Background & Interview Ripcord’s Steve Wozniak, John McAfee, Alex Fielding, Ellen Hancock, Jon Callas, Phil Zimmermann and “Wunderkind” Marc Hodosh
The Board of Directors, Executive Management and Advisors reads like the index of “Who’s Who in Information Technology”. This is the first time they have ever agreed to an interview, talked on the record about the company and given someone a peek into personal motivations and what drives the ever forward.
By Kevin M. Nixon, MSA, CISSP©, CISM©, CGEIT©
Nearly 2,500 years ago, Diogenes roamed Greece looking for an honest man, reportedly with little success. I’d venture to say the search results would be identical today. |
Forrester Consulting fielded an online survey of email decision makers at large US, UK, German, French and Australian companies. Respondents were asked about their concerns, priorities and plans related to the content of email leaving their organizations, as well as related concerns about the risks associated with mobile devices, blogs and message boards, media sharing sites and other electronic communications technologies.
Forrester gathered a total of 424 responses from companies with 1,000 or more employees, including 301 US, 32 UK, 30 German, 31 French and 30 Australian companies. The findings of the 2008 study are published in the report “Outbound Email and Data Loss Prevention in Today’s Enterprise, 2008”
The greatest interest by survey respondents was in having the ability to make phone calls from a laptop computer, in allowing employees to make phone calls from a PDA, and in unified messaging, which allows (among other things) users to access e-mail messages from their voice mail boxes. The number of cellular/WLAN subscribers will reach over 256 million worldwide by 2009, or roughly 12% of all cellular subscribers. By 2009, the numbers of subscribers using WLAN for voice is expected to exceed those using WLAN for data only. Overall, about 60% of decision-maker respondents believed that it would be beneficial to have a solution that integrates the WWAN with the WLAN.
The number of voice over IP (VoIP) users in Europe has quadrupled in two years, driven by aggressive pricing for bundled communications services, says telecommunications analyst Telegeography. The firm reported that at year-end 2007, 25.3 million consumer VoIP lines were in service in Western Europe. This was up from 15 million in 2006, and nearly four times the 6.5 million VoIP subscribers in 2005.
Costs of Data Compromises Rising – Data Thieves Becoming More Aggressive
The Ponemon Institute in a study of 43 companies, sponsored by PGP, found the total cost of coping with the consequences data compromise events rose to $6.6 million per breach, up from $6.3 million in 2007 and $4.7 million in 2006.
“The Ponemon Institute’s research found that in 2008 the cost per data compromise event has risen to $6.6 Million vs. $4.7 Million per event in 2006.” |
There are some distinct consequences of a data breach, especially in healthcare and financial services, Ponemon notes. In these two industries more than others, customers notified of a data breach are more likely to discontinue association with companies that failed to secure sensitive data about them.
In other findings, the Ponemon study said 88% of all the cases for 2008 were traced back to insider negligence. The survey also showed that 44% of data breaches occurred due to external causes involving third parties, an increase from 40% in 2007 and 29% in 2006, the Ponemon report states. A third-party breach is defined as third-party professional services, outsourcers, vendors and business partners that were in possession of the data and responsible for holding it. Costs for a data breach mount up because of lost business and legal defense, which grew in 2008, while costs of customer support, notification and free services such as credit monitoring decreased, according to the study.
Legal Impact – VoIP Can Compromise Client – Attorney Privilege
Cynthia Stamer, Partner, Curran, Tomko and Tarski and Board Certified in Labor & Employment Law by Texas Board of Legal Specialization Corporations, verified that the Ponemon reports aligns exactly with her client’s issues and concerns. Board Members, Directors, Officers, Executive Management and employees must operate with a heightened awareness to insure that they are using encrypted voice over ISP or any other technology, businesses and their leaders must constantly consider the potential implications that the use of any technology on the records and evidence created and retained. Too often the accessibility of technology and accompanying lack of awareness of when they preserve data that could be evidence lures business leaders and others to stay and do things with inadequate caution. Because of the way equipment and its technology have evolved, some record or other evidence almost always is created and retained when businesses use even basic technology including a pencil, a tape recording, text message or e-mail, telephone conference call, computer note or otherwise.
