After 25 years with Microsoft building a wide variety of new products and services, I decided to venture out and start something entirely new. I formed EchoMark last fall after hearing growing frustrations about the inability to keep private information private. I saw how insider leaks were becoming more severe and frequent, and felt this was a big and challenging problem worthy of solving.
It was also a problem I’ve repeatedly experienced first-hand. I used to work as a civilian for the Department of Defense (DoD) where I did research and analysis on various weapon systems. During my time with the DoD, the John Anthony Walker spy ring case was still on the top of minds for many of us. We were working on weapons systems designed to defend us from Russia. The insider leaks caused by Walker, a relatively low-level Navy communications officer, were so severe that the NY Times reported “they altered the balance of power between Russia and the United States”. The impact on the morale in the US Navy and across the DoD was profound.
At Microsoft, I also experienced insider leaks in teams I worked on including new builds of Windows, information about upcoming new products, information about confidential partnerships, financial information, and upcoming organizational changes. Sometimes, these leaks were made to the press or on social media. Other times, the leaker quietly provided the information to the competition. Either way, the impact was costly.
Whenever insider leaks happened, trust, the lifeblood of any effective team, begins to break down. Communications become more restricted, or it stops altogether. Productivity suffers. Team morale becomes deflated. Mistrust sets in. Customers and partners even begin to question the viability of the organization. Of course, a search for the source of the leak takes place, and sometimes they are found and remedied, but only after the damage is done.
How existing solutions are insufficient
We have all seen the growing cybersecurity industry pursue a wide variety of technologies and precautions to help. These areas, such as Data Loss Prevention (DLP), Digital Rights Management (DRM), data exfiltration prevention, and insider risk management attempt to limit access, limit activities, or monitor usage and admittedly have solved some real-word problems. However, what happens when someone with authorized access unintentionally or, even more concerning, deliberately leaks the information? Current solutions fail to fully prevent this form of deliberate insider risk while also occasionally and unfortunately “getting in the way” of legitimate usage.
The prevalence of personal smart phones means most members of an organization always have a high-fidelity “copy machine” with them. These personal devices are typically not fully monitored by the organization due to privacy considerations and technical limitations. Insiders who purposely leak can and will continue to utilize an unmanaged personal phone to take photos of intellectual property, making conventional approaches completely ineffective. A different approach is required.
How EchoMark is different
EchoMark is fundamentally different and effective even against malicious insider leaks. Our approach is not based solely on impressive technology including advanced computer vision and Artificial Intelligence (AI) with sophisticated Large Language Models (LLMs). EchoMark also leverages human behaviors to help solve this big and growing hard problem.
When I worked for the Department of Defense, I had access to highly confidential information. This information was typically distributed to me on paper. When I was given these classified documents, I often had to sign my name on each document. That act of signing my name and seeing it on the document each time I picked it up, changed how I thought about keeping it confidential. It increased my stewardship of the documents I was entrusted with, and it had a similar effect on many of my peers.
When I began my journey to solve this problem at EchoMark, I immediately reflected on that human behavior I observed when dealing with some of the most confidential information on the planet. I saw an opportunity to bring that same level of privacy stewardship to the digital domain and make it available to every organization.
About half of insider leaks are accidental. Encouraging everyone involved to be a better steward of private information can help reduce the chances of those accidental leaks.
Almost 50% of the time, however, leaks are done on purpose. One of the reasons these types of leaks happen is because the bad actor does not believe they will ever get caught. Today, an organization distributes the exact same digital copy of information to everyone in the communication chain. Everyone is aware of this characteristic. Would-be leakers often leverage this fact with impunity, thinking they can hide anonymously in the group of other recipients and never get caught.
Learning from canary traps
Once a leak starts in an organization, more sophisticated organizations will react with a technique called a canary trap to try and determine the source. A canary trap silently gives each person a unique copy (without them knowing it) so that you can easily determine the source of a leak.
When I was working on Windows Media, we were competing vigorously with RealNetworks, Apple and others on digital media players. Our Windows Media Player at the time was being used by hundreds of millions of people, and there was a lot of interest from both our users and the competition to find out what was coming in our next version (before it was announced). Because of that interest, someone who had access to pre-release builds of our next-generation Windows Media player were leaking them to the Internet. It unsettled the entire team, particularly because it revealed new functionality we did not want our competition to discover. We all wondered who was doing this, which created an atmosphere of distrust.
Eventually, we ran a canary trap where everyone (and unbeknown to them) got a personalized build of the media player. When the next leak of the media player build happened, it was forensically marked, and we quickly determined the source and dealt with the situation accordingly. It was shockingly fast and effective. Years went by before another leak happened, in part because everyone heard about the canary trap we had run, and simply assumed it was still in place.
