Enlocked Email Encryption

These days, the number of reviewers who will actually take the time to install a product on multiple platforms and test it completely, is pretty limited. That's what makes it so valuable to end-users when a trusted resource like PC Magazine evaluates a product and writes up their findings.

I'd encourage you (even if you are an existing Enlocked user, you may learn something new!) to take a few moments to read the review written by Neil Rubenking here.  He explains a number of things about how our new system works that I have to admit are in many cases even more clear than our own content.  It's OK, we'll view that as a challenge for the next round of web site revisions :-)

And while we were hoping that his review would be positive, we were absolutely thrilled to find out they had named us an Editors' Choice. For those of you just looking at Enlocked now for the first time, it's great to know that an independent third party has taken a serious look and concluded it is both easy to use and truly secure.

Our press release announcing the new version of Enlocked just went out of the wire this morning. Peter Swire, a global leader on privacy and member of our advisory board, summed it up well, saying:

“With its next generation of secure email services, Enlocked has brought to market the easiest way for doctors, attorneys, accountants and other business people who must send private information to patients, clients or customers; to be certain that it will be seen solely by the designated recipients.”

The latest version of Enlocked maintains the ease-of-use in previous releases (some have even said it is even simpler now), while raising the bar on security. By performing all encryption locally on the user's device, using a key protected with a passphrase that we never know, Enlocked makes no compromises in security. We just make it a lot easier for anyone to use, whether that's on a computer from any browser or email client, or on your mobile device. You can learn more about how Enlocked works here.

To celebrate availability of the new version, we are also announcing a special limited time offer for new users. Enlocked has always let users read unlimited messages for free, and send up to 10 messages each month. Now, for new users who sign up before July 31, 2014, we will upgrade your account to our gold level letting you send up to 2,000 messages every month. That would normally cost $19.99 a month, saving you about $100!

Here's the sign up page.

When Google does anything, people notice. So, last week when they announced plans to release a chrome plugin that would allow access to PGP encryption / decryption from inside the Gmail web client, it seemed everyone was pretty quick to hail it as a major step forward in email privacy.

While Google is to be commended for bringing to market a way to protect users’ digital communications from prying eyes – as long as its Chrome plugin is used and the sender and receiver use Gmail – the company, with all its technological heft, missed the mark on the elements that have slowed broad adoption of PGP encryption/decryption… it’s too complicated. PGP has been a solid encrypton technology for two decades. However, throughout those twenty+ years there have been two consequential impediments to broader use:

Key management – users must create keys, share their public keys, obtain the keys of people they want to send to, copy these keys to various devices they want to use for sending / reading email, etc.

Ensuring recipients can successfully and easily read messages, on whatever system and software they are using for their email, including mobile devices

[Note: for interesting background on these issues, and other long-term challenges with PGP usability, see the peer-reviewed and often cited paper "Why Johnny Can't Encrypt", or the follow-on "Why Johnny Still Can't Encrypt"]

Nothing in what Google announced with End-To-End helps with the first issue. Further, while Google would like to see everyone use Gmail, running in a Chrome browser, the Company ignores the reality that email will continue to operate in a multi-platform infrastructure (with back-ends based on Exchange, Yahoo, AOL, national / regional ISPs, etc.; and, accessed by iPhones, Android tablets, Outlook, and a range of web browsers). As a result, this plugin won’t change a thing.

The widespread adoption of email encryption requires an approach that solves these two critical issues. The team at Enlocked has spent a lot of time developing a solution that let’s you send emails to anyone without needing to exchange keys first, and without having to worry about what the recipients use to read their email. It’s simple, secure, and it works today.

Over the last month we completed the roll out a major new release of Enlocked across all of our supported platforms...  the new release is the result of a significant engineering effort, and is built on an entirely new architecture.

The question some of our loyal users might ask is, why?

And the answer to that for them -- and for anyone new to Enlocked who may be looking for a secure way to send private email communications -- is that things changed a lot in the world of privacy over the last year.

When we first created Enlocked, the idea was to make email encryption easy enough for anyone to use, across all their devices.  There were plenty of complex things out there, which required installing software, exchanging keys, and didn't work across mobile devices.... but the complexity of email encryption has prevented widespread adoption for decades.  The reviews of the original Enlocked showed that we did achieve our ease of use goals.

But, there was always a trade off.  In order to make it simple, we did some things that required users to trust us with access to their email inbox, a copy of their key, and to see their message briefly on our server while it was being encrypted or decrypted.  Before the disclosures last summer of privacy breaches by the NSA and others, most people felt that trusting a dedicated security provider was reasonable -- although to be fair, some did not, and we knew Enlocked would not be for everyone.

Things have changed, and we have changed as well.  The new version of Enlocked maintains the ease of use we are known for, but has some distinct advantages for those concerned with achieving the utmost in privacy for their email:

All encryption / decryption is now done locally, on your system or device.  We never see your message content.  Even when you use Enlocked Anywhere (our web-based app) the process is done in your browser session.