Failing to recognize and properly manage the information across of these technologies can create unnecessary risks. Concurrently, however, businesses also need to remember that the management, retention and destruction of this information in itself may be used as evidence. Business leaders always must plan for the potential need to prove that they are doing the right thing and communicate and act accordingly.
Now What
Ok recap time: We now know that VoIP is taking over the world. Data thieves in these hare economic times are drilling faster and deeper. The most respected researcher in data security and protection warns the industry that the costs to recover from a data compromise have risen by almost $2 Million in the last 24 months. Then to top things off, the telephone call I make to my attorney for help and advice may be used as evidence against me unless I find a hacker proof way to keep employees, vendors and my biggest competitor from listening in and recording my VoIP calls.
The Perfect Solution: Ripcord Networks and the IT Industry Icons Who Are Involved
Lucky for me, my internet search of the Internet Engineering Task Force (IETF) database provides the answer to my first question. Is there a best practice or standard for encrypting VoIP connections to prevent Man in the Middle attacks? Yes, it’s called “ZRTP: Media Path Key Agreement for Secure RTP”. My second question, who sells products or software that use the protocol? The answer: Ripcord Networks!
A Company With Credentials
When I research a company, I usually start with “Who Runs the Company” and much to my surprise I discovered where all of the IT Industry Icons and Einsteins have all been planning their next show stopper.
I picked up the phone (land line) and called the CEO of Ripcord, Alex Fielding and arranged to interview him and the members of the Board of Directors. Over a period of time each Board Member graciously answered questions for the interview. Only after I had talked to everyone did I discover that, Ripcord has never issued a press release and has only been briefly mentioned in three articles. The best “Easter Egg” appears on the company’s Investor Relations page. See for yourself.
I sat down with Alex Fielding, the CEO of Ripcord networks and we began our chat.
KMN: Alex I can’t tell you how great it is to have a chance to talk to you today. Let’s start with some background. What does Ripcord do?
Alex: No matter where you are in the world, no matter what handset you are using, we enable secure-encrypted private voice and video conversations across a wide variety of popular off the shelf devices including: mobile phone, desk phone, PC software, Instant Message, teleconference, and Conference Bridge.
Basically we provide the encryption software and protocols that are leading the charge in secure interoperable IP voice and video communications.
KMN: Who is Ripcord?
Alex: Steve Wozniak (co-founder Apple), John McAfee (founder McAfee Associates), and I are on the Board of Directors of Ripcord Networks. Additionally we have the best employees and advisors in this space. Ellen Hancock is Chair of our Board of Advisors (former company affiliations include: IBM, Apple, Exodus, Aetna, Colgate/ Palmolive, EDS). The Board of Advisors includes: Jon Callas (CTO & CST of PGP), Phil Zimmermann (PGP founder, ZRTP author, and privacy advocate), Marc Hodosh (President, TEDMED, Archon XPrize Genome Project), Dan Pitt, and others
KMN: What makes Ripcord unique? What is your value proposition?
Alex: Everything is moving to real-time IP based communications. The latest release covers IP based communications, specifically: all voice and video communications, Desk Phones, Wi-Fi, Chat- Video-Voice, Laptops, eBooks, and Tablets. The next release will include: Conference Bridging, Voice over Satellite, Remote Sensors, Mobile Phones, and Tactical Radios. Securing these devices has unique and specialized challenges that Ripcord's product offerings are well suited to solve. There was no previously elegant or easy way to secure these IP based devices and we have a solution to the problem that is unified.
Steve Wozniak, Director, Board of Directors Steve Wozniak, technology innovator and co-founder of Apple Computer, founded Wheels of Zeus, Inc. (wOz) in October 2001 after he became interested in GPS technology as a way to solve a variety of everyday problems. Steve and his colleagues brainstormed a range of ideas including whether GPS could be used as a substitute for electronic pet fences. GPS technology wasn't really appropriate for containment so eventually, Steve began to zero in on one of his own dilemmas - how to locate his dogs once they broke through his electronic pet fence. It turned out that this would just be one application for the technology he envisioned.
wOz is developing an innovative way to marry GPS and wireless technologies to create a new type of wireless network that will serve as the backbone for location status, control, and communications solutions. This new network, wOzNet, will fill the gap between inexpensive, low-range radio frequency (RF) systems used in RFID solutions and expensive long-range cellular and paging networks used in many GPS applications.
|
At this point Alex introduced me to Steve Wozniak. (What a nice guy! Our Q&A session had been rescheduled several times due to his participation on “Dancing with the Stars” and so we got right down to business.)
