Journalists traveling across borders or passing checkpoints in many regions of the world face a problem:
How to protect stored data against decryption and capture if coerced by third parties?
Of course all data is encrypted according to best practice, but what if a journalist is pressured, threatened, or tortured, to give up the encryption passphrase?
Nobody can withstand such pressure for long, and giving up threatens to reveal sources and unredacted research material. If such data falls into the wrong hands, the damage can be substantial.
Cypherlock aims to solve this problem by giving journalists a way out. Instead of having to withstand forever, just wait a little, predefined time and the encryption passphrase becomes useless.
Using a combination of distributed servers on the internet, an App on the journalist’s smartphone, and a little USB device, passphrases are stored encrypted on the user’s device in such a way that they can only be decrypted during pre-defined time frames. Every decryption attempt after the defined time will yield no information.
Cypherlock never stores encryption passphrases outside of the user’s phone. Instead it only manages a fragment of the key to decrypt a passphrase.
The implementation effort for Cypherlock is ongoing. We have released a version that uses a single server for enforcing time policies, and are now working on advancing the technology to allow distribution over many servers - increasing reliability and distributing trust.
Stay tuned for further releases…