Enlocked no longer needs access to your email box - our plugins or apps get the message locally from your email client, or you save the file and then drag and drop it into your browser session.

Only you know how to unlock your key.  When you create your Enlocked account, you secure your PGP key with a passphrase (again, this is done locally on your device so we never see it).  So, we can't use your key, and even if a court order requires that we turn over your key, it is useless without your private password. [NOTE: one downside of this, also true of other secure encryption tools, is that if you forget your password, we cannot recover it for you.  We do allow you to enter a hint, which hopefully will help if this ever happens, but this is the price of greater privacy]

As we developed this new architecture, the design theme was "no compromise security".  While we wanted to keep things just as easy to use, and to work across the broad range of email services and devices people use, every decision we made was to maximize privacy.

A couple of weeks ago, we quietly rolled out our biggest changes to the Enlocked system yet.  Perhaps some of you noticed, but if we did our jobs well it should have been very transparent.  While the changes were subtle, they were based on some usability testing we did over the summer, aimed at improving the experience for first time users.  We have seen that in some cases, messages sent to people who have never used Enlocked before, do not get read.  And while for a few of these there may be a valid reason, the fact that someone took the time to send an encrypted message should mean the information is valuable.  As we understood more about where potential new users were dropping out, we could then make changes to minimize this issue.  Ultimately, for our sending users, the more often their recipients are able to easily read the message, the better!

So, what did we change?  Well, here are some of the bigger items, with a little background on what drove the decision.

When sending to a new Enlocked user, now instead of 2 messages being sent -- the introduction to Enlocked with new user instructions, and the actual encrypted message -- we are just sending one message with the intro at the top.  We saw that some first-time users were sometimes confused by 2 messages or skipped to the second one with the interesting subject, and never got the information on how to read the secure email.  The key to making this work for our existing users, was to hide this text if you already have a plugin or app installed, so every message doesn't have the introduction at the top if you don't need it.

Some potential new users weren't sure why the sender was going through the effort to encrypt, and whether the contents of the message were worth the effort to retrieve it (even though the effort with Enlocked is pretty minimal compared to other encryption systems!)  So, to provide a little more information to new users, now senders can write their own "custom" introduction that is sent in the clear, above the encrypted content.  This allows senders to tell the readers a bit about what is in the message, in their own words.

A major redesign of the Enlocked Anywhere interface.  For a lot of first time Enlocked users, they just really want to read that first message.  They aren't sure they want to install a plugin, or download an app... at least not yet.  And some users are utilizing an email client or provider that is not yet supported with an Enlocked plugin.  The Enlocked Anywhere web interface was created just for these reasons, but if we are honest with ourselves, it was always there as a "backup" and so we had not worried too much about the user experience.  We fixed that, with several changes that just make it a much smoother to read that first message.

Well, if you’ve been poking around in Enlocked Anywhere, you may have noticed a new capability we’re testing and expect to officially announce shortly.  We call it Ensafe, and it lets users encrypt messages in their Gmail account even if they were originally sent in the clear (yes, right now it is Gmail only… stay tuned if you use another email provider).  So, all those older emails that you want to keep for your files, but would rather not have anyone read if they hacked your account, can now be easily encrypted.  Or, if someone sends you a message that contains sensitive information, put it in an encrypted folder and even Google administrators won’t be able to read it (nor someone who borrows your phone and opens up your mail).

To set up Ensafe to encrypt a “folder” (or in Google language, messages with a certain “label”), for now you will need to go to the Enlocked website and use the web interface, Enlocked Anywhere.  Simply click on the “Lock” icon above your messages.  This will take you to the Ensafe configuration page. Now, simply select the folders you want to encrypt.  It’s that easy.  If a folder is currently encrypted you can simply uncheck the box and the messages will restored to their original state.  In a future update of our browser plugins and mobile apps, we’ll provide the ability to manage Ensafe from the client side.

Note that for performance reasons, the encryption task will be done in the background, and depending on the size of your archived folder it may take several minutes, or even longer.  Also, there are certain system folders / labels that cannot be encrypted with Ensafe, including your Inbox, Sent, Trash,  and Drafts (notice in the screen shot above, they are grayed out).

Some of our more adventurous users have already discovered the secondary password feature. For those that may wonder what it is, or if you even need it, this post will give you an overview and then you can decide whether to set it up on your account.

First of all, to find the optional secondary password, you will need to use the Enlocked web application. Go to the Enlocked website, and click on Enlocked Anywhere in the menu bar. The system will ask you to authenticate yourself (unless you already did recently), and once you do, Enlocked displays your recent encrypted email messages.

To set up your secondary password, click on the “gear” icon to get to settings, and then you can check the box next to “Use a secondary password”.  The system will ask you to enter and confirm the password you want to use, and to set up a security question / answer in case you forget your password later.

So, now that you know how to do it, let’s go over why you might want to use this in the first place.