KMN: Steve I am really glad to have this chance to get to know more about your vision for Ripcord. Do you mind if I use your nickname in the article?
WOZ: No problem whatever works best.
KMN: There are other companies in the secure communications space for voice communications; what makes Ripcord different?
WOZ: Ripcord is a 100% US operation when it comes to code development and R&D. We write all the code here in the states and our employee base is very specialized and suited to the needs of very discerning customers. We offer a level of security, NSA Suite B with elliptic curve mathematics, and provide the best key generation and exchange available to non-classified personnel and projects for non-type 1 communications.
KMN: Why did you select ZRTP?
WOZ: Simple. ZRTP was developed by the finest minds in the encryption business and Ripcord has the finest minds implementing their hardware and software in the most secure and easy to use ways.
KMN: How can you be sure that your technology isn't breakable or able to be cracked?
WOZ: We open a flavor of our Secure Ripcord API, our key generation, mathematics, and exchange under GPL to the open source community.
Zimmermann does the same with a flavor of his ZRTP protocol. However, we don't open all our code but we do open the relevant parts so that developers can scrutinize what we're doing openly and provide harsh criticism of our technology and of our code. We really take this feedback to heart and a lot of the ideas and suggestions end up making it into our code- base through our own developers writing code that meets the need and matches the desire of the community at large. There are some really smart people out in the secure communications community and we figure that there are more of them than there are of us inside the company, so it's like having a huge Quality Assurance developer community working to benefit our products. There aren't too many companies in the secure products space in the World that can say they have as many people scrutinizing their source code and methods as we do. We are very proud of that. We hope others in this space will someday follow suit.
KMN: What would you say makes Ripcord different from General Dynamics or L-3 in the hardcore crypto space?
WOZ: First of all, we're a lot smaller so we can adapt very quickly to our customers’ needs. Secondly, GD and L-3 both specialize in Type 1 secure communications products. This is commonly referred to as NSA Suite A and could be thought of as security for classified government communications. Those guys focus on providing secure devices and specialized hardware that enables Type 1 secure communications for classified communications on custom hardware. We are a COTS (commercial off the shelf) company. We build very secure hardware and software for the commercial market. Our technology works on a ton of handsets that are popular everyday devices. We build very little custom hardware and the hardware we do build is designed for commercial markets; the fact that government can use it and loves it is just a nice bonus. If you were looking for a secure mobile phone for instance, GD or L-3 would sell you a SME PED (aka “The Crypto-Brick) that is a custom designed Type 1 secure communications device. We'd give you a BlackBerry, iPhone 3G, or G1 with our software running on it. We really are focused on IP based communications while the other guys are focused on migrating from circuit-switched. We are very different companies in too many ways to list.
KMN: Alex, you told me that your software secures instant messenger; which ones?
Alex: AOL Instant Messenger, Google Talk, Gizmo, SJ Phone, MSN Messenger, iChatAV, etc. Basically we operate with everything except Skype, and that was a very specific business decision of ours. Skype elected to provide China with all of their encryption specs, and we operate with a philosophy of “Made in America”. We provide software that has an incredible RTP detection heuristic that is very accurate and secures voice and video sessions on these instant messenger platforms. Not only do we operate with various IM applications we are also interoperable with Mac OS X, Windows Vista (32-bit and 64-bit) as well as Linux.
(WOZ is on his iPhone so Alex and I continue.)
KMN: You have a hardware product, Ripcord Secure Appliance, what does that do?
Alex: Ripcord Secure Appliance is an inline encryption device. Basically you just plug it into your VoIP desktop phone, and plug it into the network and it does the rest. No configuration required. This box securely encrypts and decrypts your calls without any chance for human error in the configuration. It's centrally manageable for large organizations and stand-alone capable for smaller ones. It also has a feature where if your PBX fails, it will allow you to continue to do ad hoc calling for a number of VoIP desktop phones. We have a number of these deployed now and our customers love them.
