A lawyer, a tax accountant, a management consultant, a CEO, a system administrator and a key account manager all have one thing in common: they have to be able to transmit sensitive information securely via the internet, often even internationally.
In our talks to industry figures we found that awareness for privacy and data security is extremely high in these and other business areas. Various reasons were mentioned: while some need to protect market-relevant data, others have to protect the privacy of their patients or clients. And for a small technology firm, the theft of intellectual property can be lethal.
While the technical means for end-to-end encrypted data transmission have been developed decades ago, information that is worthy of protection is transmitted insecurely on a day-to-day basis.
Recently two German solutions enabling a secure and legally binding data transmission have garnered some attention: De-Mail and E-Postbrief. However, neither of them satisfies the need for daily business communication: the lack of end-to-end encryption makes them insufficiently secure and a fee for every message makes them costly.
While it is possible to encrypt an email, the most popular encryption methods are very difficult to setup for someone not proficient in encryption methods like key and signature management. Therefore, for a large majority of email-users secure communication is simply not accessible.
Kullo’s main goal is it to change this: we want to make secure written communication and the safe exchange of files accessible for everyone. This is in fact a usability problem that we want to solve – all encryption and decryption processes are done smoothly and invisibly to the user. Kullo provides its users with a fast and easy access to a safe communication channel, enabling him to focus on his work itself.
One of our core design paradigms is the impossibility of an insecure transmission via Kullo – when using this channel, there is no doubt: the transmission is secure. The user does not have to think about encrypting the communication to some of his contacts.
To this end we develop an integrated communication system that is intentionally incompatible to existing systems. Each user has a Kullo-mailbox on a server and a corresponding Kullo-address of the form name.sirname#domain.tld. The hash-tag makes it immediately clear that this is not an email-address but a secure channel.
Our industry contacts tell us, that a large part of the sensitive communication takes place inside of a company with few important business contacts. Therefore, we plan to create a smooth referral system. A website offers the download of the client-software for the respective operating system, and after installing it an account can be created in the software. This way, a business contact can receive encrypted transmissions within 5 minutes of referring him to the website.
For using the kullo.net mailbox service the user pays a monthly fee in the range of 2-10€, depending on the storage amount he needs. A free test-account can be used to with no functional or time limitations, but is limited in its storage and therefore not practical for day-to-day use.
The Kullo protocol will be publicly documented and describes a decentralized communication system – every user is free to choose his or her Kullo mailbox provider. Decentralization is a core requisite of every communication system to guarantee the functioning of the system in case of a provider breakdown. We also see decentralization as a chance to reach a high level of adoption quickly.
We use proven and freely available cryptography libraries. This way, all encryption-relevant processes are open source and can be tested and verified by the IT safety community. We see this high degree of transparency as one way to create the necessary trust for our startup.
With our three people with backgrounds in mathematics, physics, computer science, IT-security, cryptography and business we both possess the technical insight and the access to international firms to customize our product to the needs of a modern workplace.