It isn’t every day that a constitutional law professor ends up advising a startup. But Eric Liftin, the CEO and cofounder of New York-based encryption firm Tunnel X (and an architect by training), has prominent legal scholar Laurence Tribe on his board of advisors. In a lucky twist of fate, Liftin was friends with Tribe’s son and the legal scholar liked his elevator pitch: A secure platform for discreet conversations on smartphones and the web.
"I’m not a big fan of Snapchat-based communications," Liftin told Co.Labs. "They aren’t made for real conversations, and are more one-off." He also has an unorthodox resume for the head of a security startup. Although he has roots in the Internet freedom space—he was an early fellow at Harvard University’s Berkman Center for Internet and Society, he’s best known as an architect who heads up New York firm MESH and for web design projects which include popular foodie site Food52. Cofounder and CTO Steve Schneider, meanwhile, comes from an e-commerce background.
A launch event for Tunnel X in New York on July 8 has a guest list expressly designed to attract the sort of liberal intellectuals who normally don’t mess around with encryption keys: Tribe, former New Yorker fiction editor Daniel Menaker, Lavabit attorney Ian Samuel, and Salon CEO Cindy Jeffers are all speaking at the event.
Tunnel X is one of a number of newish startups and products such as Wickr, Cryptocat, and Silent Circle which aim to provide users with both secure messaging and an easy-to-use interface. With continuing revelations of the NSA vacuuming up data from American citizens, corporate rivals routinely hacking into competitors’ emails, and privacy concerns from a wide range of demographics and use cases, there has always been a market for secure communications platforms. Tunnel X is continuing as part of a larger trend of companies targeting this market with streamlined UIs that are easier for newcomers to use.
As far as user interface, Tunnel X shows promise. A pre-release Android build Co.Labs tested had problems setting up the service to run, but the web version showed no serious issues. Instead of using a conventional username and password, the service instead requires the user to enter a unique six-digit PIN code and upload a JPG photo to serve as an identifier. In order to enter into a conversation with another user, both parties are required to enter a unique passcode into the app. Liftin says a goal of the product is to replicate the "feel" of a private conversation that’s set up to be discreet.
For encryption, Tunnel X is based around SSL connections secured by PFS (Perfect Forward Secrecy), which prevents compromised keys from being used to view past communications. Archived messages in Tunnel X’s systems are encrypted through three different algorithms, AES-256, TwoFish, and Serpent. Users also have the option to delete messages, and the company says a future version of the platform will give the option not to have messages archived.
According to the company, use of the service will initially be free and there are plans to convert to a subscription system later on.