Offline Cache Encryption Option to Opt-Out

Hi Everyone,

We at @Mekom have a task to encrypt the offline cached data as an extra security precaution. The reason for this feature is that it would make it more difficult for persons who confiscate user devices to read sensitive patient data directly from the browser’s offline cached data.

The main question is: Is this something that everyone wants? Or do we need to add some way to opt-out of this service?

While scoping out work for this feature we noticed that this data encryption could have some small performance impact for data encryption and decryption. In general we assume that an extra layer of security is a good idea and this should be implemented in the OpenMRS offline mode and “on by default”. However we understand that this feature might not be useful or even wanted by everyone. If this is something that would negatively affect you, please let us know.

Right now we are planning on encrypting offline cache for the offline module. However if there is enough demand we could support an “opt-out” mode for offline cache encryption. Going down the route of an opt-out feature would make this implementation take approximately 50% more work and have an added burden of lifetime ongoing support since we would forever need to test offline mode with and without opting out of cache encryption.

Thanks, and please let us know your thoughts below :grin:

1 Like

I believe, following subsequent discussions, the decision was made to encrypt the offline cache for the sake of privacy & security, believing the performance penalty for encryption/decryption would be outweighed by the security benefits (e.g., not relying on hardware encryption).

@zacbutko I’m guessing you’ll get more feedback when people encounter the encryption/decryption delays in the field. :slight_smile: