Messaging apps and the GDPR
The EU’s EU General Data Protection Regulation (GDPR) has been on everyone’s agenda during the last 12 months, and the deadline is approaching fast. Most of you have participated in a number of breakfast meetings and courses investigating the requirements for the GDPR. Many organisations, however, lack information about how the GDPR impacts their use of messaging services.
The last years, there has been a tremendous growth in the workplace usage of messaging apps built for consumer use.
It is essential to identify the risks involved in the use of messaging apps within your organisation. This is especially important since many organisations already use messaging services to carry out their daily business communication, but are not aware of the security and privacy challenges.
Employees have started using these popular messaging services since it is more convenient and efficient to message a colleague or a customer rather than calling or emailing. However, the majority of these messaging applications are built for consumer use, and are not suitable to carry out business communication. They don’t meet the EU data-privacy requirements and their service providers often use them for monitoring or advertising purposes.
Furthermore, the location where messages are stored or routed is often unknown and often on a different continent and different legislative environment than in Europe.
The National Cyber Security Centre (NCSC) of the Netherlands has the following to say regarding the topic:
“Using publicly available messaging apps for business communication involves certain risks and has consequences for both your organisation and information sharing. Of the messaging apps currently in use, few are sufficiently secure to comply with your security policy for internal communication.”
EU General Data Protection Regulation (GDPR)
As everyone should be aware by now, companies operating in Europe must comply with the new EU General Data Protection Regulation (GDPR) by May 25, 2018. This European law is critical for compliance and risk officers across industry verticals. Its purpose is to protect Internet users and their privacy. The European Commission has warned that they will issue hefty fines to organisations that don’t comply.
Your organisation is responsible for managing the risks involved in the use of messaging apps for daily internal and external business communication.
Conventional messaging and chat services come with a series of challenges. They usually require access to the address book and user data. When using such a service, the contact data in the address book is read, processed, and possibly shared. For this to be compliant with the GDPR, consent must be given up front by every person whose contact data is in the address book. The contacts whose data is shared with the service vendor have no opportunity to make use of their “Right to be forgotten”. This right empowers individuals to request the deletion of their personal data that is held by service providers. In addition to contact data, conventional messaging and chat apps sometimes collect other user data, as for example location, information about the mobile network or other details about the user’s activity. There are also risks that messages may reach other recipients than intended, or that the contents of conversations will be available by the service provider.
As a general rule, it must be assumed that these conventional messaging apps for consumers are incompatible with the GDPR, and that companies should refrain from using them. Non-compliance with the GDPR carries the risk of exorbitant fines.
Consumer messaging services should only be used for strictly private purposes. As soon as business contact data is stored on the phone, it can no longer be considered strictly private use.
At the very least, organisations should carry out a risk assessment regarding the usage of messaging apps in their organisation, both as sanctioned company software, and unofficial use by employees to carry out their daily business.
We are here to help you to succeed with your GDPR compliance. The Crypho secure messaging service is trusted by some of the most demanding organisations in both the private and public sectors.
If you are looking for secure and compliant enterprise messaging with minimal effort and cost, feel free to get in touch.
Kai Leppänen, firstname.lastname@example.org
CCO, Crypho AS
New native Crypho app for iOS and Android!
We have completely rewritten the Crypho mobile app from the ground up, both for Android and iOS. In addition to looking more beautiful than before, the app is also more stable, faster and snappier.
The new app also introduce some great new design features, such as a neat new side panel for configuration of each conversation or group.
With a new technical architecture, the app will also be easier to maintain and extend with new features.
Video and audio chat
We are super thrilled to present the first release of encrypted video and audio chats in Crypho.
Secure communications have never been this easy. You can now establish encrypted video chats with your contacts at the click of a button. The security is handled by the existing, proven Crypho security model and all signaling, audio and video is end-to-end encrypted.
Video and audio chats are available person-to-person, for the desktop and web platforms in this first release.
Group video conversations and mobile app support will be available in the future.
