When I wrote a guest column for Pacific Business News earlier this year, I wanted to describe what I felt was the best solution for solving email's biggest problem in 2015: the transmission of unencrypted email across the Internet. Having been involved in the industry since 1999, I'm well aware of existing solutions for encrypted email. They all have one big drawback: too much friction. Too many extra steps to take, too many keys to install, too many portals to visit, apps to download, configurations to alter. In other words, they're too much hassle for everyday use.
PGP: 20 Years of Friction
Take PGP (Pretty Good Privacy) encryption for example. Many people consider it dead in the water, fundamentally broken, or time for it to die. PGP is nearly 20 years old yet hardly anyone uses it. Why? Because the user experience with PGP is painful. First, let's start with PGP keys. Before you can communicate via PGP, you first need to exchange keys with the person you're emailing. If your recipient doesn't know how to do this, you can't send them PGP-encrypted email. My parents don't know how to do this. Most of my friends are technically savvy, but they won't be inclined to do this either. Why? Because it's a hassle and it involves some level of technical expertise that most people don't have or aren't inclined to do. In other words, right out of the gate, requiring your recipient to even know what to do with your PGP key immediately involves a level of friction most people don't want to engage with.
So in my inner circle of relationships i.e., friends and family, I might have a 5% success rate of getting them to even accept my PGP key. Can you imagine what that would be like in a business setting?
PGP doesn't work with most popular email clients
The second big problem with PGP lies with the email clients that people use to check email with. That means Outlook, Mac mail, Thunderbird, Gmail, Office 365, iOS mail, Windows Mail, the Android mail client, and so on. Each of them have varying levels of PGP support and user friendliness. Guess what, for each device you check email with, you'll need to import the same PGP key for the same person on every device. In other words, if you check email using Outlook on your desktop at work, your iPhone in your pocket, and your iPad at home, you'll have to correctly accept and store each person's PGP key 3 times – once for every device. But wait, it gets even more frustrating: PGP is not supported by the mail app in iOS, so you'll need to install a third party PGP app to get it working on your iPhone and iPad. Now you have a separate app you need to use on your iPhone and iPad just to read and send PGP-encrypted email. If you're the CIO of a larger organization, you could easily spend a month getting PGP correctly deployed just for your Board of Directors. Can you imagine the pain involved on-boarding a 1,000 user organization on PGP? It doesn't work and it doesn't scale.
Seamless Encryption: A Better Approach
If we can agree PGP imposes too much friction upon people, then what's a better way? I believe the answer lies with a term we coined: Seamless encryption. Let's start with an example of seamless encryption, checking your account balance online. Regardless of whether you go to http://www.wellsfargo.com, http://www.bankofamerica.com, or http://www.chase.com, the connection is always encrypted for you. Clicking on any of these unencrypted links (HTTP) automatically redirects you to an encrypted connection (HTTPS). When the encrypted URL finishes loading, you login using your username, password and maybe a second factor of authentication (security question or SMS text, for example). You'll notice that unlike PGP, you aren't required to perform additional steps (i.e., friction) to receive the benefit of encryption. You don't need to download and install an encryption key from your bank, nor do you need to use a different browser. Okay great, so what does the above example tell us about seamless encryption?
We see that seamless encryption has two distinct characteristics:
- Regardless of what the user does, the data is always encrypted.
- It works without any additional user interaction.
Seamless encryption for HTTP is steadily becoming commonplace. In fact, Google announced last year that they would give preference to sites that use encryption by default, which is one part of seamless encryption. So here's what Seamless Encryption means to us at Paubox. We've developed a unique, audacious approach to email encryption: we've figured out a way to seamlessly encrypt all email for an organization. Our pricing is affordable, our product is simple elegance, and we want you to try it. Contact us today to get started.