Are encryption based solutions a viable business?
In other words, can I start a company that provides encrypted communication mechanisms that cannot be deciphered by the company (not storing the keys on the servers). Is it illegal or not a viable business considering governmental interference concerns? I know there are open source tools or solution from large companies (like Apple encrypting data in iOS8 by default etc) which do this out there but as a startup with this as a main business idea?
2 comments
[ 3.2 ms ] story [ 14.9 ms ] threadIt wouldn't be illegal, but I think you'll have serious issues with viability. Concern #1 would be when / where / why you would distribute my encryption keys. For example, I am a SaaS, perhaps small, perhaps big. You are a one-or-two person startup holding my encryption keys, and the FBI comes knocking with an NSL. You will not have the money / resources to fight it, so you'll turn over those keys without telling me (as you are required to by law). However maybe it was a BS request, and maybe had I known about it I could have fought it with my A+ legal team.
The other issue is one of data mutability. If you are just storing files, there is some merit in separate key storage. However, if your SaaS does something with that data (converts it, processes it, moves it), then those encryption keys will be right back in the hands of the company doing the data holding.
Finally, there are very few companies that care enough about encryption to actually do it, and those who care that much about it probably won't be willing to ship that functionality out of the company.
(A bit about me: I am a webapp security / crypto guy at a mid-sized SaaS company)