3 Signs E2E-Encryption Is Growing Up

Jon McLachlan
3 min readMay 25, 2020


Photo by Allen Taylor on Unsplash

First, what is E2E-Encryption? It’s a protection mechanism that helps secures data that operates at the highest layer of the computational stack, in the application itself. TLS or HTTPS only protects data in transit, which are subject to different challenges and responsibilities, are not Application Layer Data Security mechanisms.

(3) Open Source Standard in E2E-Encryption

First, there was OpenSSL with its open-source low-level cryptographic primitives. The rule was,

“Never implement your own cipher suites.”

OpenSSL and other libraries solved this problem. Then came alone, modern tooling such as HashiCorp’s EaaS or even dedicated cloud-based KMS (Key Management Service), but these tools still left many scalabilities, policy management, and configuration problems wide-open. Today, we are fortunate to have open-source projects such as Peacemakr that provides an entire open-source turnkey Data Security Platform.

Open-Source facilitates community-driven feedback, so the robustness and security can be openly validated against the security claims, instead of proprietary solutions that exploit information asymmetry for short-term business gains.

(2) Laws Are Catching-Up to Social Expectations

First, there was GDPR, requiring amount other things, that Personally Identifiable Data be protected. Of course, this only impacted Europe, but then came CCPA, which essentially required encryption as a mechanism to protect consumer’s private data.

Though this is more descriptive of the social landscape instead of prescriptive, it is hard to imagine a clearer sign that we’re starting to grow up.

(1) E2E-Encryption Is Actually Enabling new Collaboration in Regulated Verticals.

Have you ever encrypted data only to find it’s almost impossible to share it with collaborators and business partners? As it turns out, key lifecycle management is hard.

Thankfully, Peacemakr allows you to securely share data with your customers and vendors without compromising security.

This may sound like a contradiction. How can you share data while simultaneously making it secure? All security engineering is a trade-off between security and usability. A perfectly secure system would be so obtuse it would be almost useless, and the systems that are the most convenient offer the most opportunity for a security breach. In today’s world, the thing we want to keep safe is data, and owning your data is more important than ever.

For example, let’s say doctors are administering care for patients with the help of an App, but the doctors themselves do not own or control the App. The specialist doctors need temporary access to the patient’s data. We would like to encrypt our patient’s data in the App, send the relevant parts to the specialist, enable the doctor’s software to decrypt the sensitive data, and revoke access to that patient’s data once the care is complete.

Or, for billing purposes, we may need to share patient data with insurance companies too, and we need to control access to that data.

Thanks to Peacemakr, collaborative data sharing is now effortless. Encrypting with Peacemakr, we can now add the specialist and the insurance providers as whitelisted collaborators in Peacemakr’s Admin Portal, and now they have temporary access to the sensitive data. Peacemakr does this by managing Authentication and Authorization to the encryption key. When the relationship is over, removing them as a collaborator removes their access to the data.

All this was powered by an open-source data security platform with open-source SDKs that works with your business and security certification needs, instead of against it.



Jon McLachlan

Ex-Apple, Ex-Robinhood, Ex-PureStorage, CSO at CoinRoutes. Lives in San Francisco. Plant-based Health Nut, Podcaster, Motorcycle Rider, Runner, and Biker