WASHINGTON - When it comes to the many tools that help people guard their privacy online, there have largely been two basic choices.
So what if instead of either, there was a tool that delivered both: ease of use and robust security?
While it’s still too early to know for sure, such a tool may be at hand. It’s called Virtru, and after nearly one year since its first launch, it’s beginning to win a growing number of users.
“If you don’t make tools really easy to use, they simply won’t be used,” said Will Ackerly, co-founder and chief technology officer at Virtru.
Before launching the company in 2012, Ackerly worked for eight years at the National Security Agency, or NSA, in information assurance – keeping network and cloud-based communications as secure as possible.
Ackerly calls his time with the NSA “eye-opening” in several ways.
“First, I gained an insight into how hard it is, with the existing tools online today, to effectively protect your privacy online,” he told VOA. “I saw a great opportunity to make it easier, make it practical, for people to add very strong encryption to existing email accounts.”
Also while at the NSA, Ackerly saw how difficult it was to protect sensitive data while making it available to authorized users. In effect, the more secure the document, the less available it was to be used.
Ackerly worked with others in the U.S. intelligence community to develop the “.tdf”, or Trusted Document Format, file format – in essence, a series of secure wrappers around encrypted files, including documents. And it’s this format that became the foundation for Virtru.
Once installed on a computer or mobile device, Virtru interfaces with popular email programs like Gmail, Yahoo, or Outlook.
When a user composes an email with one of these services, Virtru gives users the option to encrypt the message and any attached documents using the tdf format. The program then encrypts the email, generates the security keys, and sends the email to the end user.
While similar to the gold-standard PGP encryption protocol, what makes Virtru so much easier to use is that the company handles all the data key transfers by default.
That means Virtru never sees any of the documents – the encryption is handled exclusively by the user – and the sending and receiving users don’t have to fumble with the technologically challenging task of handing encryption keys back and forth.
“Virtru as a company is not in the business, and we don’t want to be in the business, of encrypting data for you,” Ackerly said. “We develop apps that you install on your device that let you encrypt your information. So nothing is centralized, and it’s all open technology.”
The advantages are fairly straight forward: Virtru provides end-to-end, 256-bit encryption, ensuring that only the sender and recipient ever see the unencrypted content, all with ease-of-use. Ackerly says third-party testing of Virtru by the security firm iSec Partners indicates the encryption is robust and the service reliable.
“It seems to work extremely well,” said Tim Edgar, a visiting fellow at Brown University’s Watson Institute for International Studies. He previously worked in the Obama Administration on digital privacy issues and now serves on Virtru’s advisory board.
“It solves a lot of usability problems, although they’re still working out a couple of kinks,” he told VOA. “But it’s an extremely simple plug-in where you just press a button and you’re able to encrypt your communications and attachments. It solves a lot of problems.”
There are, however, two fundamental areas of concern for security analysts like Edgar.
While Virtru servers never see any of the encrypted communications themselves, they do store the data keys that allow users to lock and unlock to documents. That means that if the government demands those keys, they would be half-way along toward intercepting the hidden communications.
“There’s no silver bullet,” Edgar said. “Virtru has been very straight that they offer symmetric encryption, which means they have to be handling the key. That’s a different model than say PGP where you’re actually storing your own personal key.”
Both Ackerly and Edgar said that the company is working on rolling out an option to allow users to use their own key holder.
The second area is more fundamental: how does a sender actually know that the intended recipient of the email is actually the person they say they are?
“That a great question,” Ackerly said, which is why he says Virtru encourages users to always use a “two-factor ID protocol” on all of their email accounts.
Ackerly said Virtru encourages users to use a two-step identification process that email services like Yahoo and Gmail offer to create extra strong identity confirmation.
However, Ackerly said that’s something that not a lot of email users bother with, making the ultimate question of ensuring the recipient’s identity of crucial importance.
“Nothing is going to work if the end point is subverted,” Edgar said. “The message or the file, it has to be decrypted somewhere in order to be usable. So if there’s an adversary that’s managed to penetrate that end point, you’re going to be insecure.”
There’s another issue that some reviewers of Virtru touch on, which has nothing to do with technology, but rather Virtru’s and Will Ackerly’s NSA lineage and connections.
“Maybe I am just being paranoid (Guess that makes me 100 percent U.S., citizen), but if NSA engineers are working on this, why would they want to make it harder to read out emails/searches?” wrote one commenter TechCrunch. “I'll use this when Edward Snowden starts using it,” wrote another, summing up much of the skepticism.
“I think that’s a very, very fair assessment,” responds Ackerly. “Why is anything, or any person, worthy of trust? In the case of what we’re doing, I think we have an extra burden of making sure that everything we’re doing is open and available to third-party inspection.”
In part to address these concerns, Tim Edgar says the company has posted on its website its policies regarding any government requests for data.
“The standard that Virtru adopted that I was advocating was the government needs an individualized warrant based on probable cause, and if it’s something other than that, you should be prepared to fight in court,” he said.
In the end, both Ackerly and Edgar emphasize that Virtru does not promise fool-proof, 100 percent secure communications. “Nobody can promise that,” says Ackerly; not even the NSA, as evidenced by the Snowden leaks.
What Virtru does provide, he says, is another layer of security using relatively strong encryption tools in an easy-to-use format with user’s existing email accounts.
“It’s kind of a no-brainer that your confidential files and messages should not be bouncing around server to server in an unencrypted fashion – that’s just asking for trouble,” Edgar said.
“Just like when you leave your car, you’ll have a better level of security if it’s locked rather than unlocked. But the first thing you have to do is put a lock on the door.”