Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

Encrypting privacy by default

Simon Witts, PEP

24 Feb 2016 - Automated platform agnostic peer to peer encryption allows users to remove themselves from the equation.

Four men with technology backgrounds are out to increase everybody’s privacy through peer to peer encryption by default that is invisible to users, and therefore very easy to use.

•  Simon Witts is an enterprise seller
•  Leon Schumacher is an enterprise buyer
•  Volker Birk is a software architect in the security space
•  Sandro Kochli builds service-based companies around open source software

“At the core a security product has to be an open source project to be taken seriously,” said Simon Witts, Head of Sales, Pretty Easy Privacy. “Leon and Volker run crypto classes to teach people how to use encryption. Their idea was, what happens if it’s encrypted by default? Couldn’t you just write algorithms to do the key management and keep it easy? That’s what we’ve been doing for four years.”

Distributed through GPL, PEP is easily added. The open source distributions of PEP are a Thunderbird plugin called Enigmail and K9 with PEP. Being device based, it’s fully peer to peer.

“Think of it as a little engine that automates everything that’s going on,” Witts said. “Started as an Outlook plugin or iOS or Android device, it works against any email backend. It covers email and messaging including SMS text, sending as securely as it can.”

If you’ve got PGP it will use that, or if you have SMIME, or if you have OTR it will use that… whatever there is it will pick up and use it, because it’s completely automatic. It’s meant to be unobtrusive – automatic installation and operation.

If users want to, they can set things, but they don’t have to.

The only difference is PEP offers the privacy status encrypted yellow button. On the left the incoming status is unencrypted. Reply is automatically encrypted, as shown in the right slide.

“Once I reply my key goes with it and in future we’re encrypting both ways,” said Witts. “I’m automatically sending it encrypted. Every communication I send and receive from him will be encrypted.

“On the next image, if I click the unencrypted button, I can see on the list it’s Terry the investment banker, who pep hasn’t exchanged keys with.



Users don’t have to do any of this, as PEP sends encrypted when it can and unencrypted when it can’t.”

“If you force encryption then Terry gets a nice little email that asks him to download a reader,” Witts said. “So you can push privacy with a reader similar to Adobe Reader. “Or you can go in and manage the privacy status manually of any user with a handshake. We use trust words. We can exchange PGP fingerprints, although we can make it as simple as five trust words. I get on the phone with a person we know there is no man in the middle, then all communications are green and there are no attack vectors at that point.”

Use the same concept of trust words to form device groups. Put PEP on your Windows PC and iPhone or Android, and it automatically pops up to ask if you want that device to join that group. It automatically detects and provides the trust words. At that point your keys are shared amongst all devices.

“We can’t assume a user knows what a key is, let alone manage them, so we keep things simple and automatic,” said Witts. “The viral nature is when people push privacy and it spreads.

PEP covers email, messaging, and text, and it does so peer to peer. How you decide to store the key is your decision. Most companies will store email on the server unencrypted, because they are behind the firewall, and we only want it encrypted in transit.

There are about 20 options IT can play around with if they want to. Individuals will not see it.

“We let them configure Outlook exactly how they want it,” Witts said. “The Outlook becomes the master config, configuring all devices. IT loves that, because it gets all devices conjured the way IT wants. Being encrypted by default makes it easy, because it’s automated. We make it as secure as possible automatically, unless the user wants otherwise.”