Since our announcement, we've heard from a lot of people who just didn't realize how insecure their personal email really was. They've been assuming that as long as nobody knew their email password, or their recipient's, it should be safe.

But, that assumption is simply wrong.  One of the things that makes email work so well, is that you don't need to know anything about what the other user(s) you are sending to have for an email system, or anything about the network in between. The message just gets there. And the reality is that in order for that to work, your email is being sent entirely in the clear, readable by anyone with access to the network/servers along the way.

Now, you're probably thinking that with all the email flying around the internet, who really has time to look for my little message that happens to contain a credit card number, or social security number. Well, the good news for the hackers out there (and therefore, the bad news for the rest of us), is that they don't have to read everything. The bad guys have a number of ways to automate this whole process:

First, they can target specific individuals or companies, only looking at the traffic going into or out of their server.  So, if they know the email address of a financial planner, for example, they can focus on just that email stream.

Then they can turn to filtering and search techniques, to flag messages that contain words or phrases like "account number" or "password", or that have strings in certain formats that are likely to be a social security number (###-##-###) or credit card number (####-####-####-####)

More and more, the hackers are just using brute force tools to try to break into email accounts (targeted or randomly), and then once in, they'll search for messages your archives (sent messages, saved folders, etc) looking for valuable information.  There was an article last week in the San Jose Mercury News about someone who had this happen to them. The Stratfor emails accessed by Anonymous and published by WikiLeaks is another example of this threat.

Your archived messages are actually even easier for some people to get to. The system administrators on your email servers can access any message they want. While service providers try to screen employees to prevent this insider threat, it does happen. And of course, if someone steals your laptop or smartphone, any messages stored in the clear are readable. You might even use the browser save password feature so that if someone can get onto your system, just by going to your email site (you likely even bookmarked it for them!) they will be logged in automatically. And how many of us have old email archives saved as an outlook .PST file, just waiting for someone to open???

Cool. We formally launched the Enlocked service yesterday.  It still says “beta” on the web site, but hey, so did Gmail for the first few YEARS.

You can read the press release here and we've already received some nice coverage on All Things D. We’re very happy to see user registrations climbing rapidly.

We’d like to thank those of you who participated in our early testing, and hope you will continue to enjoy Enlocked. We got many positive responses from people who were thrilled to finally have access to a simple solution for email security. We knew that people cared about their privacy, but just couldn’t go through all the work to get software installed on all their devices.  And then expect the people that get their messages to do the same just to read it.

The great thing about enlocked is that once you read the encrypted email sent to you, you can use enlocked easily - just look for the "send secured" button added to your email client (in iphone you need to use the enlocked app to compose emails) and send your secured email to anyone - even if they don't have enlocked yet!

Please send us any feedback or ideas you might have, our goal is to help you send and receive secured email to and from anybody on all of your devices – we really want to know how we are doing.

You use email to communicate with family, with service providers (doctors, lawyers, accountants), with business associates.  But, we’d bet that at least a few times a week, you choose NOT to send something via email, and for that sensitive piece of information you use some other method.  Even a fax is safer than email in some ways (our next blog will talk about how email is easily breached) as a fax is at least only readable at the sending and receiving site.  More likely, you’re calling someone to provide that private information directly, slowing you down, creating the inevitable phone tag.  And then they write it down anyway, for anyone to find.

Wouldn’t it be nice if you could use email to send that message, knowing it couldn’t be read along the way, it couldn’t be read if someone stole your laptop or smartphone, and it was no more work to send or read an encrypted message than a plain text one?

Then, they could save that information in their email, knowing it was safe, but also knowing it was accessible the next time they needed it.  For most of us, email has become our primary communication vehicle, yet it is still one of the least secure channels.  More on that in our next post.

Welcome to enlocked!  We’re in the final stages of our initial product development and are preparing for official launch shortly. So stay tuned.

My name is Guy Livneh, co-founder and CEO of enlocked, and I wanted to share some of the thinking behind the company with you in advance of our first release.

We got the idea for enlocked, when a few of us with pretty serious security backgrounds, realized that whenever we wanted to provide someone with a sensitive piece of information, we were all avoiding email.  We knew we could install some software (we know those solutions well), and work out the keys, but it was just easier to call and tell someone the password, or the account number.  Of course, then they would write it down, and who knows what they’d do with that paper!  For long messages, like a list of servers, usernames, and passwords, this is hardly convenient. Sending out entire documents was even more problematic, as there’s no easy way to do this over the phone (so we resort back to faxing and again – papers and time wasting issues).

If only it wasn’t such a hassle to set up email encryption.  If only it worked on all my devices (my iPhone, not just my laptop).  If I didn’t need to worry about what the recipient used for their email, browser, client, mail server, etc., etc., etc. to make sure it’s compatible.  If it worked as easily as Gmail, or Outlook, or an iPhone app – now that would be nice. Oh, and since I want to send secure emails to many different types of people, it should be easily used by everybody (and that’s a first for email security).

Well, that’s what we’re building…