Following PRISM, can Toronto-based SurfEasy cash in on a privacy wave?

surfeasyI had a chance to sit down with Steve Kelly, chief operating officer of Toronto-based SurfEasy, over the weekend, and we had a fascinating conversation that covered both the evolution of a tech startup and the current state of privacy.

SurfEasy started up about two years ago with the idea of making web surfing more private. The company’s initial product was a credit-card-like USB key that plugged into a computer, and then launched a secure browser that enabled private surfing. It was ideal for people using unsecured Wi-Fi hotspots, employees who didn’t want their bosses spying on them at work, or even for regular Canadians trying to access geo-blocked services such as Hulu. The browser masked the user’s location, meaning he or she could appear as if they were in the United States.

As nifty as the computer-based service was, the bigger fish to fry always seemed like mobile, and sure enough SurfEasy is now launching a new product for smartphones and tablets. With the ongoing controversy regarding the National Security Agency and its snooping on private citizens’ data without their knowledge or consent, it seems like the right product at the right time.

SurfEasy’s new product is all software based, so it’s easily downloaded onto your computer or mobile device (iOS and Android). That installs an encrypted virtual private network on your computer or device that blocks unwanted tracking or snooping. The plan for one tablet or smartphone costs $2.99 per month or $29.99 a year, while a five-device license costs $4.99 and $49.99, respectively, with unlimited usage in all cases.

What the mobile app won’t protect users from, however, is anything they voluntarily sign into. So, if you’re logged into your Google or Apple account on an Android device or iPhone respectively, those companies will still be able to track whatever you do through their services. Similarly, wireless service providers will still be able to track your phone’s signal itself.

Everything else is up to the user and, if you choose to sign out of those respective Google and Apple accounts, the companies will gather a lot less information about you since all of your data usage is encrypted. Kelly says the product is using 256-bit Advanced Encryption Standard for Apple’s iOS and 128-bit Blowfish for Android, Mac and PC. Those are some pretty tough nuts to crack.

I always find the evolution of startups interesting, since virtually each of them inevitably tells of changing business models. While every company starts based around a good idea, the business eventually morphs as its principals find new, better ways to implement their core concept. SurfEasy is succeeding and growing, Kelly says, since it’s now up to about 20 employees with users in 55 countries.

The company may be hitting its stride at the right time, too, given the NSA’s PRISM scandal. As Ron Diebert, head of the University of Toronto’s Citizen Lab and author of the new book Black Code, mentioned to me last week, privacy concerns may be about to go mainstream as a result. More and more people are awakening to the fact that they’re bleeding huge amounts of information about themselves to companies such as Google and Facebook, which can then be accessed by authorities for no good reason.

Services that deliver corporate-level security – such as SurfEasy and its VPN app competitor HotSpot Shield – to everyday consumers in simple, easy-to-use ways appear to be on the right track.

Where things could get interesting is when Google and the like decide to respond. Encryption and anonymization are the natural enemies of such companies, which need users’ Big Data to thrive. What happens when they try to fight back against encryption?

Kelly and I verged into some fascinating territory here. Google certainly has the resources and the penchant for moon shots to crack encryption if it really wanted to, but as he said, why would the company want to? All corporate and government networks rely on encryption for their own privacy and safety – if somebody created tools to crack all of them, utter chaos would ensue.

Still, as history has shown, scientists are often oblivious to the inevitable results of their actions – many are consumed by the simple pursuit of science itself. The individuals working on the Manhattan Project, for instance, knew what their research would ultimately result in, yet they continued anyway. And still they were shocked when they saw the final product.

As physicist Kenneth Bainbridge said to J. Robert Oppenheimer after the exploding of the first atomic bomb, “Now we are all sons of bitches.” Could those same words be uttered some day somewhere down in Silicon Valley?