RSA Implementation - A Matter of Trust

A project log for STARTEC REGISTRO

An open-source system for COVID-19 contact tracing

Startec InnovationsStartec Innovations 12/17/2020 at 23:000 Comments

We've just recently released a version that implements RSA encryption.

What is RSA you might ask?

In a very basic (and over-simplified) way of putting it, RSA is an encryption scheme requiring two keys: one key, called the public key, is released to the devices and is used to encrypt the information; on the other hand, the other key called the private key is used to decrypt the information. If you want to learn more, there's a great video you can check out here.

This means that even if we release a public key for everyone to use for encryption, only the person with the private key will be able to effectively have access to everybody's data. This isn't just an issue of data protection, it also becomes a question of trust.

Who do we trust with our information? Are we comfortable that only a certain authority or agency will have a monopoly on the data we create, let alone data about Us?

These are important questions to ponder, primarily because it's central to this system. Whether you're using this as a requirement to get into your grocery store, or you're on the other end, trying to wrap around these question when you're implementing this system, trust is a tricky issue to navigate, especially if one party has a bigger bargaining chip. 

However way you want to address these concerns, please remember that trust can be as much as about gains versus losses as it is about empathy and understanding. Rather than concerning ourselves with defensively covering for our own, what if we start thinking about getting to know the other side of the story, considering things at another person's point of view?

Doing so can open a lot of doors in fully comprehending issues in context, and we can solve problems in a much lighter and more effective means, since we're going to right to the source itself. People who use our products or systems are the best people to tell us about their experience, and the subsequent problems they might encounter.

Please note however that we're not talking about heaps of feedback forms and the blind block of the suggestions box. We're talking about having conversations. Sometimes, a light interview with key people or a nice chat with acquaintances who might've happened to use our system is far more effective way in understanding the situation. Trust is not just about a one-way relation, it's building a rapport. When you start thinking this way, people will catch on and notice.

This way will take a lot more time and effort, but we believe it's a much better alternative, a more human approach. Our hope is that when you get to implement this system, take our advice and go on with an empathetic disposition. We thought it important to let your read this first, before we give full instructions on how this system can be implemented in the next log.