10/22/2013— Jon McKay
At this point, I would hope that everyone has become aware of the inexcusable violation of human rights committed by the NSA and the US government so I won’t go into details here. However, as they say, there is a silver lining to every cloud, and I think the silver lining to this dark cumulus is an order of magnitude more attention being given to new encryption techniques.
I attended RealtimeConf in Portland this weekend and was impressed by the browser-side cryptography methods being presented by Martin Bosslet and Kyle Drake to keep servers from storing private information in plain-text. One attendee was planning on offloading his encryption to his Tessel by gathering ambient sound/temperature/accelerometer sensor data which would generate more random input. Such entropy-based cryptology enables stronger protection against decoding algorithms that seek out deterministic patterns.
As more and more devices get connected to the internet, the potential for invasion of privacy from dragnet programs like PRISM or companies like insurance firms become increasingly more serious and complex. Digital trespassers won’t just have the chance to know what websites you visit and emails you send, they can know what you say, what doors you open, when you drive you car, or how much you weigh. It’s like being followed around by a ghost– a ghost with the power to arrest you until you prove your innocence.
Obviously, we’ll need many more sophisticated security techniques and trust mechanisms than what currently exists to make the internet of things truly secure, but our attention is finally being drawn to how important it is to protect the amazing treasure the web (and our data) has become. Making the Internet of Things secure is becoming less about protecting our users from leaks and more about protecting users from the platforms themselves. At Technical Machine, we’re committed to building an Internet of Things platform that developers can implement a secure system on top of as easily and robustly as possible.
I’m thankful that PRISM happened now instead of ten years from now and I’m optimistic that we, as a community, will get the chance to make our future more secure.
P.S. If you’ve got ideas of how to build secure platforms on open source microcontrollers, we’d love to hear from you: firstname.lastname@example.org.