Like a lot of tech start-ups, Connect in Private has designs on changing the world. Thanks perhaps to Edward Snowden, they’re not even all that unique among start-ups in how they’d like to do it, in providing a secure way for people to communicate, without having to worry about the prying eyes and ears of government.
The unique angle Connect in Private is taking involves a patent it’s recently been granted in the U.S., and globally recognized through the international patent examiner in Geneva, Switzerland, for certificate-less, authenticated, encryption technology, or CLAE.
What problem does it solve?
“Current encryption is certificate-based,” said Alexander Hanff, a longtime privacy advocate who’s been brought on board as Connect in Private’s CPO. “That creates and issue because many of the certificate authorities are susceptible to secret court orders in the U.S. The beauty of CLAE is that it allows for identity-based encryption without the need for certificate authorities.”
Further, once the company’s services are up and running, the user will choose a “trust center,” and the authentication will be done via keys that are published to that trust center on an ad hoc basis.
If you’re in Asia, maybe you trust the privacy laws of Singapore and Indonesia the most, Hanff suggested. If you’re in Europe, maybe it’s Switzerland. North Americans might choose Canada. South Americans, Panama, where Connect in Private has established its corporate headquarters.
The plan is to first release a free service that allows users to continue with their current e-mail provider—Gmail, Yahoo, whatever—but through a browser extension or mobile app, encrypt the e-mail before it travels to the e-mail provider’s servers, augmenting whatever encryption the e-mail provider uses so that even the provider cannot decrypt the e-mails. Further, the service would allow for retroactively pulling an e-mail back—the user would just revoke the keys and the recipients would no longer be able to read the e-mail or even read to whom the e-mail was addressed.
“From a data protection standpoint, how many corporations would like something like this?” asked Hanff. “Even me, as a privacy pro, I’ve cc’d people by mistake. Now you make a simple click and you can revoke the key. This could be a huge reputation-saver.”
And that simplicity is vital, said Bill Montgomery, CEO of Connect in Private. “Bruce Schneier says one click to encrypt is one click too many. If you have to think about it, human error will come into play,” he said. That’s why CLAE is designed to be “seamless, simple to use. It can be woven into many different applications, from e-mail to instant messaging to communication with websites.”
Once the company secures funding, the plan is to release the free consumer service in month seven, then release code for third-party apps and integration in month 13. Between years two and four, the company will target the corporate and B2B marketplace, Montgomery said. CLAE could supplement SSL by providing a secure path through that already somewhat secure socket. Or it could be used to encrypt corporate e-mail communications. Montgomery said the applications are still in development. There are also plans for a privacy-conscious ad platform, a full opt-in system that would allow users to choose which information they share with advertisers looking to target them, which would subsidize the free email service.
"Encryption takes a little bit longer," joked Montgomery, "so they've got wait a bit anyway." Might as well show them an ad.
With the recent funding rounds of companies like Silent Circle and Wickr, it shouldn’t be surprising that Connect in Private has received considerable interest from the venture capital community, but Montgomery said he’s really looking for a funder who has a similar commitment to privacy.
“Ideally we want somebody with a passion for privacy, someone who wants to change the world in the way we want to,” he said.
And Montgomery said the company’s commitment to privacy is evident in everything they do, including the location in Panama.
“You mention Wickr,” he said. “Even if their security was all that and then some, there’s no security if your company is based in the United States. You’ll just never know (if your data has been requested through the FISA court). It’s like hiring a locksmith where you know they’re going to share your key.”
Further, Connect in Private is now in the process of working with cryptography expert Chris Mitchell, professor of computer science at Royal Holloway, University of London, to get peer review and push the CLAE technology through to an ISO, globally recognized standard.
“Once we have proof of security, there will be people interested at the enterprise level,” Montgomery said. “Once we become a recognized standard, then the whole world will be interested.”
Read More By Sam Pfeifle:
How Big Data Discriminates
Do You Have Your Matchbooks Handy?
Ryerson Doubles Down on Privacy with Cavoukian
Industry Reaction to FTC's Data Brokers Report: Eh.
If you want to comment on this post, you need to login.