When we’re talking with people about eCrypt Me (or our BlackBerry device app for that matter), often we get a little shrug and people say “No, I don’t really need to encrypt my emails. I don’t send anything that important or sensitive.” and I have to wonder if we’re all just lulled into a false sense of security about email.
Sure we all know that email is the electronic equivalent of a postcard. Everything is kept and stored in plain text. Oh sure Gmail transmits under SSL, but that doesn’t mean that anything is actually encrypted once the email hits a server. With billions of emails sent everyday (most of which are spam so easily filtered out), security through obscurity seems like a good plan, right? I mean, who’s going to find the termsheet from a VC for my new startup in the midst of billions of other emails?
But what if someone did?
I think all of us have sent (and cringed) passwords, bank info, contracts, legal documents, strat plans through regular email. We know it’s not secure. We know that someone could get it, but what are the chances? Well, honestly, Wikileaks has shown us that sometimes the chances are pretty good. Still we figure it’s too much hassle to do it…why bother, right?
Personally, and I admit I used to fall into this camp, I think the problem really came down to the fact that it was way, way to much of a pain in the butt to set up encryption for people to bother. Have you ever tried to set up PGP (or offshoots) yourself? Now, how about helping someone less tech savvy? And maybe you have to do it over the phone? Pure Hell only begins to touch that level of pain.
The whole email encryption system was predicated on an above-average tech comfort. That doesn’t help the accountant or lawyer or VC or anyone use security when they need to. I know I wanted to send things securely in the past, but I also knew the uphill climb I was facing to do it.
True story: When I first met Brad and Kasia (the co-founders of eCrypt) we needed to send things securely while I was helping them with building this very site. Kasia and I tried to set up PGP to communicate and we gave up. It was just too much of a royal pain. Look, we’re geeky smart folks here, but the whole PGP set up, then hooking into Gmail or Mail.app or Outlook was just pure hell. So what does that say for how encryption is usually done?
That’s why we want to make eCrypt Me different. We think sending a message securely should be as easy as any other webmail system. More importantly, we think getting set up to use eCrypt Me should be just as easy.
That’s the plan. I’m now we’re putting it into action.