On some platforms (most notably Android), using the built-in image viewer could cause a copy of a viewed image to be stored on your device. This could cause additional risks to some of our customers.
We have therefore implemented shiny new image viewers for Crypho: both on the desktop, mobile and web versions. Any time you decrypt and view an image, it will be shown temporarily inside the app. And you can of course zoom, pan and rotate the images, just as you’d expect. When you are done viewing an image, it will be removed completely from your device, with no trace remaining.
Colour identification to prevent accidental posts
We have livened up the user interface by adding a distinct colour to each of your contacts and groups in your contact lists. The same colour is displayed inside the chats. This way you can quickly identify which chat you are in so you don’t risk sending anything to the wrong recipient.
Multiple email address support
Many of our customers connect with people in differnt contexts. Many communicate in personal contexts where they identify with their personal email addresses, as well as in professional contexts where they identify with their work email.
Crypho now supports multiple email addresses per account. You can add as many as you like.
You can use the additional email addresses to log in, just like you do with your primary email. You passphrase and 2-factor authentication remains the same.
When others send an invitation to you to an email address linked to your account, you will receive the invitation just as if they had sent the invitation to your primary email.
To add an additional email address, click “my profile” in the menu in the desktop/web app. The profile page has a link to add additional email addresses. When you add another email, a confirmation mail will be sent to the address you added.
Introducing Recovery Keys
One of the most common customer requests we receive is the ability to reset your passphrase without losing your content and contacts. With the new recovery keys you can do this in a straightforward manner.
The recovery key is a 256 bit key printed in the form of 24 words. It can be used to recover your account should you forget your passphrase.
Here’s an example of how it might look:
Creating your recovery key
You can create a recovery key by selecting “Key recovery” in the menu in the Crypho desktop or web apps. It is not possible to create recovery keys from the mobile app.
It is only possible to have one recovery key available at any time. Creating a new recovery key instantly invalidates all previously generated recovery keys.
The new recovery key will only be shown to you once. There is no way to access it again. We recommend that you write it down or print it on paper. Store your key in a safe place, for example in an envelope in a safe or bank deposit box. Do not store it digitally. And make sure no-one else gets access to it.
Should you forget your passphrase or lose your two-factor authentication mechanism in the future, you will then be able to use this key to recover your account.
New feature: Long posts
Some times you want to write longer and more structured than just a single chat message, the way you do in for example email. You can now simply expand Crypho’s message entry field to write longer posts.
Crypho desktop apps released!
We are proud to announce the release of Crypho desktop apps for Windows and Mac OS X.
Crypho is enterprise file-sharing and messaging with end-to-end encryption.
The newly released desktop app complements Crypho’s existing software suite, which has previously been available to customers as a web application and as mobile apps for Android and iOS. The new desktop apps make it more convenient than ever to use Crypho from laptop and desktop computers.
Download the Crypho desktop apps for Windows or OS X.
Informilo: Top 25 EMEA Start-Ups to Watch In 2016
Business and innovation website Informilo presented its Top 25 EMEA Start-Ups to Watch In 2016.
To identify the Top 25 EMEA companies to watch in 2016, Informilo asked investors to nominate start-ups outside their own portfolios.
Why it’s hot : Crypho enables businesses to create real-time confidential communications channels (chat, file transfers, video conferencing, meetings) across companies. All data is strongly encrypted end-to-end, with keys only held by the users.
Crypho won the Rosing award for IT security
The Rosing awards are the most prestigious awards in the Norwegian IT industry, and are awarded by The Norwegian Computer Society.
The award for IT security is a collaboration between the Norwegian Computer Society, the Norwegian Forum for Information Security (ISF) and ISACA. It is awarded to promote the importance of IT and information security in Norway.
The award was presented by Johan Nygaard, President of ISACA Norway chapter:
“This year’s winner of the Rosing award for IT-security stands out by means of their strong focus on information security and privacy. The challenges related to information security and privacy in society today have been pivotal for the jury’s decision.
