The market for secure private communications—encrypted messaging—is exploding. And with an estimated 70 trillion consumer and business messages expected globally by 2018, a bunch of New York startups want to “manage” the messaging process—to find ways to make messages secure and private.
Federal agencies want secure networks to prevent the massive cyber attacks they have been plagued by. Large corporations embarrassed by disclosures such as Sony’s want enterprise-wide security. But they also want access to individual communications as part of their overall plan to mine and monetize user data. Meanwhile, and controversially, the NSA wants “back door” access to all communications, ostensibly to monitor terrorism and oversee national security.
The encrypted messaging models offered by big companies are flawed, says Eric Liftin, a New York software entrepreneur and founder of Tunnel-X, a private encrypted communications service. The need of big consumer-oriented communications companies to store user data for their business models—selling ads—and have the data accessible to a wide range of users undermines a lot of their efforts to keep data secure. And as the cyber attacks on federal agency databases and financial institutions show, the world is full of giant databases simply waiting for a hacker.
Small entrepreneurial businesses are taking a different tack towards cybersecurity. They are protecting access, encrypting and re-encrypting data, and eliminating almost all access points.
“We do believe the best cyberdefense, first and foremost, is to close all back doors. If one group can access, many will,” says Katherine Priestley Pitblado of Park Vale Capital, a London growth capital firm that specializes in cybersecurity investments. “Finding best solutions is always the domain of small businesses and entrepreneurs, because problem solving is a fairly pure pursuit. Making money changes everything.”
Apple and Google said last year they would encrypt their smartphones so that they couldn’t be compelled by law enforcement officials to reveal information that their devices stored. But the Obama Administration continues to pressure the tech giants on increased data sharing to combat terrorism. Indeed, it is the fear that the big companies will ultimately give in to government pressure that makes their encryption efforts suspect.
The startups, by contrast, are addressing the technology problem first, before trying to create a business model. And ultimately the best solutions may be small and local, not the “universal” ones offered by big companies, says Liftin.
Greg Parker, a New York software entrepreneur, sees the challenge to be developing tools for which the encryption is “strong” and the user experience easy for customers. “Make the complexity disappear,” he says. Parker is founder of Raketu, a novel secure messaging business that connects users device to device, doing away with servers and intermediate points where a message can be intercepted and deciphered. More importantly, the messages cannot be stored, leaving no room for unauthorized access.
Encrypting content is key to secure and private messaging, explains Parker. “While some players claim encryption, they do not encrypt the content, just the movement from the device to their servers, where they store the content unencrypted. Few actually encrypt the content,” he explains.
Raketu takes encryption several steps beyond the traditional. Whereas most encryption key lengths stop at 256 bits, Raketu uses key lengths of up to 4096 bits.
Liftin, an architect and software entrepreneur, has a similar business model for Tunnel-X, a program that provides an “online place” for private conversations.
“We don’t ask anything about you. No e-mail address, name, or phone numbers,” says Liftin. “And we don’t ask for username or password, which have proven very easy to hack by an intermediate level guy.” Instead Tunnel-X protects access into the system by using a long key encoded in a JPG image.
A third New York startup, Watchful Software, is targeting enterprise communications by integrating biometrics to protect access, and encryption to protect data. CEO Charles Foley says the firm’s two primary products—Typewatch and RightsWATCH—automatically categorize all data within the system and enable or disallow sending and receiving depending on the security clearance of the sender and the receiver. Sensitive information in the wrong mailbox cannot be opened. RightsWATCH can even go back into archived information and categorize old stored data, thus providing security for all information in the system, whether it is current or stored.
In a cybersecurity market that most investors see as overcrowded, startups such as Watchful, Tunnel-X, and Raketu have attracted their share of investors. However, none of it is anywhere near the $39 million given last year to Wickr, a West Coast startup that bills itself as a free “top secret” messaging app. Wickr says it is betting that it will find a loyal user base that will use its platform because it is trusted. But with the pressure of that $39 million, it may quickly have to revise its business model if it is proven wrong.
The New York startups are focusing on first getting the technology right, then making sure they have what users want and feel comfortable with. The market will follow, they typically say.
Says Priestley Pitblado of Park Vale, an investor in Watchful, “This is not just about private messaging. It is about private, corporate, and government-circulated information over any form of device.” There is controversy, government pressure, conflicted interests, diverse sorts of messages and data, and an absence of a “universal” antidote. But the solutions already exist—for those who want them.