Analysis

Staff from both organizations reflected positively on the initial LockBox deployment experience. The version 0 prototype had such a small and easily-understandable source code footprint that Open Privacy staff were able to review it quickly, and take confidence in its security despite the atypically tight timeframe due to the relevant cryptographic bits being almost indistinguishable from libsodium example code. Other organizations were expressing interest in its potential to meet their own needs (and indeed, we have begun receiving contributions resulting from these new deployments getting underway!).

Development on our flagship project Cwtch (a free/open source metadata-resistant messaging platform) had resulted in a number of tools and libraries we hoped would make integrating Cwtch into other applications easier. However, we had yet to settle on exactly what those applications would initially be. While LockBox does not currently have Cwtch integration (it's on our "maybe one day" roadmap, see below), we were able to make use of Opaque, Cwtch's UI widget library that includes a configurable theme engine. We found we were able to use Opaque and our go-qt pipeline to create an initial functional prototype in under a day, and an application that matched Cwtch's somewhat unique aesthetic and we felt comfortable sharing with the client in a single weekend. Subsequent development proceeded slowly but steadily as a result of iterative interactions with and feedback from the client organization as they administered the fund.

Some complications arose around having to manually manage data files (a common pain point in cryptographic applications). The public key (and all other configuration files) were deleted by accident once; if our staff member hadn't been walking them through the setup process, they may have missed or ignored the instruction to make a back-up copy. As well, the review council initially struggled with how to meet online and share information about applicants without e.g. naively emailing the decrypted data around and undermining all the efforts to procure strong encryption and privacy. Recognizing the importance of communicating these subtleties of operation to future LockBox users, Open Privacy (with funding assistance from Privacy International) commissioned the creation of a narrated video, illustrated primer, and training materials for LockBox's setup and use. We are also considering plans to add data management and keyholding directly to the app, should our "Future Plans" (see below) for adding Cwtch peer-to-peer integration come to fruition.

The coincidence of a key loss happening on our very first trial run highlights the importance of helping users prepare for this eventuality. Open Privacy will be exploring integrating features such as threshold cryptography from our other technology portfolio for this, such as in our Shatter Secrets prototype which allows users to distribute a private key amongst an arbitrary number of remote parties, such that some minimum threshold of them must come together to combine their keyshares with each other before the key can be used to decrypt any data.

As one might expect, administering such a mutual aid fund does not come without its share of external problems, and it is imperative that software developers in this space constantly be on the lookout that their efforts to reduce one harm do not perpetuate some other. In post-hoc interviews, staff said they did not believe LockBox or its technology platform caused, contributed to, or exacerbated any of the nontechnical issues they experienced. This was not an academic, market research or otherwise study and so we did not interview or interact with the client's members in any way, other than to exchange technical/debugging information in conversations relayed through a staff member.