Encryption program keeps PDA data safe

Palm devices have become always-on secretaries, calendars and notebooks. People are saving personal and professional information, sometimes with no idea what data the devices hold, according to Eamon Hoey.

Hoey, chairperson of Fox-Hoey Consulting Inc. in Toronto, said people aren’t aware of the range of data they have on their PDAs.

“If you leave a meeting for a minute and leave your Palm on the table, with the beaming technology that goes on today, it would be very easy for someone to transfer all your data.”

Bob Raymond noted this was becoming a pressing concern for developers at the Palm Source conference two years ago. Raymond, manager of products for JAWZ Inc., in Toronto, said that was when the idea for DataGator was born. DataGator is an encryption program run on a PDA which secures all data stored on the device.

“On the main page, when you turn the device on, it asks for a login, underneath the password box it says, ‘Data on this device is encrypted’ and under that is name and phone number,” Raymond said.

He stated the first level of security is that without a password people cannot access data beyond that front page. “The second level of security is the actual file encryption, the logon process, authentication,” he said. “The third stage is uncompromising data security, meaning that the only way for someone to reactivate the palm device without passwords is to nuke all the data.”

He did note that all data leaving the PDA would have to be decrypted, meaning once it’s on the waves the data is vulnerable.

“We do force users to log on and re-enter a password before beaming, again to protect the data,” he said.

DataGator works on any device using the Palm OS, and according to Raymond it will protect data on all third-party applications on the PDA.

The install is a quick process, the company said, and DataGator sits on top of the PDA software. JAWZ uses a product called Hackmaster to monitor and regulate all operations, Raymond said. “Really it is just a protocol manager. We are making sure things happen in a certain way.”

Charles Holmes, project manager, decision support and analysis for Crystal City, Va.-based Battelle Memorial Institute, has been using DataGator since mid-January, 2001 – when the product was originally launched.

He was concerned about protecting the information on his Palm. He uses it for work and personal information storage. “I wanted to make sure that security holes in the OS could not be used to access the information if my device were lost or stolen,” he said.

Holmes heard about DataGator through Palmgear’s Web site (www.palmgear.com). For Holmes, the install process was a problem, depending on which hacks were running. “I found out later, after discussing my Handspring Prism’s configuration, that DataGator was not compatible with [Fitaly Stamp or Teal Master]. I found that with Fitaly Stamp installed, the opening menu screen to set the security parameters would not appear or would do so randomly. Using Teal Master instead of Hackmaster would produce memory allocation errors,” he said.

However, Hoey said his office CIO had no problems with the company-wide install.

Holmes added that the encryption and decryption process is a bit slow. “If the applications themselves are encrypted, this slows down the operation needlessly.”

He said he would like to see the ability to fix unintentional scrolling, plus have menu selections automatically check or uncheck databases, vs. doing each one individually.

“There are other products on the market which allow the user to select from a menu of encryption methods – this would be of interest as well,” he said, adding he is currently using the product to encrypt databases, but not applications.

Hoey said one change he would make is to find an easier way to disable and enable the program. “You have to put your code in every time you turn it on or off,” he said. “I found if I was going to be at my desk for a long time, I disabled the program, and then when I left, I would re-enable it.”

Hoey stressed that data encryption on PDAs is critical, especially with the issue of surveillance. “It’s no longer just worrying about losing your device or having it stolen.”

Raymond noted that in order for PDAs to reach critical mass, people have to trust that their information is secure.

DataGator will work with all Windows-based PCs and all Mac-based PCs. It has a very small footprint – using 160Kb. “That’s where we preserve the Palm experience,” Raymond said.

The standard version starts at US$39.95 and a professional edition starting at $49.95. Volume discounts apply.