Confidential Document Sharing Made Ridiculously Easy
Those in my orbit for the past couple years know that I’ve been working on scaling a bootstrapped startup — Lockdrop Inc.. The phrase “Aiming to launch next week!” is something they’ve heard from my mouth far too many times (if you’re a startup founder, you know how it goes). For better or worse, it’s culminated in the accomplishment of our first major milestone — Lockdrop’s official commercial launch!
How did we get here?
Lockdrop was born out of a personal frustration of mine, trying to share large files or sensitive documents with others. Technology has come a long way since the internet was born in 1983. The fact that sending large files and sensitive documents to others is still such a pain almost 40 years later still amazes me.
Having watched a number of other companies take a stab at this problem, and in my opinion really miss the mark, has provided the motivation to really push forward and bring Lockdrop to bear on this struggle that plagues so many industries.
I’m fortunate, to have many friends in the legal and finance sectors, and when I’ve probed them about how they handle document sharing. Typically the responses I get back are:
Email isn’t secure?
We put the documents in a password protected zip file, and send it in an email attachment.
If the documents are too large for an email, we put it on a CD or USB and snail mail it.
We bought a solution for that, but it’s too complicated to use, and it’s easier to just send the documents in an email.
A common theme, emerges — email. To this day, the majority of companies dealing with sensitive documents are still sharing them using basic email. It’s not surprising. Sending emails are relatively easy, quick, and most people are comfortable with the process. Who has time to learn a new technology these days? By the time you’ve learned it, it’s already changed and morphed into something else. Email clients today are largely the same as they were 25 years ago, unfortunately, the underlying protocols are as well.
Email protocols are from a time that even predates the internet, when the realization of the importance of security was decades away. Fast forward to today, and you’re hearing about data breaches nearly every day. Wouldn’t it be nice if you could show your customers you care about protecting their data? What if you could do that without having to give up the convenience of using basic email or having to learn some needlessly complex new technology? Our mission starts with this goal:
Making it ridiculously easy to share confidential documents in a meaningfully secure way.
Let’s unwrap the second part of that mission statement.
How secure are most file storage and sharing platforms, actually?
There is a false sense of security with the majority of platforms today. When you store your companies documents, your clients data, or even just photo backups from your phone, your (perhaps unwittingly) expanding the number of people who have access to that data.
Security professionals look at people as the weakest link in any security system. People tend to be surprisingly easy to manipulate, way easier than say trying to break an encryption system. Why is this relevant to how secure most file storage and sharing platforms are?
When you hand someone a document in real life, the number of people that have had access to that data is very small (yourself, the person you hand it to, maybe an assistant who printed it?).
When you use a major file storage and sharing platform, you’re handing that data to a company who has a surprisingly large number of support personnel, systems administrators, and engineers who have access to that data while it’s stored and transits their systems. We’re talking 100s maybe 1000s of people who you’ve now looped into your circle of people who have access to the sensitive data. That’s a lot of people with varying degrees of security awareness, motivations, and susceptibility to blackmail. Also, what does this mean from an attorney-client privilege standpoint?
Still skeptical of the risk?
- Employees at Twitter manipulated into giving hackers access to some of the world’s most influential people’s accounts and their private messages
- Worrying about your credit score after a data breach? What about when your credit bureau is the one who got hacked?
- Speaking of file storage and sharing platforms…
The solution? — End to End Encryption (E2EE)
I won’t go into too much detail on this topic here, as I’ve written about this previously. In a nutshell, E2EE is something that uses fundamental mathematics re-enforced by the computational limitations of computers today, to protect the transmission of your data between yourself and the person you intended to send that data to — no one in between (even your file storage and sharing provider) can gain access to your sensitive data.
This is fundamental to how Lockdrop was built, and is a major differentiator. The data you’re sending to others in your line of business does not concern us, and therefore, it’s only a risk for us to have access to it. Lockdrop is an end to end encrypted (E2EE) document sharing platform. The same technology is in use by your messaging apps if you use WhatsApp, Facebook Messenger, or Signal.
Here is a visualization of two people sending a file through Lockdrop:
Making it ridiculously easy to share confidential documents in a meaningfully secure way.
E2EE is the foundation of the second part of our mission statement.
What features are available as of today?
Our initial premium offering consists of five new features:
- Quantum defensible encryption
- Document link expiry
- Country data residency
- Additional authentication (multi-factor)
- Increased document size limits
Each of these features allows you to show your clients that you are protecting their data in a meaningful way.
Quantum defensible encryption
Companies such as Google and IBM are rapidly advancing quantum computing technology, which threatens to flip the encryption systems of today that protect your banking transactions and pretty much everything else on the internet upside down.
With Lockdrop’s premium service, we use an encryption key length that has been determined to be quantum defensible. This is the same level of encryption that the Committee for National Security Systems has approved for protecting TOP SECRET information on National Security Systems.
You can be sure you’re using quantum defensible encryption when you see the following status icon on the Lockdrop document sharing form:
Document link expiry
At this time Lockdrop is not a long term file storage platform, instead we are focused on providing a service that allows you to easily get a sensitive document from one person to another.
With that in mind we give you control for how long you’d like us to keep your link active. After that point in time we automatically remove your data from our systems. We don’t keep any additional copies of your data. If you set an expiration of 7 days, it really is gone from our systems after 7 days!
Country data residency
Depending on your clientele, or your line of business you may have regulatory requirements that state your data can’t be stored outside the confines of a given geographical region.
At this time you have the following four countries to choose where we temporarily store your data until your link expires:
Additional authentication (multi-factor)
Concerned about the communication medium (email?) that you use to send the document link to the recipient of your document?
Turn on one of our two additional authentication options:
SMS (US & Canada Mobile #’s)
Where possible the SMS option is the more convenient additional authentication option. When you select the SMS option you’ll be asked to provide the mobile phone # of the recipient you want to send a document to.
When your recipient clicks on the link you’ve sent them (via email?):
- They’ll be asked to verify their mobile phone number.
- An SMS with a one-time pass-code (OTP) will be sent to the number you entered above when you uploaded the file.
- The recipient will be asked to enter this code before being allowed to download the file.
Less convenient than the SMS option, but useful for situations where you might not have your recipients mobile phone number.
In this scenario, you come up with a secret passphrase that you share only with the recipient through a separate medium than the one you used to send the link.
For example, you enter “We care about protecting your data” as the passphrase, you would:
- Send the shareable link to your recipient via email.
- You’d then call their office phone # or extension and verbally let them know that the passphrase is “We care about protecting your data”.
- When your recipient attempts to download the document they’ll be asked to enter the passphrase.
Either of these options protect your document from situations where the link to the file may have been compromised, for example when your email account or your recipient’s email account is hacked and the link hasn’t yet expired, or if you accidentally forward the email to the wrong person.
Increased document size limits
Lockdrop’s free demo functionality has a number of limitations including a 25MB document size limit.
With our premium offering we’ve increased this document size limit to 1GB, and will continue to increase it overtime.
If this 1GB limit is too limiting for your use case, please let us know — firstname.lastname@example.org.
What are you waiting for?
Get started today, and show your customers that you care about protecting their data by sending them documents in a meaningfully secure way! It’s ridiculously easy!
One final note…
You wouldn’t be okay with the government having a master key to your house or company offices would you?
If you’re in Canada, I encourage you to ask your federal government representative to Protect Encryption in Canada.