Why this cybersecurity startup wants to watermark everything 

Cybersecurity startup EchoMark is releasing a new application programming interface (API) to allow for its novel digital watermarking tool to integrate with virtually any existing communications software.

Founded in 2022 to develop a digital watermarking system to safeguard organizations’ sensitive and proprietary information, EchoMark originally focused on injecting personalized identifiers into emails and link-based networked document sharing tools. Now, armed with $10 million in seed funding, the company is on a mission to “watermark the world,” as founder and CEO Troy Batterberry puts it.

“Our vision is that any piece of private information can be forensically watermarked and tied to a recipient’s identity,” Batterberry tells Fast Company, adding that the company’s customers asked for a way to integrate the software directly into their own bespoke communications channels. “We built this API so we can add this into any commercial application or custom workflow.”

Batterberry has been thinking about leaks for a long time. As a young missile systems engineer conducting research and development on new weapons for the U.S. Navy, Batterberry found himself personally entrusted with “deeply classified stuff,” responsible for constantly adding his signature to paper copies of sensitive documents to signal his role as their authorized guardian.

“Signing your name on the top of a document indicates you’re the custodian of that information,” he says. “Psychologically, it changes how you think about protecting that information. If you leave it out, you could lose your security clearance—or, even worse, your entire profession.”

Following his career in the Navy, Batterberry went into the private sector as an engineer, first at Sony and then Microsoft, where he spent the next 25 years and eventually became a corporate VP in charge of Teams and Webinars. It was at Microsoft that Batterberry developed a digital rights management system to protect streaming media via audio and visual watermarks. Such safeguards ensured that, should content make its way to illegal streaming portals like BitTorrent, the source of the leak would be easily identifiable.

Those experiences eventually coalesced in Batterberry’s brain into a pressing organizational question that formed the basis for EchoMark: What if you could take personalized watermarking and apply it to anything, from emails and images to healthcare records and legal documents?

EchoMark’s watermarking solution is elegant in its simplicity. When a sensitive document is distributed to its intended recipient, the company’s software generates personalized copies with thousands of slight formatting differences imperceptible to the human eye. Once that document makes its way out into the wild, whether as a photocopy, screenshot, or even as a photograph taken from a personal cell phone, users can employ EchoMark’s proprietary computer vision and AI to scan the target artifact and match it against the original copies. Rather than physically sign copies, as Batterberry did in the Navy, EchoMark applies personalized signatures at scale with lightning efficiency so that leaks are easily traceable back to the source.

Batterberry demonstrated the software for Fast Company in real time with a copy of Dobbs v. Jackson Women’s Health Organization, the U.S. Supreme Court decision striking down Roe v. Wade that leaked to Politico in May 2022 (the source of the leak was never identified). Batterberry sent an email containing a PDF of the Dobbs decision processed through EchoMark to seven phony email addresses standing in for those of the sitting Supreme Court justices; he then opened the document from the fake account of Chief Justice John Roberts and took a photo of it on his computer screen with his personal phone. After uploading the photo to EchoMark, the software dashboard quickly analyzed the image and spit out a definitive conclusion: The document pictured in his photo was in fact identical to the one the Roberts account had received.“Whoever leaked the [Dobbs] decision knew that as long as they used a personal device, they would never get caught because multiple people had access to the report,” Batterberry says. “With EchoMark turned on, we could have IDd the source of that leak in minutes.”

The Supreme Court is just one example of EchoMark’s potential governmental applications. Batterberry cites as other disclosures where EchoMark’s software may have proven useful the rogue IRS contractor who in 2020 leaked President Donald Trump’s tax records to news organizations, as well as Airman 1st Class Jack Teixeira, the Massachusetts Air National Guardsman who leaked hundreds of classified Defense Department files onto Discord in 2023.

EchoMark currently boasts more than a hundred “high respected” clients across the government, financial services, health care, and entertainment sectors, according to Batterberry, with the company projecting 10-time growth in the coming year among.

“The federal government is extremely interested,” Batterberry says. “The FBI, for example, has grave concerns about leaks when investigating drug cartels who are willing to spend serious money to get access to information and adapt accordingly.”

EchoMarks’ forensic watermarking isn’t just about identifying leakers as part of a breach investigation, but prevention as well, so far that the presence of digital identifiers will purportedly dissuade potential leakers from releasing sensitive information into the wild if they know they’ll be almost instantly identified. And by empowering organizations with a low-cost, easy-to-implement method for investigating and mitigating leaks, EchoMark serves a larger purpose: helping organizations share information openly and with confidence rather than close themselves off internally to stamp out leakers.

Indeed, Batterberry cites the September 11, 2001, terror attacks as an example of what happens when sensitive information isn’t allowed to flow freely between intelligence and law enforcement agencies.

“A key reason for the breakdown in communication leading up to the 9/11 attacks was that government agencies failed to share information they needed to share with each other,” Batterbery says. “Communication is the lifeblood of any organization.”