pretty Easy privacy – Effective Email Privacy That is Easy to Deploy

Leon Schumacher, the Co-Founder and CEO of pretty Easy privacy, is extremely focused on one – and only one – goal. He wants to make email privacy simple to deploy for companies and individuals. He is convinced that by doing so, the current adoption of email encryption will rise significantly from its current (“ridiculously low”) rate of 0%-2%.

Leon also shares how he sees the email security/privacy industry developing over the next few years, including some of his personal doubts. We also get a glimpse of what his company has planned for its next major release and how that will significantly raise the bar for email encryption software.

Please tell me a little bit about yourself and your background.

I am an electrical engineer by training and I have lived all across Europe and the US. I was originally in the corporate world, but as soon as I discovered the entrepreneurial side of the industry, I went out on my own. At first, I was doing security consulting, but then I met my co-founder Volker Birk who is the technical guru behind pretty Easy privacy (pEp).

What are some of the most interesting and surprising things you have learned while living and working in so many different countries?

I have learned that there are many different ways of doing things.  In particular, I have seen some very specific differences between businesses in Europe and in the US.

Companies in the US are more service-oriented than are European companies. In general, Americans are more goal-oriented and more straightforward than Europeans are. Europeans focus much more on consensus building – while there are definitely advantages to that, it does often mean that European companies tend to move slower.

When I first heard about your company, I confused it with a company that I have known about for a long time – Pretty Good Privacy (PGP). Are you related to that company in any way?

No, the companies are not related, but the similarity is by design.

What Phil Zimmermann and PGP tried to do back in the 1990’s was to bring encryption to email. Although there are now established standards, there is still no real traction in terms of acceptance and usage. Even today, more than 30 years later, only 2%-4% of companies are using encrypted email.

That is why we emphasize pretty easy privacy – we want to make it so that anyone can decide to install it and be up and running very quickly.

Your company has one product – encryption for emails. Please tell me about that.

Yes, we are focusing on only one thing – easy email encryption. Our goal is to turn things upside down from how things currently are.  We want our product/software to meet these design goals:

1. Encryption by default – extra steps required to send unencrypted email.
2. Must work on all platforms - cannot force users onto a specific platform.
3. All code must be open source – accompanied by third-party code review.

What email services do you currently support? How is it deployed?

The software is designed to be end-end and peer-to-peer, without requiring any central service. We have downloadable apps for tablets and mobile devices, and a downloadable plugin for Outlook desktops/laptops.

The software is also designed to be multi-crypto and multi-transport, so that in the future we will be able to easily support additional cryptology techniques/standards as well as additional transport methods such as SMS and other messaging types.

How do you define your target market?

We divide our market into 2 segments: B2B (Business to Business) and B2C (Business to Consumer)

B2C – We serve this market with several free tools, such as browser plugins and an Outlook reader. Mobile versions for B2C will follow.

B2B – This is our primary market. Companies today have come to be clearly aware of and to understand the problem. However, they are currently frustrated by the fact that they have spent a lot of money and time, but are not getting any of the benefits, since there is still not enough traction and adoption of encryption in the industry as a whole. Pretty Easy privacy removes those obstacles to adoption.

We currently focus on those industries where there is already a clearly recognized (or mandated) need for email security:

• Financial Services
• Healthcare
• Pharmaceuticals
• Government

What does your pricing model look like?

We offer commercial products for Outlook (desktop), iOS and Android. We also offer annual enterprise licenses, with unlimited devices per licensed user.

We also offer free licensing based on GPL v3.0 for users and for software developers to embed our encryption engine in their products under GPL v3.0.

How many active customers do you have today?

We have several thousand users in about 20 different pilot programs in large corporations. They are located mainly in Western Europe and the US.

How would you describe your current typical customer?

Our current customers are all very different.  To give you an idea, here are a few of them:

• Small and medium size (~ 1,500 people) electronics companies
• One of the largest car companies in Europe
• One of the largest global cloud software providers
• Several banks in the US and UK

Whom do you see as your main competitors?

We actually have many competitors, including all of the solutions that try to sell email protection. This includes many OpenPGP and S/MIME products. Nevertheless, we are compatible with S/MIME and OpenPGP, even to the point that any OpenPGP client can decrypt pEp messages, meaning you do not need pEp on both sides.

The following characteristics are what give pretty Easy privacy many advantages over other products:

• Privacy by default / Automated
• Multi-crypto / support of many different clients
• Open Source software
• Easy to deploy and use
• Very affordable pricing

How do you see the privacy and security software market evolving in the next few years?

I think that the topic and the issues of email security and privacy are becoming bigger and better known, but we still need solutions that make it easier for people and organizations to adopt them. For B2B scenarios, the need clearly exists and is understood. For B2C scenarios, the interest will grow, but I am not sure yet if/when the general consumer will be willing to pay for more privacy.

What are your future plans for pretty Easy privacy?

We are working with ISOC/IETF on making pretty Easy privacy the new internet standard for encrypted communication. We are planning on raising the bar significantly with our next versions, which will be released next year.  These versions will end up including support for SMS and messaging, as well as for Facebook Messenger and WhatsApp. On top of that, we will add meta-data anonymization to digital messages – similar to what TOR does for browsing.

How many employees do you have today? Where are they located?

At present, our workforce comprises approximately 30 employees who are situated across our three office locations in Luxembourg, Barcelona, and Zurich.

Luxembourg is not usually thought of as a major technology hub. What is the technology scene like in Luxembourg? What is it like to be headquartered there? Do you feel that it limits you or your growth?

Luxembourg (like Switzerland) is a neutral country that places a great emphasis on privacy. Luxembourg is very interested in promoting technology start-ups and there is already a lot of Fintech and ICT (Information and Communications Technology) activity there. The country is offering very interesting programs to support the local start-ups. I can only recommend to all entrepreneurs to check it out before deciding the location of their start-up.

How many hours a day do you normally work?  What do you like to do when you are not working?

The hours of work per day and the numbers of days in a workweek vary. As a start-up entrepreneur, I don’t really count the hours, and I would love to spend a lot more with my children and family. I also travel a great deal and do whatever else I need to do to make the company a success. It is definitely not a 9-5 job. Luckily, the work is highly motivating and we strive to make a positive difference in the world of privacy.

When I am not working, I exercise by playing squash. I also am very interested in car racing and cars in general.