Splitlock founder still confident of beating the government in court
Allan Endresz explains detail of Australian-footballer-fronted encryption scheme
Following our discussion of the footballer Jason Akermanis-fronted startup Splitlock, founder Allan Endresz has made contact with The Register to offer some of the technical details of the technology – as well as to provide his perspective on the company's corporate history.
Since it's the technology that will play a huge role in determining whether Splitlock lives or dies, Vulture South will start there.
As noted in our previous story, the encryption scheme was patented to Alan Tune and assigned to Splitlock. Its mechanism is to carve the protected data into two chunks, and hash each piece of the data. That way, if one repository is breached and copied, the attacker shouldn't be able to turn it back into usable data.
Storage and retrieval needs another wrinkle: it should be difficult for an outsider to associate a record in one database (say, an in-house enterprise database) and the other (for example, a database running on an AWS instance).
In the example of a credit card number (sixteen digits), the hash of the first eight digits (held in database A) is used as the index record for the database holding the second chunk (the last eight digits). That way, the chunk held in the Splitlock remote database is inaccessible without the password and hash.
Implementation will, of course, be the key, since even the best encryption can be defeated either by an unnoticed software bug, by a successful rubber-hose attack against someone holding the password, or by an insider attack.
To protect against such eventualities, the system throttles the transaction volume to protect against bulk downloads of data. A presentation Endresz provided to The Register adds detail about other features, including reports on transaction velocity (to identify changes to the patterns of data access), and time-based restrictions on stored data.
Endresz also told The Register that his 17-year legal battle with the Australian government (and with the Australian Securities and Investment Commission) is not over yet.
“Last year, a full bench of the Federal Court overturned the bankruptcy orders against us,” he said. That left Endresz and his businesses in a position to continue their actions: “our final applications go in on 29 February,” he said.
“We're confident that on the 11 May we will have all of the judgements overturned.”
Chief among their woes was their involvement in Commonwealth grants scheme.
Endresz says one of the scheme's administrators paid money to his companies without the authority to do so. That led the Commonwealth to a recovery action that ended with funds frozen, but the only individual to receive a conviction over the matter was the administrator.
From Endresz's point of view, he and his companies were as much victims as anyone, since it was inadequate bureaucratic processes in Canberra that led to his long court actions. If successful in the current action, he hopes at least to recover in the order of AU$60 million – the original grants, plus interest.
The Register will watch the outcome of the court actions with interest. ®