ZDNet UK / News and Analysis / Workspace IT / Desktop Hardware

Start-up aims to crack laptop encryption market

By Declan McCullagh, CNET News, 18 July, 2002 13:13

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

Data, Encryption, Protection, crypto-phone, secure laptop

NEWS
Rop Gonggrijp admits that it's not a promising time to start an Internet privacy company. The founder of NAH6 knows all about flops such as Privada, abandoned software such as PGP and SafeWeb, and struggling firms such as Zero Knowledge. Yet Gonggrijp believes it's possible for his new company to find buyers for its innovative products, which include an encrypted PC, a secure cellular phone and a better way to do secure email. To encourage broad adoption, Amsterdam-based NAH6 plans to release much of its work as open-source software for noncommercial use. "The roads of crypto business are littered with corpses left and right," Gonggrijp said in an interview in New York at the H2K2 hacker conference last weekend. "I think the only way to do this is to start small. See if you can find this yourself and grow gradually." NAH6 plans to release its first product, called Secure Notebook, with no price set so far, next month. It's a software application designed to appeal to business or government travellers who worry about losing their laptops but can't be bothered to encrypt each sensitive file on them. Statistics compiled by the Safeware industry company say that in 2001, about 600,000 laptops were stolen, up 53 percent from the previous year. By contrast, thieves nabbed only 15,000 desktop computers. Even spies aren't immune from missing laptops. In 2000, Britain's Ministry of Defense admitted it lost 67 laptop computers during the previous three years, including ones with secrets about the peace talks in Northern Ireland, and the US State Department has also lost classified laptops. Secure Notebook would be the first product to take the novel approach of running Microsoft Windows on top of Debian GNU/Linux, with the underlying Linux layer ensuring that all Windows files stored on a hard drive remain encrypted. This approach solves vital problems that other disk-encryption products such as PGPdisk do not. Unlike those systems, even Windows' virtual memory files and temporary files are stored in encrypted form, meaning a corporate spy or thief who snatches a Secure Notebook would be unable to read any data. NAH6 won't market Secure Notebook itself. It plans to sell Secure Notebook, which requires at least a 1GHz processor and 512 MB of RAM, to laptop makers and resellers that target security-conscious customers. Noncommercial users will be able to download the Secure Notebook software at no cost, but they'll have to buy the necessary VMware application for about $300. Secure Notebook and NAH6's three other planned offerings have one thing in common: they're designed to glue near-unbreakable encryption into a PC or handheld device while shielding users from the oft-befuddling underlying complexity. "The crypto is well-hidden," Gonggrijp said. "There's no geekiness. There's no command line." Probably NAH6's most ambitious plan is a secure phone project, still at least half a year away from release with no price set. The idea is to turn the Pocket PC, a hybrid of a handheld PC and cellular telephone that runs Windows CE, into a military-strength encryption device. Gonggrijp says that the software will be free for noncommercial uses and will let GSM users activate a scrambled communication channel by pressing a button. Security experts uniformly applauded the idea, but some questioned whether the current Pocket PC platform was powerful and flexible enough for the project to succeed. Others doubted that there was sufficient demand among paying customers for either product. "Security is doomed," Jon Lasser, a security consultant in Baltimore and author of Think Unix, says, "security is doomed, as an industry." "People don't care about security," Lasser said. "Witness the astounding success of Web mail accounts through entirely insecure providers. Convenience trumps security every time." Peter Trei, an experienced engineer who works for a large encryption vendor, says, "At the moment, the vast majority of the people on the Net don't use crypto, see no need to, and aren't going to lift a finger to do so. That leaves you with the rather limited market of people who are activists in one sense or another, and people with real operational needs." Trei also said that governments that rely on wiretaps for intelligence or criminal investigation may not welcome encrypted laptops and cellular phones. "Things which thwart (surveillance) may become difficult to market, and could land users in hot water," Trei said. "I understand that Holland has one of the highest wiretap rates in the world. They could easily ban the crypto phone." NAH6's Gonggrijp doesn't seem worried. He's had experience battling government restrictions, both as the founder of the legendary Hack-Tic hacker magazine in the 1980s and co-founder of the Dutch Internet firm xs4all, which has hosted controversial Web sites during its 10-year history. "These things just need to be built," Gonggrijp said. "Everyone's screaming for it. These four projects represent about 70 percent of what people are demanding." Gonggrijp is funding the four-person start-up, which is about nine months old and is based in his home in Amsterdam. A version of Secure Notebook seen by CNET News.com includes a graphical interface that allows users to choose between encryption strengths, make backups and type in their pass phrase to continue booting. The electronic key that, in combination with the pass phrase, unlocks the hard drives, can be stored on a USB dongle. NAH6's other products include a program called Crypt-o-Matic, a transparent way to PGP encrypt and decrypt all incoming and outgoing mail. It works by grabbing mail messages after they're sent and before they arrive and silently handling the encryption. Crypt-o-Matic will be available in a few months, NAH6 says, and free for noncommercial use. Another offering is a patch to the popular Mailman mailing list software, sponsored by the Free Software Foundation. It upgrades Mailman to support encrypted mailing lists and will be released under the GNU General Public License. Even if its products turn out to be cloyingly friendly and easy-to-use, security experts seem pessimistic about NAH6's commercial chances. About the only way to make money in desktop security, they say, has been to own key patents like RSA Security did. "There's no money in desktop security," said Bruce Schneier, the chief technology officer of Counterpane Internet Security, which sells intrusion detection services. "It's a tough world. Everyone likes to talk big about security, but no one really cares. Good luck to them." Perry Metzger, a security advisor at wasabisystems.com speculated that NAH6's biggest impact may be political, not commercial. "I've seen a couple of people propose that before, including one who tried to start a company to do it," Metzger said about the encrypted phone. "My guess is that skill required to set such a thing up -- even the minimal skill in question -- might keep it from becoming mass popular."
Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Privacy News Section. Have your say instantly, and see what others have said. Go to the ZDNet news forum. Let the editors know what you think in the Mailroom.

