various Prism-like spying operations.
“You don’t notice any difference, but your data gets encrypted using your password inside your browser before it goes to the server,” researcher Raluca Popa said. “If the government asks the company for your data, the server doesn’t have the ability to give unencrypted data.”
The software also includes some interesting “cryptographic tricks,” that allow a server to “do useful things with user data without having to descramble it.” Users would be able to search through documents in a cloud protected by Mylar, but also share them with friends via a system that can distribute necessary decryption keys safely, without third-parties having access to them.
Mylar is apparently in testing at the Newton-Wellesley hospital in Boston for a website that collects patient medical data. Using the software, only the doctor and the patient have access to a user’s data. “All they had to change is 28 lines of code out of 3,659 to secure their application,” Popa says.
University of Pennsylvania researcher Ariel Feldman believes the service can offer added protection, but says that Internet companies may not necessarily deploy such systems. “It would be a watershed moment if any of these types of systems actually got deployed to millions of users,” he said. “The real obstacles to adoption are usability and the business case for deploying them.”
One potential problem with a Mylar-protected system is that users who forget their passwords would be forever locked out. Some business challenges include the fact that some online services providers actually make money by harvesting user data. However, Mylar may prove to be a welcomed security solutions to enterprises and governments.
Recently, an Internet service that offered encrypted email to customers was forced to shut down, after refusing to provide the government access to those protected emails. This may be another obstacle preventing certain companies from offering truly Prism-proof websites.