Researchers at Massachusetts Institute of Technology (MIT) are working on a system called Mylar, which would ensure that all data from a website held on servers is encrypted at all times, to protect against spying programs like PRISM. The idea is that a web service would never be able to decrypt data – that power would only be available to users.
There’s no trusting a server.
The Mylar system only decrypts information on your computer – but the servers will not hold any encryption keys so any data requested from it would be almost unusable. As Mylar creator Raluca Popa says “the server doesn’t have the ability to give unencrypted data,” as Mylar works with code running in a person’s browser that allows the data to be shown in its intended form.
Despite data being encrypted on servers, Mylar is able to search without unscrambling it. The system will allow users to share data without their encryption keys being made vulnerable to discovery, too.
The system is being tested by a group of hospital patients in Boston. The website is used to collect patient data, but is can only be decrypted and viewed by the patients or their doctor.
Speaking to MIT Technology Review, University of Pennsylvania researcher Ariel Feldman says while the system is impressive, he can see a barrier to it being used – if a users loses their encryption key somehow, the data is lost forever.
Source: MIT Technology Review