Former NSA Security Architect Fills in Encryption Gaps

(Image: Shutterstock)

Citizens shouldn’t rely only on the law to protect their data, according to Will Ackerly, co-founder and chief technology officer at Virtru and former cloud security architect at the National Security Agency.

Virtru started by offering an encryption plug-in for Gmail accounts and now offers broader business privacy and compliance software for government agencies, media publications, and private corporations.

“I kind of got a sense of how easily available data was without having to crack encryption and things like that,” said Will Ackerly. (Photo: LinkedIn)

Companies are increasingly being proactive in protecting their data by asking for their own encryption keys for their emails and documents. Emails are particularly hard to protect, according to Ackerly, because of the number of recipients and copies of the emails. Also, when companies rely on third-party email providers such as Gmail or Yahoo, they have to rely on how the third party decides to handle that data. Virtru’s software allows companies to continue having a say in how their data is used when they rely on a third-party provider.

Ackerly spent eight years at the NSA at a time when authorities were evolving.

“I kind of got a sense of how easily available data was without having to crack encryption and things like that,” Ackerly said. “Not all authorities are directly anchored in public law. Some derive from what could be, some call, novel interpretations.”

Ackerly researched the places where encryption tools have traditionally failed to protect data and left the NSA in 2012 to start a privacy company that could fill those gaps. Virtru has specifically focused on protecting data while companies and agencies transition to the cloud.

The privacy policy that the government currently follows is anchored in executive orders and agencies’ memos, which have various interpretations of the law, according to Ackerly.


Join us at GovProtect17 on June 21 for a one-day, collaborative discussion on how agencies can gain actionable insight into the increasingly complex security risks facing a modern government. Click here to learn more.


“From a long-term privacy standpoint, we should say, no novel interpretations that we don’t get to know about because there’s some of that built into [Section] 702,” Ackerly said of the Foreign Intelligence Surveillance Act, which is up for renewal by Congress in December.

Ackerly said that the NSA needs to be able to target foreign targets to maintain a healthy intelligence system, however Section 702 could be updated to include more transparency.

“Any interpretations of our law must be made public in some form,” Ackerly said.

For example, when the Justice Department issues memos on the law, the memo must be shared with the public. Ackerly said that Congress should also be aware of a metric that represents the number of U.S. citizens whose data was subject to surveillance without a warrant.

“Listening to some of the hearings, it seems extremely possible,” that 702 would not be renewed in December, Ackerly said. “I think that it’s hard to know the impact until it’s too late.”

Ackerly said the loss of Section 702 would hinder the United States’ ability to help its European allies.

“As an individual citizen, take action to protect your data,” Ackerly said.

Morgan Lynch
About Morgan Lynch

Morgan Lynch is a Staff Reporter for MeriTalk covering Federal IT and K-12 Education.

No Comments

    Leave a Reply

    Recent