A Surprisingly Easy Tool for Encrypting Email, Courtesy of an Ex-NSA Employee

Thinking of sending some strictly confidential, top secret information over email? A degree of hesitation would seem appropriate, as most forms of digital communications, be they email, text messaging, social network conversations, or phone calls, are continuously being proven exploitable and accessible to hackers and intelligence gathering government agencies. Dodging the NSA is no easy task—but what if you have the help of an agency alumnus?

A new service introduced by a former NSA employee Will Ackerly and his brother John, called Virtru, is being called an easy-to-use, one-stop, secure email platform. "Without having to have a PhD in computer science," Will explained to Computer World, one can use the service to communicate with anyone, and subsequently, recipients can easily decrypt and read a sender's messages.

Acting as an extension to your existing email address, you don't have to create a new email address with the Virtru website. You simply install a small piece of software, log into your email account, and proceed to compose a new message. What results above the addressee line (this reporter tested it in Gmail) is an optional slide-switch to activate Virtru to encrypt and secure your messages individually.

Making a system that was easy for laypeople to install and use was the priority, especially as many security options can still be a bit confusing to set up. While PGP can be pretty easy to use, it took Edward Snowden numerous attempts to get Glenn Greenwald to set it up before the two could begin any explicit correspondence. Snowden even sent Greenwald a video titled "Encryption for Journalists," but even then, Greenwald's hesitation to use the software has already become the stuff of reporting legend. Ever since, a PGP public key has accompanied Greenwald's byline at most outlets publishing his content.

Could a service like Virtru, whose Trusted Data Format encryption also encrypts attachments, have hastened that connection?

Private communication apps like Silent Circle and Wickr, as well as anonymous submission systems like Wikileaks and the New Yorker's Strong Box, have all created platforms to send and receive delicate correspondence. But a more mainstream implementation of encryption seems the Ackerly brothers' aim—hence the minimal amount of clicks and seconds it took for me to encrypt and send a secret message to my editor:

"Virtru’s architecture is underpinned by three foundational elements," the site explains:

• (1) open Trusted Data Format (TDF) standard
• (2) strong, on-device encryption
• (3) patented technology that allows you to use your existing online identity to authenticate yourself.

When a user decides to activate Virtru in a message, encryption happens on the level of the device itself. The message then appears scrambled to the client and provider as it is sent. The recipient is then prompted with the option to install Virtru, or to simply decrypt the message within the browser without having to install the software.

Virtru uses an ephemeral key exchange to create a new key each time users login to their email accounts, whereas PGP and existing encryption programs designates keys to users. Each key is ditched at the end of users' email sessions. "Someone would not be able to decrypt past communications," Will, who spent eight years working in data security at the NSA, told Computer World.

The site distributes keys from its own server for recipients to decrypt messages, and the team has its sights set on licensing its key management software out to other businesses. Since message encryption, revocation, and forwarding control features of Virtru will remain free of cost, advanced management and visualization features will be offered at a premium.

Given that we've seen government agencies applaud themselves for their abilities to crack and decrypt codes, will the stigma of the NSA affect the the brothers' pitch? Perhaps for the conspiracy minded, but it's hard to argue with serious NSA experience. And should they receive government requests for encryption keys, Virtru says it's set aside a legal fund to fight back. Of course, as we saw with Lavabit, that fund better be a big one.

@danstuckey