Christchurch startup SafeSwiss is responding to growing privacy concerns through an encryption app

- July 20, 2017 4 MIN READ

Going toe-to-toe in terms of growth, it seems that as the digital landscape expands, so too do the number of privacy and data breaches that become known to the public.

It’s not necessarily something we actively, or even want to, think about when we browse the internet, but the reality is that there’s always someone who wants to push for a law to see just how many times you viewed the flashback scenes from Disney’s Up (no shame).

In Australia, privacy is no slam dunk, with the government announcing in May that it would be reviewing its privacy code after a string of civilian privacy breaches went public over the last few years, causing a backlash from the public.

Globally, the issue looks even shakier, with Trump earlier this year signing a repeal of the Obama administration’s broadband privacy rules.

In light of global privacy issues, Christchurch-based startup SafeSwiss has developed a communication platform formed around tight, end-to-end encryption.

Through an app, users are able to send messages, files and make phone calls while having their data completely protected. Users can also control how long it takes before a message they send ‘self-destructs’.

While the startup is located in New Zealand, SafeSwiss’s servers are based in Switzerland, a nation known for its strict privacy laws, fast internet speeds, and generally stable political and social environment.

Data sent over the platform is encrypted using elliptic curve cryptography, with the startup’s founder Tim Gallagher explaining that the SafeSwiss servers hold no metadata, meaning there is no information to access if a breach were to occur.

Unlike other privacy-focused apps in the space, he said, the encryption method used means data is isn’t just encrypted when it’s in transit, but while it’s on the server too.

For Gallagher, developing the app meant responding to an issue around which he believes there are a lot of misconceptions in the public sphere.

“There are a lot of myths around encryption, like only bad people use encryption, but the reality is that every time you buy off Amazon it uses encryption, every time you withdraw money it uses encryption,” he said.

“Almost daily or weekly, we’re hearing about instances of hacking of cloud-based storages, cyberattacks, ransomware attacks. Privacy is a number one issue. There are a lot of people at the moment who have the old adage of, I have nothing to hide, I don’t care. To those people I’d say, if you have nothing to care about, how about you post your login details for email, your login details for eBay, and your bank codes? Because without encryption, that’s what it’s going to be like.”

Originally, SafeSwiss began as a “digital media card” – a USB-type device that could be topped up with media such as movies and ebooks, as a way to tackle the global piracy issues involved with digital distribution.

Talking to a large movie studio is LA, the business found that a key issue with the product involved the Point of Sale (PoS) activation and encryption. If the device was unencrypted at the PoS, such as a physical store checkout, then the data was open to being poached or stolen, then uploaded illegally online.

Travelling back to New Zealand, Gallagher and his team changed the technology from USB to secure micro SD card, before researching a way to solve the encryption issue.

Talking with cryptographers from Europe, the team found that the cost barrier to solve the problem, which involved using robotic machines to load content, was “incredible” in size.

“I think they were running at US$4.5 million a piece, and we needed 20 to 30 of these machines,” said Gallagher.

Seeing that Germany was working on voice encryption, the team switched their idea and developed a new proposal to use the voice engine technology, which would eventually be built into SafeSwiss.

Releasing the app on Android in December last year before moving to iOS and soon Windows, the platform now supports above 65,000 users from around the world.

Gallagher said the startup is currently working to support the average user, bringing encryption to the “mainstream”.

The issue of encryption has become topical in Australia recently, with the Turnbull Government announcing last week that it would be pushing forward its agenda to allow law enforcement agencies to be given access to encrypted apps and messages.

Discussing the topic, Gallagher described the government’s move as “quite funny”.

“It was only two years ago that Mr Turnbull and his colleagues were promoting the likes of Whatsapp and Telegram Messenger, talking about how they use it. Now here they are trying to put a backdoor into the encryption. But that’s not the right solution, all it would lead to is driving encryption underground; there are several other mechanisms to deploy software other than the App Store,” he said.

“The government itself and the leading agencies already have access to trojans to use if they want to, which are expensive to get out there, but to suggest backdoors, I just find that ridiculous.”

(Technically, however, Turnbull stated the government would not be looking to tech companies for back doors; with this in mind, how the government will be looking for tech companies to provide access to encrypted messages is not clear.)

As the platform continues to expand, Gallagher said SafeSwiss will be introducing a shelf of features for business-to-business customers, which include encrypted video calls and invisible virtual networks, which are an upgraded version of virtual private networks (VPNs) – those tools you might use at work to bypass any blocked websites on the network.

Also in the works is a mobile payment method, allowing businesses to encrypt payments made through the platform, with a number of the features set behind a premium version of the app. Additionally, Gallagher said the startup will look to offer businesses personalised feature, for example allowing them to set up their own in-house encrypted system.

Image: Tim Gallagher. Source: Supplied.