Decrypted | Insights from Virtru to Unlock New Ideas

The Perils of Backdoors: Why Transport Layer Security (TLS) Fails for Emails and Files — and So Do Paubox & Zix

Written by Matt Howard | Oct 9, 2024 5:24:49 PM

In light of the recent Chinese hack on major U.S. telecom carriers, it's time to have a frank discussion about the security of our digital communications. This incident serves as a stark reminder that, when it comes to protecting sensitive data, not all encryption methods are created equal. In particular, it highlights the inadequacy of exclusively relying upon Transport Layer Security (TLS) to securely share sensitive email or files, when used over public carrier networks—a method relied upon by some of our competitors like Paubox and Zix.

The CALEA Conundrum

At the heart of this issue lies the Communications Assistance for Law Enforcement Act (CALEA). Enacted in 1994 and later expanded to cover broadband internet communications, CALEA requires telecom providers to build backdoors for law enforcement to access communications data with proper authorization. While the intent behind such laws is understandable, they create significant vulnerabilities in our digital infrastructure.

The False Promise of TLS on Public Networks

Many businesses and individuals believe that relying upon TLS encryption over public carrier networks is sufficient to protect sensitive data. However, this recent hack proves otherwise. When carrier networks are required by law to maintain backdoors, those same entry points become prime targets for state-sponsored hackers and other malicious actors.

Our competitors, Paubox and Zix, rely heavily on TLS encryption over these vulnerable public networks. While TLS does offer a layer of protection, it's simply not enough when the underlying infrastructure is compromised by mandated backdoors. It’s important to remember, TLS encrypts “the pipe” but not the information flowing through it.

The Need for "Separated Trust"

In an era where Chinese hackers have actively exploited the same backdoors being utilized by U.S. law enforcement, we need to rethink our approach to data security. The solution lies in "separating trust" from public carrier networks altogether – and understanding that TLS is very far from good enough for purposes of protecting sensitive data.

This is where end-to-end encryption, as provided by Virtru, comes into play. By encrypting data at the source and decrypting it only at its intended destination, we remove the need to trust intermediaries — be they telecom providers like AT&T and Verizon, or tech companies like Zix or Paubox. In this case, not only is the “pipe” encrypted (using TLS), by the pipe owner, but the information flowing through it is also encrypted but by the data owner. Therfore, even if the pipe is compromised, as the case with the Chinese hackers, they are still unable to gain access to what matter most – the data – as it employs completely different and protected encryption..  More importantly, we eliminate the possibility that Chinese hackers gain access to our sensitive data by exploiting known back doors in public carrier networks, and thereby defeating TLS encryption.

Why Virtru's Approach is Superior

Unlike solutions that rely solely on TLS, Virtru's end-to-end encryption ensures that your data remains protected even if the underlying network is compromised. Here's why our approach is more robust:

  1. True End-to-End Encryption: Your data is encrypted before it leaves your device and can only be decrypted by the intended recipient.
  2. No Reliance on Network Security: Even if a carrier's network is breached, your encrypted data remains unreadable to attackers.
  3. User-Controlled Keys: You maintain control over your encryption keys, not a third-party provider.
  4. Consistent Control, Wherever and Whenever: Even if your emails make it safely over TLS, control is lost once it leaves your environment. Virtru's object-level encryption and centralized policy management ensure you maintain control of your data wherever it travels.
  5. Verifiable Security: Audit services verify trust and security.

A Call to Action

As we move forward in an increasingly interconnected and vulnerable digital landscape, it's crucial for businesses to recognize the limitations of TLS and public carrier networks. The recent Chinese hack should serve as a wake-up call: It's time to separate trust, respect the data, and adopt more robust security measures.

We urge all organizations handling sensitive data to critically evaluate their current security practices. Are you relying on the false sense of security provided by TLS over public networks? If so, it's time to consider a more comprehensive and end-to-end approach to data encryption.

At Virtru, we're committed to providing verifiable, end-to-end encryption that truly separates trust from vulnerable infrastructure. In a world where backdoors are an unfortunate reality, our solution offers the peace of mind that comes with knowing your data is secure—regardless of what happens at the network level.

Don't wait for the next major hack to make headlines. Take control of your data security today:

Contact our team to get started

.