PassLok in the UK

david-cameronIt is already illegal for a Briton to refuse to surrender his/her/its password to law-enforcement authorities, and Prime Minister Cameron is now trying to make all non-backdoored encryption illegal as well. What can you do if you are affected by this situation?

My answer, as you have already guessed, is: use PassLok.

Actually, it’s not only UK citizens who have this problem. This article explains how you may be in the same boat if you happen to live in France, India, Australia, and other places. But let’s say you are a Briton.

There are five reasons why you should use PassLok rather than other solutions to secure your email (besides being much simpler, and prettier too):

1. No servers or storage. Since nobody stores your data or keys, nobody can get an order to surrender them. In PassLok, your secret Key is never stored anywhere, no even on your trusted devices, which you may be forced to produce and unlock at law enforcement’s more or less kindly request. You lock your data with PassLok, and it is in this form that they get transmitted through your separate email program. The email provider will produce your locked data if pressured to do so, but not the Key that unlocks it because they don’t have it. The only place where that Key resides is in your head.

2. Decoy mode. But let’s say it’s illegal for you to refuse to surrender this precious Key. Then go ahead and give it to them, so long as you use PassLok’s Decoy mode. In this mode, locked items actually contain two plaintext messages, one of them completely undetectable. This way, people can be carrying a conversation through the main messages, and an entirely different one through the hidden messages, locked under a different set of Keys. Should they be forced to surrender their Keys, the hidden messages remain secret and just as undetectable. It would be unreasonable for any authority to demand the surrender of a second Key that, most likely, doesn’t even exist.

3. Perfect Forward Secrecy (PFS). PassLok is probably the only application meant for asynchronous communications such as email (this means that both parties are not necessarily online at the same time) that implements PFS. When PFS mode is used, locked messages become unlockable when the next message is exchanged, because the Keys used for locking are overwritten on the device and are not stored anywhere else. This way, if one is forced to surrender his/her/its secret Key, past messages cannot be unlocked no matter what. If this is not enough, PassLok has Read-once mode, where Key deletion happens as soon as a message is read, resulting in the closest thing to self-destruction this side of the Great Firewall of China.

4. Steganography. This is the Greek name for the science of hiding. If you live in China (or the UK in the near future), you might get in trouble just for emailing random-looking encrypted messages. Unlike pretty much all other programs, PassLok offer you the opportunity to transform its random-looking output into apparently normal text taken from a user-selectable cover text, which the recipient can return to its original state before unlocking it. PassLok also includes two ways to hide its output into images, which can then be sent as attachments to email messages. Images can hide a lot of data.

5. PassLok is human-readable. Britain and other countries with democratic leanings have laws protecting free speech (which, rather inconsistently, doesn’t always extend to cryptography). Well, the possession and distribution of at least the html version of PassLok should be protected under those laws because PassLok is human-readable code, not machine code. This is precisely how PGP survived the onslaught of the US Government back in the 1980’s, when its developer began to distribute it as a book containing the source code, which people could then type or scan and compile to executable code. PassLok is used directly in this form, simply by loading it into a browser.

Leave a Reply

Your email address will not be published. Required fields are marked *