One of the unique things about Taxteq is the incredibly private and secure online environment that we provide you and your clients with.
You’re dealing with very private and personal information and quite simply off-the-shelf cloud storage and email is not a suitable means to store and share this kind of information.
Right from the start we partnered with Safelink, a provider of data room technology to law firms and financial services organisations around the world. Taxteq is built upon this technology which, to our knowledge, makes it the most secure technology for the tax and accounting industry in the world.
That’s quite a statement.
Here’s Safelink’s Co-founder and CTO Karl Anderson, to explain.
The Taxteq | Safelink Partnership
Karl: “We’re delighted to be able to share our technology with the world of tax and accounting, through our partnership with Taxteq. The Safelink technology that powers Taxteq is perfectly suited to serving accountants and tax advisors who are dealing with very private and sensitive data and documentation belonging to very wealthy people - people who expect the highest levels of privacy and security.
That’s a natural extension from our corporate and legal client base who, for more than a decade, have entrusted our system that houses some of the world's most sensitive data.”
Understanding the data security challenge
Karl says: “When Safelink launched in 2010, our first customers were offshore wealth management firms. They shared a concern about data security that bordered on paranoia, and dramatic exposees like that of the "Panama Papers" in 2016 were, broadly speaking, what they were trying to avoid.”
Safelink spoke with these businesses to learn about their needs and experiences, and heard about a range of approaches that weren't working very well. PGP plugins for email were secure but cumbersome, and were abandoned after the first couple of exchanges.
Karl: “Faxes were used to communicate with private clients in despotic nations, on the assumption that these were less likely to be intercepted and, therefore, less likely to result in kidnappings or extortion bids. Some relationships could only be conducted by telephone.”
The default position was to not share very much at all, and certainly not online. There just wasn't a simple way to share legal and financial information that offered the security and comfort that people wanted.
Creating a new breed of encryption security
“We recognised that we needed to create a level of security that was unprecedented for an online communications service,” Karl explains, “without creating the sort of hassles that made them unsustainable.”
If we were to provide a new solution we knew it needed to be secure but in a transparent way, and provider-managed. This was at a time well before anybody knew what a cloud was”
The solution that Safelink built, allowed their clients to upload and access information in the way they expected, while underneath, the system quietly applied encryption and key management techniques that segmented and encrypted information using ephemeral keys.
Symmetric keys are generated securely as they're needed and are used to encrypt whatever data needs encrypting and do whatever processing work is needed at the time.
Enforcing segmentation
Instead of storing these keys, Safelink uses asymmetric encryption to create an encrypted copy for each user that's authorised to read the data, such that only those users can obtain that key. Then, the original symmetric key is thrown away.
When an authorised user signs in later, their device is able to provide enough information to decrypt the keys and then the documents, but without anybody being aware of what's happening beneath the waterline.
“A benefit of the segmentation and use of separate encryption keys is that we can be certain that information for one of our client's relationships could never cross over with that of another,” says Karl, “even in the case of subsequent programming errors or data theft.”
Safelink didn't stop at document contents, either; document names, metadata, folder names, and any other field that could conceivably contain sensitive information is encrypted in the same way.
Safelink doesn’t retain the keys
A bigger benefit was that by not storing the encryption keys themselves, Safelink, even as the provider of the managed service, was unable to access the documents or details that their clients were sharing, and that if a disk or server were ever removed from a data center, nothing would be readable.
Karl: “Not retaining any keys was a big differentiating factor, and as far as we know, it still sets us apart today.”
Nearly every cloud and on-premise enterprise information system encrypts data, and that's great, and some of these systems go as far as using separate keys for each document in their systems. But if the keys are shared between clients, or worse, across the whole platform, or if the per-document keys are decryptable by the provider at will, then the provider ultimately has access to that information, as might inquisitive employees, or any outsider who compromises their access controls.
Even the use of client-provided keys, hardware security modules (HSMs), or client-provided HSMs doesn't help if the provider's system can programmatically retrieve those keys at any time.
Oddly, that's not even the hard part. The encryption and key management itself is relatively straightforward, to the point of being quite elegant, as it's been encapsulated in a layer that other features build upon. Karl: “We've built simple things like shared calendars, and bigger things like document review and a full workflow engine and it all benefits from the foundation of isolated encryption.”
Consequences of encrypting data while not having custodianship of the keys
The hard part is that, with the Safelink approach, any processing that they need to apply to documents needs to happen in tightly locked-down execution contexts, using small and heavily audited fragments of code, in short and finite time windows before the relevant keys are thrown away.
“This affects the way we write, review, test, and run our code - though only in a good way,” Karl explains.
However, features that would normally be easy to build, like full-text indexing of document names and content, and even just sorting documents by name, are an order of magnitude harder to achieve.
Instead of being able to throw words into a standard search engine, which would ultimately store document contents on disk in a retrievable form, Safelink indexes cryptographic hashes of words and phrases, and has built a complete proprietary search engine around it. Using full-disk or partition encryption is not enough, as that counts as a shared key that would violate the segmentation of data that they maintain.
“We can't use standard database indexes to implement features like ‘sort documents by name’, because the names themselves are encrypted,” Karl explains. “For that, we have another proprietary mechanism that calculates and stores relative orderings without ever storing actual names in any database.”
It's also challenging to support a system when your support team has no ability to see what the customer is seeing, as is helping groups of people who have all lost their passwords at the same time, rendering their information unrecoverable, even in cases when Safelink has many backups of the encrypted data.
These are the inevitable consequences of encrypting data while not having custodianship of the keys, but Safelink has developed good solutions for these too, involving people, processes, guidance, and various technical fail-safes and fallbacks that their customers can control.
Where to from here?
“We believe this approach to encryption has proven itself and will continue to serve our needs,” Karl says, “and when our customers face new requirements like that of GDPR, the encryption and isolation we provided was well ahead of what was called for.” In its lifetime, the Safelink technology has been upgraded to support new ciphers, 256 bit keys, integrations to single sign-on (SSO) services, and the provision of two generations of APIs and should work well as we migrate to new database technologies.
The fact that Safelink can't accidentally divulge customer data (because they can't access it themselves), and that even a flaw in their access control mechanisms couldn't lead to a breach, continues to be of great comfort to them and to the customers that trust them with their data.
Ultimate data security is within reach
We hope this deep dive underlines the importance of data security to the Taxteq team. Through our partnership with Safelink, we can provide you and your clients the most secure environment in which to store and share data and documentation. It’s all within reach!
To discuss the Domicile Locker and Tax Investigation Suite tools, please get in touch - we’re always delighted to chat tax and technology.
Book a call
.svg)