KMN: Tell me a little bit about your customers?
Alex: We get a lot of people coming to us with real problems that have substantial impact to their businesses and need solutions today. We have customers that are multi-national medical companies, banks, insurance, petroleum, aerospace companies and defense contractors.
(WOZ is off the phone and ready for a philosophical question.)
KMN: How do you keep bad people from doing bad things with your technology?
WOZ: While we can't and won't police our potential customers, we all know when something just doesn't smell right. We are cautious about who we partner with, who we hire, who our investors are, and who our customers are. Our employees go through a very detailed background investigation before ever working on code. Our employees, if required, could all pass a rigorous background check required to have a level of security clearance that is well above that which is required.
We have a strict ethical compass and mantra to "Do Some Good". We turn down a lot of opportunities for development because the proposals sometimes don't fit the bill for the standard that we hold ourselves to. We have turned down prospective employees and investors for very similar reasons. We want to always be on the right side of the line more often than anyone else in this space.
Alex adds: It's a lot like being in the data center business, a business from my past, where we made a decision that we wouldn't seek out certain types of customers that were doing things that didn't improve life for anyone, even if it was legal for them to operate, just because we didn't think they added value to our makeup as a company. We didn't think that certain customers fit the type of customer we could be proud of having. We didn’t do it in the data center space and the same is true at Ripcord.
KMN: What do you see the biggest challenge in secure communications?
Alex: There are a number of huge challenges in secure communications. One area that we are working on is securely connecting first responders like EMTs, police, sheriffs, troopers, border and customs agents to DHS and FEMA and up the food chain of government securely with some base level of communications tools so that the off the shelf devices these guys use in the field work together and enable secure communications without any specialized hardware or any private network. We have solutions in this space that are very attractive for this. Just imagine being President Obama and being given a “Crypto-Brick” and glancing back and forth between that device and your BlackBerry...Which one would you want to use?
KMN: Does your encryption have any effect on communications during pandemics?
Alex: The obvious answer is that during a pandemic, many employees will be asked to work from home and telecommute to avoid infection. When you are in certain regulated industries or really any business where you don't want your information being sent over the internet in the clear, you will see value in securing your conversations and video conferences. We enable both. Other companies, like Sun with Sun Ray, are offering great solutions for authentication and login so that employees working at home can really validate and certify their identities and access levels. Without technology like ours and like Suns, having employees working at home and talking on their phones about confidential customer or patient records is just not a smart idea and is unlawful in certain cases.
KMN: What about regulatory compliance?
Alex: There are some call recording requirements now on VoIP calls because VoIP is seen as data in the eyes of certain regulatory bodies. This is becoming true for SAS-70 and HIPAA now and in the near future.
Imagine being a hospital or bank and having to record, transcribe, and securely store call recordings of all your phone calls that were VoIP... That costs a lot of money and takes a lot of resources. The regulations on encrypted data are much less severe and in many cases the recording and storage requirements don't exist for encrypted communications. So, just install Ripcord solutions and save yourself millions of dollars. There are a lot of other regulatory compliance issues sprouting up around encrypted voice communications and it just means that the market is really maturing and understanding the threat level.
KMN: Why do you think that Ripcord is gaining traction in this space?
Alex: We are getting some recognition as a brand and a technology that provides a great level of encryption for voice and video communications. We partner with companies in the data encryption space that specialize in stuff like email encryption and whole disk encryption but we know where our core competency is. We are great at voice and video for IP based communications. I think the reason we are succeeding here is that we are one of the only companies in the United States in this field and we're doing some of the most innovative stuff. Also, because we're not bogged down by circuit switched integration projects, we're just looking forward and not looking behind. We learned our history quite well and now is the time to lead and innovate.
(WOZ is back on the phone again so Alex and I wrap for the day. The continuation of my discussions with the other Board Members will continue in Part 2.)
Kevin has testified as an expert witness before the Congressional High Tech Task Force, the Chairman of the Senate Armed Services Committee, and the Chairman of the House Ways and Means Committee. He has also served on infrastructure security boards and committees including the Disaster Recovery Workgroup for the Office of Homeland Security, and as a consultant to the Federal Trade Commission.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
# # #
No comments:
Post a Comment