Related stories

Encryption tool gives privacy buffs new image

Encryption crackdown looms

Limiting encryption may open doors to criminals

Apple bucks a falling PC trend in UK and France

Apple takes top PC spot from HP

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

GHar123

I totally dislike pirating of works, I fear that artists will be deterred from creating works if they think that they are going to get ripped off....

14 minutes ago by GHar123 on ACTA stumbles in Germany
JCB33

How dare film makers, artists or anybody that invests in creativity stop us pirating their works for free. I want to be able to walk into my local...

6 hours ago by JCB33 on ACTA stumbles in Germany
Moley

@GrueMaster. I prefer horses for courses rather than one size fits all. I, and I suspect most other computer users, do not really wish to have...

8 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
greycynic

The product that scares me every time I have to use it is the Office 2007 version of Excel. The first bug that I found was applying the median...

8 hours ago by greycynic on Ten flawed products that derail productivity
GrueMaster

Nice review and very informative. One thing I'd like to add (in reply to whs001's 1st question), the main reason to have the same interface from...

10 hours ago by GrueMaster on A tale of two distros: Ubuntu and Linux Mint
Frederick Wrigley

I'be been using Mint 12 since the RC came out, and I am far more happy with the Cinnamon, the Mate, and, yes (with extensions), theGnome 3...

10 hours ago by Frederick Wrigley via Facebook on A tale of two distros: Ubuntu and Linux Mint
bdantas

Excellent article. One small correction, though--although a fresh installation of Linux Mint 12 will, indeed, provide the user with a version of...

11 hours ago by bdantas on A tale of two distros: Ubuntu and Linux Mint
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

12 hours ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

12 hours ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Moley

For Gnome 2 die-hards, it is possible to add icons to the bottom panel (or top top panel, if you prefer) which provide the exact Gnome 2...

12 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
ramwellian

Your comments would seem pretty naive and immature. Your 'solution' appears to be, "gee, let's all just give in to the hackers and give them...

13 hours ago by ramwellian on Cloud computing security: no more oxymoron?
BugStalker

"Interesting thought ... If you installed Win7 as a dual boot on a machine that previously only had Linux, and it wrecked your Linux installation,...

13 hours ago by BugStalker on Windows 7 Declares War on GRUB
whs001

This is an excellent summary of Ubuntu and Mint and the interface differences between them. Most such articles take a very partisan position for...

13 hours ago by whs001 on A tale of two distros: Ubuntu and Linux Mint
Moley

@ewallace. Not so clear. Anyone can obtain the text, for example from here http://www.ustr.gov/webfm_send/2379. I support ACTA so long as it and...

13 hours ago by Moley on ACTA: Facts, misconceptions and questions
45283

I think WinRT is fantastic. I just wish it was an option for people that didn't want to go through Microsoft's App Store with its attendant...

16 hours ago by 45283 on Why Windows 8 needs architectural hygiene for WOA
Burn-IT

Nine people? £30m? Who's back pocket is that lot going in? And IF they say it is for new buildings, what about all the ones the government has...

17 hours ago by Burn-IT on Police set to launch three £30m e-crime hubs
ewallace

Just to be clear, nobody knows what is in the text of ACTA, here is a photograph of the text of ACTA http://twitpic.com/8h9iju as submitted to the...

18 hours ago by ewallace on ACTA: Facts, misconceptions and questions
fgvrg56

Unfortunately main issue is that ASUS is refusing to accept that they make some mistake on this version of asus Transformer prime. 1 - GPS sensor...

19 hours ago by fgvrg56 on Asus Eee Pad Transformer Prime Wi-Fi & GPS problems?
Ben Woods

@Marcus A fair question. Just talked with Archos which said it was working on an announcement for next week....

20 hours ago by Ben Woods on Archos confirms G9 Ice Cream Sandwich update schedule
Marcus Karlsson

Any update on this, considering the claimed "first week of February"?

21 hours ago by Marcus Karlsson via Facebook on Archos confirms G9 Ice Cream Sandwich update schedule

Latest in Desktop Hardware

Apple bucks a falling PC trend in UK and France

Apple takes top PC spot from HP

Featured white papers

Tech breakthroughs to watch in 2012

ZDNet UK

Tech breakthroughs to watch in 2012

From invisibility cloaks to virtual atom smashing, from Cern to Nasa, this ZDNet UK guide presents the discoveries to watch in... Read more

10 must-read silicon.com Cheat Sheets

silicon.com

10 must-read silicon.com Cheat Sheets

This exclusive e-book covers 10 of the most important issues facing business and technology professionals today, from cloud computing to... Read more

The virtual presenter's handbook

Citrix Online

The virtual presenter's handbook

Web seminars or webinars can be interactive and engaging, just like having every person in the same room, and this white paper outlines how they can benefit your... Read more

Inside ZDNet UK

A tale of two distros: Ubuntu and Linux Mint

A tale of two distros: Ubuntu and Linux Mint

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

BlackBerry Bold 9790

BlackBerry Bold 9790

Case study: How cloud enables growth

Case study: How cloud enables growth

Ten factors that make Ubuntu 11.10 a hit

Ten factors that make Ubuntu 11.10 a hit

Toshiba Portégé Z830-10P Review

Toshiba Portégé Z830-10P Review

BT's archive: Pictures from the vault

BT's archive: Pictures from the vault