Former NSA worker unveils tool said to secure email
Co-founded Virtru, one of an emerging group of companies tackling the tricky problem of improving email encryption
IDG News Service - Email, perhaps still the most widely used Internet application, has about the same level of security as a postcard. But unlike postcards, it's widely depended on by businesses.
It wasn't designed with security in mind. It was just designed to work. But following disclosures of large-scale spying by the U.S. as well as other nations over the last several years, a variety of companies, including Wickr and Silent Circle, see commercial opportunities in making encrypted messaging products that are easier to use.
Joining those companies is Washington, D.C.-based Virtru, co-founded by the Ackerly brothers. John, 38, has a background in private equity, and his younger brother Will, 34, joined the U.S. National Security Agency out of college in 2004.
Their fledging venture aims to solve usability problems around using email encryption software, which can be finicky to set up. With Virtru "you can send to anybody, and then they can get access to it without having to have a PhD in computer science," Will Ackerly said.
Virtru's big advantage is that it works within the Gmail, Outlook and Yahoo webmail interfaces and doesn't need an external client, which was no small engineering feat, Will said.
For example, content typed in the body of an email is immediately encrypted so that Gmail, which periodically saves a draft of a new messages, only sees encrypted content.
Senders, however, must install a browser extension, which manages the encryption and decryption of content. Those crucial processes occur on a person's computer or a mobile device, which means those webmail providers would only see scrambled content. Recipients can opt not to install the extension and read the decrypted content within a browser window.
The body of an email message is encrypted in the Trusted Data Format (TDF), which Will authored a paper on in 2008 while working for the NSA. The open-source format is akin to a secret ZIP file and is widely used in the U.S. intelligence community. Unlike other encryption program such as PGP, TDF also allows attachments to be encrypted.
Saying something is encrypted sounds good, but there are fine technical points that must be spot-on for the highest level of privacy and security.
The small Dallas-based company Lavabit, believed to be former NSA contractor Edward Snowden's email provider, lost a court battle with the U.S. government that forced it to turn over its SSL (Secure Sockets Layer) key.
That encryption key secured communication between customers and Lavabit's servers. With the key, the U.S. government could have descrambled the email of not just Snowden but all Lavabit users, which many found unnerving.
To get around that weakness, Virtru uses elliptic curve Diffie-Hellman ephemeral key exchange, a mouthful that means Virtru generates a new key every time a user starts a new email session.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts