{"id":4683,"date":"2014-02-05T10:00:08","date_gmt":"2014-02-05T15:00:08","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=4683"},"modified":"2014-02-05T10:00:08","modified_gmt":"2014-02-05T15:00:08","slug":"former-nsa-employee-looks-to-make-email-more-secure","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/02\/05\/former-nsa-employee-looks-to-make-email-more-secure\/","title":{"rendered":"Former NSA employee looks to make email more secure"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Email, perhaps still the most widely used Internet application, has about the same level of security as a postcard. But unlike postcards, it\u2019s widely depended on by businesses.<\/p>\n

It wasn\u2019t designed with security in mind. It was just designed to work. But following disclosures of large-scale spying by the U.S. as well as other nations over the last several years, a variety of companies, including Wickr and Silent Circle, see commercial opportunities in making encrypted messaging products that are easier to use.<\/p>\n

Joining those companies is Washington, D.C.-based Virtru, co-founded by the Ackerly brothers. John, 38, has a background in private equity, and his younger brother Will, 34, joined the National Security Agency out of college in 2004.<\/p>\n

will john ackerly Photo courtesy of Virtu<\/p>\n

Will and John Ackerly<\/p>\n

Their fledging venture aims to solve usability problems around using email encryption software, which can be finicky to set up. With Virtru \u201cyou can send to anybody, and then they can get access to it without having to have a PhD in computer science,\u201d Will Ackerly said.<\/p>\n

Virtru\u2019s big advantage is that it works within the Gmail, Outlook and Yahoo webmail interfaces and doesn\u2019t need an external client, which was no small engineering feat, Will said.<\/p>\n

For example, content typed in the body of an email is immediately encrypted so that Gmail, which periodically saves a draft of a new messages, only sees encrypted content.<\/p>\n

Senders, however, must install a browser extension, which manages the encryption and decryption of content. Those crucial processes occur on a person\u2019s computer or a mobile device, which means those webmail providers would only see scrambled content. Recipients can opt not to install the extension and read the decrypted content within a browser window.<\/p>\n

The body of an email message is encrypted in the Trusted Data Format (TDF), which Will authored a paper on in 2008 while working for the NSA. The open-source format is akin to a secret ZIP file and is widely used in the U.S. intelligence community. Unlike other encryption program such as PGP, TDF also allows attachments to be encrypted.<\/p>\n

Saying something is encrypted sounds good, but there are fine technical points that must be spot-on for the highest level of privacy and security.<\/p>\n

The small Dallas-based company Lavabit, believed to be former NSA contractor Edward Snowden\u2019s email provider, lost a court battle with the U.S. government that forced it to turn over its SSL (Secure Sockets Layer) key.<\/p>\n

That encryption key secured communication between customers and Lavabit\u2019s servers. With the key, the U.S. government could have descrambled the email of not just Snowden but all Lavabit users, which many found unnerving.<\/p>\n

To get around that weakness, Virtru uses elliptic curve Diffie-Hellman ephemeral key exchange, a mouthful that means Virtru generates a new key every time a user starts a new email session.<\/p>\n

The key is discarded at the end of the session. If Virtru\u2019s credentials were obtained, either by a hacker or through court orders, \u201csomeone would not be able to decrypt past communications,\u201d Will Ackerly said.<\/p>\n

Full Story: Former NSA employee looks to make email more secure | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Email, perhaps still the most widely used Internet application, has about the same level of security as a postcard. But […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7,10],"tags":[323,325],"class_list":["post-4683","post","type-post","status-publish","format-standard","hentry","category-security","category-technology","tag-email","tag-encryption"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1dx","jetpack-related-posts":[{"id":9395,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/08\/27\/this-week-in-tech-681-that-grips-my-muffin\/","url_meta":{"origin":4683,"position":0},"title":"This Week in Tech 681: That Grips My Muffin","author":"NCCT","date":"August 27, 2018","format":false,"excerpt":"https:\/\/youtu.be\/0TYA0gbIIng This Week in Tech - Tech companies are meeting in secret to discuss election security. - FB wants your MRI to train its AI. - The nightmare that is Facebook moderation. - Refuse to unlock your phone in Australia, go to jail for 10 years. - It's still very\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/0TYA0gbIIng\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9378,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/07\/13\/smart-home-security-tips\/","url_meta":{"origin":4683,"position":1},"title":"Smart Home Security Tips","author":"NCCT","date":"July 13, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ESqqAf3IGok Megan Morrone and Florence Ion talk to Stacey Higginbotham about tips for securing your smart home. The advantages and disadvantages of running devices on a guest network. Plus, how do you know if your devices are getting regular firmware updates.","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ESqqAf3IGok\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9930,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/fbi-says-toss-your-old-router\/","url_meta":{"origin":4683,"position":2},"title":"FBI Says Toss Your Old Router","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/scR199zRjvA On Security Now, Steve talks about the FBI's suggestion that we should be tossing out our old routers.","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/scR199zRjvA\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9330,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/03\/security-now-657-protonmail\/","url_meta":{"origin":4683,"position":3},"title":"Security Now 657: ProtonMail","author":"NCCT","date":"April 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/OeSZg-ph3Ns This week we discuss \"DrupalGeddon2\", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OeSZg-ph3Ns\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9450,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/20\/are-passwords-immortal-security-now-690\/","url_meta":{"origin":4683,"position":4},"title":"Are Passwords Immortal? – Security Now 690","author":"NCCT","date":"November 20, 2018","format":false,"excerpt":"https:\/\/youtu.be\/mOSTtkK7vy0 Pwn2Own, the Future of Passwords. -- All the action at last week's Pwn2Own Mobile hacking contest -- The final word on processor mis-design in the Meltdown\/Spectre era -- A workable solution for unsupported Intel firmware upgrades for hostile environments -- A forthcoming Firefox breach alert feature -- The expected\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/mOSTtkK7vy0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9452,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/19\/internal-bug-discovery-security-now-693\/","url_meta":{"origin":4683,"position":5},"title":"Internal Bug Discovery – Security Now 693","author":"NCCT","date":"November 19, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ClVI9PMQGCY Australia vs Encryption, Google+ Bugs Hasten its Demise -- Australia's recently passed anti-encryption legislation -- Details of a couple more mega-breaches including a bit of Marriott follow-up -- A welcome call for legislation from Microsoft -- A new twist on online advertising click fraud -- The DHS is interested\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ClVI9PMQGCY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/4683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=4683"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/4683\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=4683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=4683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=4683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}