Published January 23, 2014
The surveillance bombshells revealed by Edward Snowden have prompted many Americans to reconsider what they say and do online.
Hoping to seize upon amplified privacy concerns, a former National Security Agency architect launched a free service this week that allows users to easily encrypt their Gmail, Yahoo (YHOO) and Outlook emails.
Virtru, which has received $4 million in angel financing, emerged from stealth mode on Tuesday and has already attracted interest from a number of potential corporate customers, including big Wall Street banks.
“There is mass concern about privacy. The issue is people don’t know where to go to take action. We’re trying to meet that need,” said John Ackerly, a former White House official who co-founded Virtru with his brother Will.
While working at the NSA, Will Ackerly helped invent an encryption format that has become the standard for sharing sensitive data between U.S. intelligence agencies. Seeing the great demand to protect personal and commercial documents, the Ackerly brothers are now deploying that platform to a much wider audience.
“Services like Virtru will probably give most commercial users a degree of security that only governments have enjoyed to this point,” said Cedric Leighton, a former NSA official who does not know the Ackerly brothers.
'Very Hard to Break'
Virtru appears to be launching at a perfect time given the enormous amount of attention on government surveillance, which classified documents leaked by Snowden show is far greater than the American public realized.
According to a poll of 2,000 U.S. adults by Harris Interactive that Virtru commissioned, 73% of Americans online are concerned about the privacy of their email communications. But just 34% of online adults said they had taken steps like using a secure email provider or encrypted technologies.
While the Snowden revelations “caused the country tremendous harm in terms of national security,” John Ackerly said the “issues are real and the balance of power has shifted away from the individual.”
Using the open-source Trusted Data Format that Will Ackerly helped create in 2008, Virtru allows users to encrypt emails from Google’s (GOOG) Gmail, Yahoo, Microsoft’s (MSFT) Outlook and Apple’s (AAPL) Mac Mail. The service is powered by 256-bit AES encryption.
“That’s the highest level encryption that is available commercially. It’s also the same type used by most of the governments out there. It’s very hard to break that,” said Leighton. “You can never say anything is 100% foolproof because there are efforts underway to break every single type of encryption.”
Here's How It Works:
Jim Rickards, who serves as an adviser to the U.S. intelligence community, said he isn’t aware of the NSA being able to “easily decrypt” messages that have robust encryption. “And if they can, it’s probably one of the most classified secrets in the government,” said Rickards, who is a consultant on market intelligence at Omnis.
Virtru would likely be effective at preventing keystroke monitoring by third-parties, but like all forms of encryption it would not stop surveillance when a device is infected by malware or is being monitored by a physical keystroke monitor.
Virtru said it never has access to the email content and only manages access to the key required to read the content.
Click image to enlarge.
There are a number of other email encryption platforms that people use, including Hushmail, though none have gained mass adoption.
“Our whole mission is to focus on ease of use and simplicity,” said John Ackerly, who previously worked at Blackstone (BX) and Providence Equity Partners.
In addition to its encryption features, Virtru offers users the ability to revoke access to an email at any time, akin to a digital self-destruct button. Users are also able to prevent messages from being forwarded and set them to expire at a specified date.
Eventually, Virtru plans to expand its platform to help users protect other forms of communication, including texts and messages on Twitter (TWTR).
Virtru Eyes Enterprise Opportunities
Based in Washington, D.C., Virtru has 12 full-time employees and an ecosystem of 28 people supporting the platform. The workforce includes a number of people who have a background in U.S. intelligence.
Virtru isn’t currently generating any revenue, though the company’s founders believe it will very soon.
One way to make money off the technology is to charge individuals, small businesses and enterprise users for premium products, including the ability to encrypt files created by business applications like Excel or PowerPoint. Another option Virtru executives are kicking around is charging for access to a dashboard that will allow users to search their protected content.
Virtru is also considering licensing its encryption key management architecture to ultra-secretive customers who want to store the key themselves instead of letting Virtru do it.
The company is already targeting health-care and financial-services companies as potential clients. Virtru has received “a lot of inbound interest and had very deep conversations with a couple of the largest investment banks in the world about deploying TDF,” John Ackerly said.
Erosion of Privacy
Virtru is launching just as corporate America’s war with hackers deepens, highlighted by the costly data breaches at retail giant Target (TGT) and department store Neiman Marcus. Amid the enormous demand for security products, there have been a slew acquisitions in the cyber space, including VMware’s (VMW) $1.54 billion takeover of mobile firm AirWatch and FireEye’s (FEYE) $1 billion buyout of Mandiant.
It’s clear Virtru’s founders care deeply about privacy issues, especially after their stints working for the federal government.
“My experience at the NSA gave me a deep understanding over how difficult it is to protect your data. It was that appreciation that really motivated my shift in focus,” said Will Ackerly.
John Ackerly said he saw some “pretty interesting decisions made post-9/11,” a period when he worked at the White House and Commerce Department. Individual privacy “has been eroded over the past 10 years,” he said.
Leighton said the decision to launch Virtru represents a shift in what NSA employees do after leaving the spy agency.
“Twenty years ago or even 10 years ago most NSA employees would have never thought of providing services like these to the general public,” said Leighton. “Now we’re seeing a democratization of these capabilities.”