With supposedly private Hotmail messages being more widely read these days than some New York Times bestsellers, the issue of sending sensitive documents via e-mail has a lot of people worried, especially businesses that need to exchange documents and information vital to their competitive survival.
thinks it’s got the shhhhhhhhhholution with a free e-mail service that’s too hot for the United States to handle. Because their patented technology uses 1,024-bit encryption to secure message secrecy, the company was forced by U.S. laws to locate their headquarters in Anguilla in the British West Indies in order to avoid an involuntary corporate re-location to Leavenworth or some other federal institution known more for securing people than their data.
“President Clinton’s proposed rules to relax restrictions on exporting encryption doesn’t affect us,” said HushMail Marketing Vice President and Co-Founder Jon Gilliam, “because his proposal pertains only to 128-bit encryption,” which is (eight times less powerful than that used by HushMail). Gilliam points out that 128-bit encryption has been broken.
For those who don’t want unauthorized noses poking through their business, activating a HushMail account begins with a short registration form followed by an interesting way of generating a random number for your encryption key: the Java-based applet requests that the user click their mouse cursor at random all around a square on the screen to generate the key.
The most frustrating but vitally necessary part comes next when the system asks for a “passphrase” that’s used to retrieve your encryption key off the HushMail server. Instead of a password, users need a phrase they can easily remember since the longer the passphrase, the more characters that are encrypted and the more secure the message. The process is a good one, but even when you remember the phrase, fumble-fingered typists will find the going slow.
Typing in the passphrase however, is the hardest part of the process since HushMail’s Java applet does everything else, automatically encrypting messages sent and decrypting those received. The message in the e-mail is “end-to-end” encryption and stays scrambled all the way from the HushMail server until it reaches the Java applet on the recipient’s PC.
In addition, HushMail will soon be introducing the ability to encrypt attachments as well, although those will only be secured with 128-bit SSL (Secured Socket Layer) technology thanks to the limitation of current web browsers.
HushMail was conceived by Cliff Baltzley, chairman, co-founder and the creator of HushMail’s patented technology and formed in November 1998, bootstrapped by Gilliam. The HushMail service was launched in May and received an additional $1 million in August from a small group of private individuals.
Gilliam said that they are currently in the process of raising a larger round of venture capital “in the eight figure range” and anticipate closing that round before the end of this year.
According to IDC, the Internet security industry — in which HushMail now competes — is expected to total $4.2 billion this year and grow to $7.4 billion by 2003. The industry has attracted a small number of competitors, among them, U.S.-based ZipLip which uses 128-bit encryption and U.K. start-up 1on1 which boasts of 2,048-bit encryption and the ability to make e-mails disappear after reading, thus erasing possible embarrassment or legal liability such as that haunting Microsoft in its anti-trust battle with the federal government.
However, many professionals — attorneys, physicians, accountants — and others who need secure transmission of data will find the “Mission Impossible” self-destruction a lot more hassle than benefit given that the documentsthey transmit are usually intended to be retained by the recipient.
The market has undoubtedly not seen the end of Hotmail-type security problems with the Web’s killer app which can only make the importance of secure e-mail one which will grow with time.
ALL NEW! internet.com’s HotWatch a monthly e-mail subscription for $99,
featuring Internet Stock Report’s top 10 noteworthy Internet stocks for the
month. Each month you will receive in-depth analysis on the top 10 Internet
stocks to watch with the information you need to assess the fast-paced nature
of Internet stocks. Staying on top of market changes in the Internet Stock
market is what counts. For $99 per year, you receive 12 timely issues sent to
you by e-mail. Don’t wait, our next issue will be out before you know it with a
perspective on the market. Sign up today at: e-newsletters