When it comes to any technological innovation, it doesn’t matter how many features it boasts or how secure it is — if it is too difficult to use, no one will use it, save a handful of enthusiasts (or masochists). If cars required you to do calculus every time you drove them, most of us would probably take the bus.
Which brings us to email encryption. Just the word “encryption” might scare off casual users, especially when you bring in concepts like algorithms, certificate authorities and hashing and salting. In a way, it makes perfect sense. After all, the whole idea behind encryption is that it obfuscates data, making it unreadable, unusable and unintelligible.
But “unreadable, unusable and unintelligible” could also describe a PGP email encryption instruction manual.
If we want a more secure, privacy-optimized digital world, we need easy email encryption options. Encryption is nothing new. The basic technology behind using encryption ciphers to scramble digital data has been around for over 80 years, and the 128-bit International Data Encryption Algorithm has been around since 1990 (SANS). Despite this, we still have daily headlines about unencrypted laptops being stolen, unencrypted email being infiltrated and unencrypted servers getting hacked. What gives?
It’s simple: encryption will never catch on until easy encryption, including easy email encryption, becomes widely available.
So who exactly is using email encryption? To understand why the use of encryption technology isn’t more widespread, it helps to know what we’re working with. The good news is that despite the difficulty of using email encryption, its use is on the rise, in part due to efforts by email providers like Gmail to improve the security and privacy of their products. While this is an encouraging trend, users may be enjoying a false sense of security from the native encryption functionality provided by their email providers — only about half of emails are encrypted in transit, and client-side email encryption is even rarer.
More concerning still is the perspective of a startling number of people that using email encryption somehow makes you suspicious, or justifies further surveillance. According to a recent Pew study, nearly half of all US citizens polled believe that it’s justifiable for the government to monitor individuals who use encryption software to obscure their data. This assumes, however, that privacy is something only a criminal would want. Whatever happened to privacy being a right we could all enjoy? After all, chances are you have blinds or curtains on your windows. You have locks on your door. You have a password protecting your inbox — so why not take a step further by encrypting its contents?
In a way, the proliferation of easy email encryption might be a fantastic way to start changing the conversation. If email encryption is so simple that you, your grandmother and your five-year-old nephew can use it, maybe we won’t think of it as simply a tool used by nefarious hackers. Easy email encryption needs to be widely available to everyone, as everyone deserves a sense of privacy.
Maybe it’s not such a big deal, you might be thinking. Maybe if email encryption were so important, easy email encryption options would be more ubiquitous. Your password is long, complex and frequently updated, you’ve never been hacked and you have no secret heist plots to bury in your inbox. Unfortunately, it’s not so simple. Let’s address the password issue first. If you’ve followed all password best practices and you have a password it would take thousands of years to brute-force, you’re absolutely off to a good start where email privacy and security are concerned. But if your password is the only thing standing in the way of you and a cybercriminal, you’re still not as secure as you should be. Think of it this way: a lock on your door is no replacement for an alarm system. If a burglar manages to break down your door anyway, you have a second method of keeping the thief from running off with your TV.
If you’ve never had your email account hacked, you might be looking at a situation of if, rather than when. Whether you’re using your personal email account or your business account, you’re a target. A 2014 report conducted by the Ponemon Institute showed that in the year prior, nearly half of all adults in the United States had had at least one of their online accounts hacked. These attacks exposed such sensitive data as phone numbers, credit card numbers and house addresses. Using easy email encryption could bolster your chances among these rising odds.
You Do Have Something to Hide — and That’s Okay
And finally, if you think you have nothing to hide, you’re wrong. Again, while you might not be hatching any plots to kidnap government officials or make off with piles of diamonds, you still probably want to keep your social security number away from cybercriminals who’d love to steal your identity. Even perfectly upright law-abiding citizens have information, data and documents they would rather keep private — and we’re of the belief that they’re absolutely entitled to that privacy. That’s why we made Virtru: to bring easy email encryption to the masses.
Yes, it’s unlikely that batch government surveillance is going to pull up embarrassing secrets from your past or your mom’s secret lasagna recipe, but to borrow the locked door analogy from before, that doesn’t mean that you should be required to keep your doors open at all times. It doesn’t mean that the rooms in your house or your office building should be bugged by default. The widespread use of easy email encryption would make for a more privacy-optimized digital world, where we can be more confident that the emails we send can only be accessed by the intended recipients.
So we know that email encryption is a good thing, but how exactly does it help protect our data? To get a better understanding of how easy email encryption is an important tool for locking down your inbox, it helps to know the basic principles of encryption.
The basic idea behind digital encryption is to use a cipher algorithm to render data unreadable. The cipher encodes your data (in this case, the contents of your email message or attached files), which can then only be decoded by someone who has the encryption key. These keys are incredibly complex. Most encryption uses the Advanced Encryption Standard (AES), which provides key lengths of 128, 192 and 256 bits. The fastest supercomputer currently in existence would take a billion billion years to crack even a 128-bit key, so encryption is a pretty powerful means of protecting your data. (Virtru email encryption uses 256-bit keys, which would take that same supercomputer an exponentially longer time to crack.)
With easy email encryption, you’d be able to apply those powerful ciphers to your emails, and only your intended recipients would have the necessary keys to descramble the messages and any attachments. That means that even if someone gained unauthorized access to your email, they still wouldn’t be able to access the data without the key. If a hacker gained access to the server hosting your email, they wouldn’t be able to access any encrypted messages.