The winner has worked to promote information security and privacy in the Norwegian and international markets and is a great example that Norwegian information security businesses have the potential for export and receive international attention. They have worked persistently with a product with high security and encryption requirements, as well as promoting privacy and user ownership of data.
Challenges like this can easily lead to high complexity, but the winner has managed to combine high security requirements with a solution that is easy to use. With a focus on usability, the winner has managed to create a solution that raises the general level of security nationally and internationally for consumers and for businesses — and also for journalists and human rights activists worldwide.
Both photos from the event are copyright photographer Ingar Ness.
Crypho wins the 2015 EU Cyber Security & Privacy Innovation Awards.
Brussels, October 22, 2015: The IPACSO Consortium announced the 2015 Champions of the European Cyber Security & Privacy Innovation Awards.IPACSO Innovation Awards is a prestigious international innovation award within the field of information security in the EU. Crypho was awarded the prize for the most Innovative Privacy Company.
The jury praised Crypho for combining high security and strong cryptographic requirements with the approachability and ease of use that is common in consumer applications; making it end user friendly, protecting all communications validated by law enforcement, government, financial industry, but also human rights groups and journalists around the world.
CEO of Crypho, Geir Bækholt was presented with the prize by Mr. Jakub Boratynski, Head of the Trust Unit of the European Commission, at the IPACSO conference in Brussel at Living Tomorrow; Brussel’s innovation center demonstrating visions of the future.
Mr. Boratynski stated: “It makes me humble to be in the presence of these individuals that are setting the trend in the Cyber Security & Privacy Markets.”
“A great appreciation towards the achievements of these innovators, and their hard work helping Europe to protect its networks, critical infrastructure and citizen’s privacy. But that also strengthen the competitiveness of the European Cyber Security market with their innovative ideas, approaches and technologies towards cyber and privacy; increasing employment and export opportunities while establishing exiting new businesses that have a global potential.”
European Cyber Security & Privacy Innovation Awards are awarded by IPACSO.
IPACSO is an innovation project funded through the EU commission’s FP7 programme. The project is collaboration between Deutsches Institut für Wirtschaftsforschung, Waterford Institute of Technology, Vasco Data Security, Espion Group and LSEC
Video interview in MIT Technology Review.
Related to our collaboration with Kaspersky Labs in Boston, USA, we were interviewed by MIT Technology Review. Crypho CEO Geir Bækholt spoke with Dr.Abel Sanchez at the Massachusetts Institute of Technology
View the interiew on YouTube
Secure, end-to-end encrypted messaging for Android and iOS
We are happy to announce that the Crypho mobile app is now available for both iOS and Android.
The mobile app brings a lightweight interface to the Crypho web application you already use. It lets you access all your contacts, conversations and groups from your phone. Everything is still strongly end-to-end-encrypted, just like you are used to.
The app also provides convenient instant notifications when your contacts message you, or post to groups. It makes it easier and more convenient to stay up-to-date with what is happening in your conversations, without compromising security.
We have kept the mobile app easy, intuitive and secure. With your help and feedback we look forward to releasing frequent updates with improvements and new features. For the best experience, use both the mobile and web app in combination: They stay seamlessly in sync so you can use a keyboard when you are by your computer, and bring your chat with you on your phone when you are on the move.
Bizetto's Most Promising Startups for 2015: Crypho
Bizetto today listed Crypho as one of the Most Promising Startups for 2015.
Crypho: Cyber security is a great concern for anyone dealing with sensitive information online, and for good reason, too. This Norwegian startup builds encrypted, real-time communications solutions for the web, and enables you to set up a secure, end-to-end encrypted, communications channel in a matter of minutes, with no need to install software.
Scrypt plugin for Cordova Android and iOS
Scrypt is a password-based key derivation function created by Colin Percival. We use Scrypt in Crypho to generate your initial encryption keys on the fly, both when you first create an account and also every time you log in. Your Scrypt key is re-created every time you log in, and never leaves your browser or phone. And since we use it so often, it is important that the calculations are fast enough.
