While growing up in the Country Gardens neighborhood of South Portland, Chris Coyne enjoyed the outdoors like most boys raised in Maine. But in 1983 his father brought home an Apple II computer.
That boxy pioneer of a desktop computer sparked within Coyne a passion for technology and computers that has led to the launch of three successful tech companies, including OkCupid, which he and his partners sold to competitor Match.com for $50 million in January 2011.
Now the 38-year-old serial entrepreneur is tackling a very different problem than trying to find a date: How to make the Internet safer for everybody.
Coyne and longtime collaborator Max Krohn – whom he met 20 years ago when they were freshmen at Harvard – have launched a company called Keybase. Its mission is to bring encryption technology to the masses using a concept called “public-key cryptography.”
Up to now, only the most tech-savvy people with an interest in cybersecurity have been able to utilize this encryption technology. Coyne’s mission is to make it accessible to everyone, allowing users to send encrypted emails and better protect all forms of transactions people conduct on the Internet these days.
This past summer Coyne, who splits his time between homes in New York City and Scarborough, and Krohn raised $10.8 million in a Series A investment round led by Andreessen Horowitz, one of the most well-known venture capital firms in Silicon Valley.
In announcing the investment, Chris Dixon, a partner at Andreessen Horowitz, wrote: “Public-key cryptography has been cloistered within niche technical communities for too long. The time is right to bring it to the mainstream. We are thrilled to back the Keybase team on their mission to make that happen.”
The timing of Keybase’s launch is fortuitous.
At a time when cybersecurity data breaches at major companies like Anthem Inc. and Home Depot have become commonplace, Internet security has raced to the forefront of public consciousness. In 2015, The New York Times published 650 articles containing the terms “data” and “breach,” compared to fewer than 125 in 2013. According to the Identity Theft Resource Center, there were 780 data breaches in the United States in 2015 that exposed the personal records – whether a Social Security number, medical records or credit card number – of nearly 177.9 million people.
The ability to bring greater security to data transmitted over the Internet, whether emails or financial transactions or health care records, has been hampered by the steep learning curve and technical know-how required to utilize tools like “public-key crypto,” which has been around for 40 years, according to Coyne.
Public-key crypto is a mathematical concept that underpins many security encryption standards. One of the most well known is PGP, which stands for Pretty Good Privacy. It enables individuals to send encrypted emails to other people and protect themselves online.
Coyne and Krohn want to remove the stumbling blocks and make public-key crypto as easy as using an app on your smartphone.
“We’re moving to something with far less hurdles,” Coyne said. “They’ll just install a phone app, a desktop app, etc., and they won’t even need to see or hear the word ‘key.’ Signing in will be graphical and easy. They won’t need to answer any questions they don’t understand.”
ADDRESSING A GROWING PROBLEM
Everyone who uses the Internet already uses encryption technologies all the time – but just doesn’t know it, according to Coyne.
Whenever a person password-protects a PDF document or visits a website with a URL that begins with “https,” he or she is using encryption technology. But most of what people are familiar with is less secure than what Coyne hopes to introduce to mainstream Internet users.
“When people think about keeping data private, what they’re usually thinking of is what’s called symmetric encryption, and it’s called symmetric because you use the same password to lock a file and unlock a file,” he said.
That works great for protecting a personal document that only the author needs to access, but it doesn’t work well when people are collaborating with others or even when one computer is communicating with another computer, he said.
“Public-key crypto is different,” Coyne said. There is not one password that locks and unlocks an email. Instead there are two keys. The idea is that people have a “public key” – a string of numbers and letters that they’d post on their website and public social media profiles – and a “private key” that they’d share with no one. The Keybase app would generate a public and private key for its users.
If one person wants to send an encrypted email to another, all the sender has to do is include the recipient’s public key with the message. Then that message can only be opened by the recipient using his or her private key.
For example, if Edward Snowden wants to send an encrypted email to journalist Glenn Greenwald, Snowden would need Greenwald’s public key, which Greenwald conveniently posts on his website: 734A 3680 A438 DD45 AF6F 5B99 A4A9 28C7 69CD 6E44. Now only Greenwald would be able to decrypt that message using his private key.
Encrypting messages and documents is an easy example of how public-key crypto can be used to make data more secure, but its applications are much broader if the technology is more widely adopted, according to Coyne.
Consider online banking: Currently, when you access your bank account from your smartphone, the bank is doing all the heavy lifting and using its own keys to encrypt the data. That means hackers would only need to exploit one vulnerability to gain access to the personal data of hundreds or thousands of customers. But if public-key crypto was the status quo and everyone had public and private keys, all that data would be more secure because hackers would need the private keys of each customer to access their personal financial information.
Also, public-key crypto would simplify the whole process of accessing your financial data. Forget entering a username and password and answering a security question about your maternal grandmother’s maiden name. Instead, press a button on your smartphone that signs a statement to the bank using your private key, according to Coyne.
“That’s an example of what could be possible in a world where people have public keys, not just the (computer) servers,” Coyne said.
To keep track of your contacts’ public keys, Keybase is developing open-source software to link people’s keys to their online identities, whether a Twitter profile or GitHub account, and to their devices, such as a desktop computer, tablet or smartphone.
“All this is possible; there’s just a lot to build. The goal is to make it as easy to use a possible,” Coyne said. “Users should not have to think about keys; they should only have to think about their identities and their devices.”
Elliot Murphy, CEO of Kindly Ops, a Portland-based computer and network security consulting company, says Keybase is addressing an incredibly important problem.
“I’m a big fan of what they’re doing,” said Murphy, who saw Krohn give a talk about Keybase at a Boston Security Meetup in September. “They’re tackling a hard problem and putting people first.”
Murphy said there have been great security technology solutions in the past, but they’ve been “very difficult to use.”
“Security in general won’t get used if it makes people’s jobs harder, so in the past we’ve been willing to compromise on ease of use and focused more on the technical solutions, and that’s not the right trade-off because it doesn’t end up being used at all,” Murphy said.
For Coyne, his entrepreneurial path has kept him tied to New York City, where OkCupid and now Keybase are located. Though he spends part of his time in Scarborough, where he owns a house, and his mother and one of his brothers lives, he’d like to eventually return to Maine full time.
Although Maine is a far cry from Silicon Valley, Coyne doesn’t think being located here would limit his entrepreneurial opportunities at all.
“There’s nothing specific about Maine that makes it better or worse for a tech startup,” Coyne said. “We could have built any of our companies in Maine. I just happened to be somewhere else when I met my co-founders.”