Sending messages securely is becoming an increasing concern in Canada, and further afield. Secure email is becoming increasingly popular in international markets because of the evolution in privacy laws, explains Cameron Burke, senior vice president of business development for Cirius.
“In general, data jurisdiction is a massive driver in our space, and I don’t see that changing for the foreseeable future,” he said. “It used to be a requirement for some, and now it’s a business reality for all.”
Most email services use servers to relay emails between each other, and they’re usually sent in plain text. Cirius’s service works by not relaying the contents of incoming emails at all. Instead, a sender’s email is stored in an encrypted form on Cirius’s own server.
Instead of using an email server to hold the mail, it uses a database based on Microsoft’s .NET framework that contains details including the content, and metadata about the message.
The Cirius system then notifies recipients that they have received a message, by sending them an email of its own. This notification can be sent via any email channel, including third party ones such as Gmail, Hotmail, or another company’s email client. The message will contain a link to the original message sent, which displays when the user clicks on it. Emails are sent in encrypted form, Burke said, adding that the service integrates with popular clients like Outlook.
One of the added features in the Cirius system is the ability to control what happens to messages after they’re sent. In conventional email systems, an email is like an envelope: you may address it to one person, but there’s nothing to stop them reading the contents and sending them on, often without the original senders’ knowledge.
The database storage and the tight control over the location of the messages enables the firm to include other attributes alongside an email record, including how long it can be viewed for, and who can view it. This creates a ‘For Your Eyes Only’ function for senders, who can select which people are allowed to read the email, and attach a password for them to access it with. There’s nothing to stop them cutting and pasting or simply taking a screen shot, presumably, but it’s still a marked step up from plain old email.
Cirius, which is Vancouver-based and has no US subsidiary, isn’t bound by the U.S. PATRIOT Act, which enables data held by U.S. companies to be subpoenaed, even if held on servers outside U.S. soil. Even if it were subject to those laws, the firm couldn’t divulge user information because of the way that its technology is structured, said founder and CEO Thierry LeVasseur.
The technology uses a single encryption key for each customer, but the more paranoid among the customer base can add ‘salt’ to their key. This is a small alphanumeric string designed to change the encryption key. Without the salt, anyone trying to decrypt the customer’s messages in the Cirius database would encounter gibberish.
Customers can also use their own public key infrastructures (PKI) systems in addition to Cirius’s own security measures, said LeVasseur although none of its customers have chosen to do that.
The Cobweb deal is a sign of a growth in partnership deals for the company, which as yet has taken no third party funding, and which counts Canadian business as only five per cent of its revenues, Burke concluded.