Thankfully, easy email encryption isn’t just a fantasy — Virtru provides easy-to-use, turnkey email encryption for both individual users and businesses. However, a major reason email encryption hasn’t caught on in a big way is that more traditional forms of email encryption, like PGP and S/MIME, are far more difficult to implement and use.
While individual use of email encryption isn’t as widespread as it ought to be, there are plenty of industries for whom email encryption isn’t a nice-to-have, but a legal necessity. Take, for example, any hospital, healthcare provider or organization that needs to maintain HIPAA compliance. To help secure protected health information (PHI) and honor patient privacy, most covered entities use portal solutions in order to encrypt data, email messages and attachments.
Whether for compliance or simply for added data protection, businesses and non-profit organizations may include email encryption in their information security policies. Some of the more traditional email encryption protocols these organizations use include Pretty Good Privacy (PGP), S/MIME and all-inclusive portal solutions.
However, each of these options has its own set of disadvantages, and all of them require tech know-how that goes far beyond that of the typical email user. After all, we can’t all call on our own systems administrator or IT consultant each time we want to configure our email settings, or to help us recover keys lost on a corrupted drive. In addition, these solutions can be expensive to implement, particularly S/MIME and portal solutions. If an email encryption solution is already too much of a hassle to use regularly, you probably don’t also want to cough up serious dough for it.
What users need isn’t complexity and expense — they need affordable, easy email encryption options, like Virtru.
Everyone has data to protect. If you’re a large enterprise, you have treasure troves of intellectual property, sensitive customer data and human resources data sitting on your servers and in your inbox, just waiting for someone with terrible motives (or just an employee operating under loose access and data security policies) to get a hold of it.
If you’re a newly minted entrepreneur, small business or startup, you’re in a particularly vulnerable spot. Not only are you just establishing your reputation — and can’t risk the PR hit you’d take after a data breach — but you’re also likely operating on a tight budget, and can’t afford to invest in certificates for S/MIME email encryption, or an IT wizard to set up PGP.
And of course, as an individual user, you don’t want your inbox to be vulnerable to unwanted eyes, whether from surveillance or from cybercriminals. But as you go about your day, multitasking and stealing time wherever you can find it, do you really want to be knee-deep in encryption keys, or shelling out cash to certificate authorities?
Likely not — which is why easy email encryption is the only hope for a secure, private Internet.
People won’t and don’t use difficult-to-use privacy features. There are many reasons for this, but a big one is that we’re a busy, multitasking society. With the number of apps you juggle at any given minute, often across multiple devices, it just isn’t feasible to configure granular privacy settings for each one, or to implement expensive, difficult-to-use protocols. Many people struggle just locking down their Facebook profiles, let alone setting up PGP. Not everyone is, or should be, a tech virtuoso, just like not everyone is an athlete or an artist. But no matter your level of IT literacy, you are entitled to use technology with a sense of privacy and security.
We shouldn’t have to trade privacy for convenience, or vice versa. Technology that everyone uses, like email (and no, email is not going anywhere any time soon), should be private by default. It’s an unfair and unrealistic compromise to expect people either not to use the technology that connects them to the world around them, or to be computer geniuses. The call now is not only for easy email encryption, but for technology companies, designers, developers and inventors to build easy-to-use privacy into their products.
Privacy and security shouldn’t be an afterthought or a maze users have to navigate. Privacy should be baked in to the very substance of your technology. Period.
When you’re talking about sending encrypted email, you can’t just focus on yourself. Even if you do understand how to use PGP or S/MIME, and you’re comfortable with juggling around keys and certificates, there’s no guarantee that everyone you communicate with will be in the same boat as you.
If you decide to use email encryption with PGP or S/MIME, you’re going to have to (at least) give everyone a lesson in computer security within your circle. After all, if the people who you are trying to communicate with don’t know how to properly use email encryption, then you simply won’t be able to communicate with them securely. No matter how savvy you are, if all of your friends (and colleagues) aren’t in the same boat as you, you’re going to hit a huge road block. Unless, of course, you’re okay with being the go-to IT guy of everyone you communicate with.
Virtru solves this problem by allowing recipients to see encrypted email simply by logging into our Secure Reader, or by downloading our plug-in for themselves. That’s it — there’s no learning process, and there’s no need for them to call you after you’ve left the office to view a message. Likewise, you’ll never have to worry about them forgetting to renew their certificate, or losing their (or your!) encryption key.
Once the people you’re corresponding with on a regular basis see how easy it is to use email encryption, there’s a good chance they’ll adopt it too. That’s not just good for them, either, as making sure the email that lands in your inbox is secure is just as important as making sure that everything that leaves it is safely encrypted.
While privacy-by-design is not yet the paradigm, we can start to make the world a more secure and privacy-friendly place one company at a time. That’s what Virtru seeks to do with easy email encryption. Virtru’s client-side email encryption technology requires no technical know-how to implement. Because it works seamlessly with the email provider you already use, Virtru doesn’t force you to make a choice between privacy and convenience. Simply by downloading a browser add-on and flipping a switch, you can enjoy a safer inbox. It’s that simple.
To see how easy email encryption can be, download Virtru today.
Contact us to learn more about our partnership opportunities.