In light of the recent Chinese hack on major U.S. telecom carriers, it's time to have a frank discussion about the security of our digital communications. This incident serves as a stark reminder that, when it comes to protecting sensitive data, not all encryption methods are created equal. In particular, it highlights the inadequacy of exclusively relying upon Transport Layer Security (TLS) to securely share sensitive email or files, when used over public carrier networks—a method relied upon by some of our competitors like Paubox and Zix.
At the heart of this issue lies the Communications Assistance for Law Enforcement Act (CALEA). Enacted in 1994 and later expanded to cover broadband internet communications, CALEA requires telecom providers to build backdoors for law enforcement to access communications data with proper authorization. While the intent behind such laws is understandable, they create significant vulnerabilities in our digital infrastructure.
Many businesses and individuals believe that relying upon TLS encryption over public carrier networks is sufficient to protect sensitive data. However, this recent hack proves otherwise. When carrier networks are required by law to maintain backdoors, those same entry points become prime targets for state-sponsored hackers and other malicious actors.
Our competitors, Paubox and Zix, rely heavily on TLS encryption over these vulnerable public networks. While TLS does offer a layer of protection, it's simply not enough when the underlying infrastructure is compromised by mandated backdoors. It’s important to remember, TLS encrypts “the pipe” but not the information flowing through it.
In an era where Chinese hackers have actively exploited the same backdoors being utilized by U.S. law enforcement, we need to rethink our approach to data security. The solution lies in "separating trust" from public carrier networks altogether – and understanding that TLS is very far from good enough for purposes of protecting sensitive data.
This is where end-to-end encryption, as provided by Virtru, comes into play. By encrypting data at the source and decrypting it only at its intended destination, we remove the need to trust intermediaries — be they telecom providers like AT&T and Verizon, or tech companies like Zix or Paubox. In this case, not only is the “pipe” encrypted (using TLS), by the pipe owner, but the information flowing through it is also encrypted but by the data owner. Therfore, even if the pipe is compromised, as the case with the Chinese hackers, they are still unable to gain access to what matter most – the data – as it employs completely different and protected encryption.. More importantly, we eliminate the possibility that Chinese hackers gain access to our sensitive data by exploiting known back doors in public carrier networks, and thereby defeating TLS encryption.
Unlike solutions that rely solely on TLS, Virtru's end-to-end encryption ensures that your data remains protected even if the underlying network is compromised. Here's why our approach is more robust:
As we move forward in an increasingly interconnected and vulnerable digital landscape, it's crucial for businesses to recognize the limitations of TLS and public carrier networks. The recent Chinese hack should serve as a wake-up call: It's time to separate trust, respect the data, and adopt more robust security measures.
We urge all organizations handling sensitive data to critically evaluate their current security practices. Are you relying on the false sense of security provided by TLS over public networks? If so, it's time to consider a more comprehensive and end-to-end approach to data encryption.
At Virtru, we're committed to providing verifiable, end-to-end encryption that truly separates trust from vulnerable infrastructure. In a world where backdoors are an unfortunate reality, our solution offers the peace of mind that comes with knowing your data is secure—regardless of what happens at the network level.
Don't wait for the next major hack to make headlines. Take control of your data security today:
Contact our team to get started
.