On our way to releasing native mobile apps for Crypho, our development team is hard at work, optimizing our underlying technology. We want to share our progress and contribute back to the open-source community, so we decided to release our Scrypt plugin for iOS and Android under the MIT license. This plugin is for use with Cordova and allows your application to use scrypt on iOS devices using native C code. It is based on libscrypt.
The plugin can be installed via the Cordova command line interface:
Navigate to the root folder for your Cordova/Phonegap project.
Run the command:
cordova plugin add com.crypho.plugins.scrypt
That’s it. For the plugin API, check out the documentation on our github project.
Crypho update: New, responsive UI with desktop notifications
We have added a ton of new stuff to Crypho recently, so we figured it’s time to give you an update on new features and what is coming up.
A new, responsive design
We’ve redesigned our UI to make it cleaner, prettier and responsive. You can now access Crypho from any device and communicate securely from your phone, tablet or laptop.
Don’t miss out on what the rest of your group is talking about. Crypho can now send you desktop notifications when you get new messages.
Worried that you’ll miss something important while you’re logged out? You can now tell Crypho to notify you even when you’re offline (currently only for OS X)
When sharing images with other people, Crypho will show a preview to save you time and make it easier to find in the future. The image previews are also encrypted and secure.
We felt that our old emoticons couldn’t convey your emotions as accurately as you wanted, so we decided to refresh our emoticons collection :) Also, the new ones are compatible with the built in emoji on mobile phones for a more streamlined experience.
Internet Explorer compatibility
We’ve added Internet Explorer 11 to our compatibility list, along with all the other major browsers.
Native mobile apps
Our development team has been working around the clock to bring you apps for Android and iOS and they’re almost there. If you are interested in being part of our beta testing, drop us an email at email@example.com
ComputerWeekly: Six Nordic startups enterprise IT users should watch
ComputerWeekly published an article today on “Six Nordic startups enterprise IT users should watch”, featuring Crypho.
…Crypho is another SaaS operator, but it also taps into a perennially hot topic: data security. The Tonsberg-based company, founded in 2012, provides end-to-end encrypted real-time communication between teams and companies and covers messaging, chats and file transfers.
All messages and files are encrypted on the user’s device before being transferred over the internet. Crypho promises the data cannot be decrypted and read until it is received by a recipient with the correct keys. Even the startup itself cannot access the data.
Those worried about any NSA-related snooping will be happy to hear the cloud-based service is hosted in Norway. Crypho is also network agnostic and works using a standard web browser. The service is targeted at businesses, but also offers a free basic version to individuals.
25 startups to watch in 2015:
Andreas von der Heydt, Head of Kindle Content at Amazon writes on the World Economic Forum blog about his 25 startups to watch in 2015:
Predicting the future? Pretty tough and not the objective of this article. Instead, like at the beginning of last year, I want to present you a list of 25 super hot startups you should closely follow in 2015.
Interestingly, more than ever innovations happen anywhere, i.e. there are some great startups outside of Silicon Valley and the US. In the past 12 months I´ve surveyed the landscape of many promising startups. I think I found again some very exciting ones to keep an eye on. Pretty hot startups which have the potential to take really off and make it into the mainstream in 2015.
Please note that it´s my own personal compilation and that it does not claim to be complete. Saying that, I believe that it gives a good overview for both experts and anyone being interested in startups:
About Crypho he says:
Crypho is a Norwegian startup building encrypted real-time communications solutions for the web. It enables you to set up a secure, end-to-end encrypted, communications channel for your business in a matter of minutes, with no need to install software. Crypho runs in the cloud. Participants can be from different organizations and networks. There are different plans available, from a free personal account to an account for large organizations.
Crypho CEO, Geir Bækholt was interviewed by Norway’s top tech magazine, TU.
He talked about the importance of communications privacy in the post-Snowden era and in the wake of media reporting that Norway’s leaders had been under surveillance