Interview with Erik Kangas, President of Lux Scientiae
by Berislav Kucan - Wednesday, 15 January 2003.
In my experience, more and more companies are using SSL to encrypt communications with their email servers, but few are using PGP or S/MIME for encryption. I see the impediment being that the effort needed to setup, to enforce usage, and to train employees is seen as much larger (or costlier) than the benefit of use. Clearly, the cost savings gained by using secure messaging is in having less information leakage or modification which is very difficult to quantify, especially as most companies assume that they don't (or won't) have significant problems in this arena anyway. These assumptions will be changing.

Fort Lux is your company web based messaging solution. What are its functions and for what type of users it is intended for?

Actually, Fort Lux is a separate web-based secure messaging product offered by Lux Scientiae. We offer a normal WebMail application for our email hosting users; this is completely separate from Fort Lux, but compatible with, Fort Lux.

Fort Lux is designed for people who already have email services and who need to communicate securely with others. It is geared for usability:
  • No new email address required; use your existing email services
  • No software to download or install; Fort Lux is web based
  • Simple; If you can use WebMail, you can use Fort Lux
  • It's free to receive messages
Fort Lux is in many ways like an online secure messaging center. A typical user will log into the Fort Lux web site and compose a message (to anyone, even recipients that are as yet unknown to the Fort Lux system). The message is digitally signed and encrypted and stored on the Fort Lux servers and a notice is sent to the recipient(s) that they can come and pick up their message at Fort Lux. When the recipient authenticates himself/herself at Fort Lux, s/he will be able to view the message and verify the digital signatures on all of the attachments. Furthermore, all actions requiring cryptography are tracked by the system so that the sender and recipient can both see when a message was created, read, replied to, deleted, etc.

If you already use PGP or S/MIME for secure email, this can be integrated into your Fort Lux account so that all notifications that Fort Lux sends to you are encrypted and so that you can have the secure messages you receive at Fort Lux automatically encrypted and forwarded to your secure email address so that you do not have to log into Fort Lux to retrieve them.

The basic idea is that Fort Lux is a quick and easy way to communicate with anyone securely. There are no interoperability or key exchange problems, it is compatible with anything you may currently be using for email, there is no effort spent in setting up software, and there is no commitment.

What is the difference between your services and HushMail?

While our service offerings are similar, there are several important

differences between our services and HushMail:

1. HushMail gives you a new email address; our service uses your existing email address.

2. HushMail allows you to send and receive messages from non-HushMail users:

- Messages to and from HushMail users are sent or received as normal unencrypted email.

- HushMail users can easily receive SPAM and other unwanted email in their HushMail accounts.

Fort Lux allows you to send messages to non-Fort Lux users, but it only accepts messages from existing users:

- Messages sent to non-Fort Lux users are not sent via normal unencrypted email, instead, they are securely saved on our servers and only a notification is sent to the recipient. We have additional security features to help you authenticate non-users when they come to pick up their message, such as the ability to add security questions to your messages per-recipient basis.

- Since the pricing of Fort Lux is based on the number and size of the messages you send; it is free to receive messages but costs a little to send a message. This, coupled with the fact that only paid Fort Lux users can send messages, means that it is very unlikely that you will ever get any SPAM or unwanted email via Fort Lux.

3. Fort Lux does not use JAVA so your web browser does not have to be JAVA-enabled.

4. You can receive and store any quantity of secure messages in your Fort Lux account. Even with their premium accounts, HushMail places strict upper limits on the amount of email and document storage you can have.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th