Many others have effectively used canary traps. Steve Jobs, Elon Musk, the NBA, and many others have reportedly run canary traps to try and identify the source of a leak in their respective organizations. Canary traps are effective for finding the source of an ongoing leak. However, they require a bunch of time and manual effort to set up and maintain, and they require the leaker to continue their behavior until caught. They do not prevent the leak from happening in the first place.
An even better, more proactive approach would be to let each recipient know the content is personalized for them. This could help prevent the leak from ever happening.
Years after we ran that canary trap on the Windows Media Player, I was the leader for the team building Digital Rights Management (DRM) for streaming media. Content owners such as Warner Brothers, Disney, Fox, Sony, Paramount, and other movie providers required the use of DRM to protect their content from illegitimate copying. These major motion picture studios were astute intellectual property owners. They wanted to consider the latest and greatest techniques to guard against the same piracy that had previously wreaked havoc with the music labels (including from Napster and CD “ripping”).
One of the many technologies we built included both audio and video watermarking to effectively personalize each copy of a movie such that if it ever leaked, the source could be easily determined. It would also allow the content owner to easily find illegitimate copies floating around the Internet and perform take down notices. With end-users increasingly knowing about the presence of those watermarks, it also helped prevent illegitimate copying too.
Turning the idea into reality
As I worked through how we could address insider leaks, I also thought about my time working with the Hollywood studios and our collective use of watermarks as a form of copy protection. I wondered how we could use that concept to protect documents, email, and eventually ANY type of information by personalizing them with invisible forensics watermarks. If everyone knew they had their own, unique version of the information, they would be better stewards and far less likely to risk purposely leaking them for fear of being quickly caught.
It felt like a REALLY BIG idea – one that could fundamentally change information protection. Audio, image, and video watermarking had proven techniques, but could we make watermarking work natively in documents, email and eventually any type of information “without getting in the way” of legitimate collaboration, a problem suffered by so many other information protection technologies?
Having built dozens of new features, products, and businesses over the years from scratch, I knew how important it was to first build the right team to join me on this challenging mission. Fortunately, I was able to leverage both my extensive professional network along with Craft Ventures to chip in and help find the absolute best of the best to join me on this opportunity. As a result, I am incredibly fortunate to have such a gifted team of genuinely great people here at EchoMark.
Last fall, when EchoMark headquarters were still located in my Kirkland, Washington home, a small but incredibly talented set of team members visited from across the USA and built our first end-to-end prototype. It proved that the concept of forensics watermarking could be seamlessly and silently used natively within a common document format.
Here is a photo of those first five gifted team members in the very early days of EchoMark. It was taken right after our prototype verified what we had all suspected – that we CAN make this patent-pending technology work to solve a real-world problem! The smiles were big. Personally, it was an emotional reminder of why I started my career as an engineer building solutions that solve customer problems.
Ever since that first end-to-end prototype started working, I have been meeting with countless customers and partners hearing their feedback on how we can help, rapidly growing the EchoMark team and company, prioritizing our product plans, and building our first product to meet their needs.
We just moved into our new much larger Kirkland, WA office this summer which has been great, especially as we have continued to grow. Admittedly, though, my 13-year-old son Cole misses the frequent team meetings with "echomarkies" in our home in those early days and the vibrant energy around them. He loved to ask all kinds of questions about technology and business with the team members and share his thoughts about EchoMark…and I LOVED every minute of it.
Today, we are excited to announce that our first product is now available for customers. We are also announcing our first deployed customers – Craft Ventures - and with more undisclosed deployed customers already in place too. We are grateful for the opportunity to serve them.
I look forward to helping other organizations too so that information can flow to those who need it, and everyone involved can do their best work. Our vision is that ANY type of private information, whether it is a document, a presentation, a spreadsheet, a Customer Relationship Management (CRM) record, a healthcare record, source code, etc., will be forensically tied to the recipient, and make information protection far more effective.
If you are a leader in an organization that needs to ensure the seamless flow of private information, EchoMark can help. Please reach out. We look forward to serving you.
About the author
Troy Batterberry founded EchoMark in 2022 and is the current CEO. Previously, he was a Corporate Vice President at Microsoft as the product leader for Teams Meetings, Calling, and Events, collectively used by over 300M people each month. Prior to that, he led a wide variety of features, products, and businesses at Microsoft including for Windows, Internet Explorer/Edge, PlayReady DRM, Hohm, Bing, MSN, Xbox, Dynamics, Microsoft.com, and Microsoft stores during his 25 years with the company. Before Microsoft, he was an engineer with Sony, where he helped lead the creation of the very first movies on demand entertainment system on commercial aircraft. He started his professional career as a civilian with the US Navy doing weapons research and analysis of missile defense systems. Troy graduated from the University of Southern California with a MS in Information Systems, and from North Dakota State University with a BS in Electrical and Electronic Engineering.