On April 3rd, the world was shaken by the Panama Papers, a set of 11.5 million leaked confidential documents that were obtained from the law firm of Mossack Fonseca. Going back nearly 40 years, they detailed information about more than 214,000 offshore companies listed by the law firm, including the identities of company shareholders and directors. The documents exposed a widespread system of global tax evasion implicating some of the world’s leaders and top businessmen.
The following Monday, an anonymous hacker uploaded a 1.4 gigabyte torrent file onto the web, which contained personal data on 50 million Turkish citizens. The file includes names, addresses, parents’ first names, cities of birth, birth dates, and a national identifier number used by the Turkish government. All of the information was verified as authentic by the Associated Press.
A bit earlier, in February, the FBI requested that Apple create new software that would enable the FBI to unlock an iPhone 5C which was recovered from one of the shooters in a December 2015 terrorist attack in San Bernardino, California, that killed 14 people and injured 22. The phone was locked with a password and was set to erase all its data content after ten failed password attempts. Apple declined to create the software and Tim Cook, CEO of Apple expressed that such an attempt has implications far beyond the legal case at hand, threatening data security and privacy rights of people. On March 28, the FBI announced that a third party had helped it unlock the phone. The US Department of Justice dropped the case.
Just looking at these few examples from early 2016 news, it is quite obvious that data security and privacy concerns are rapidly growing. Data leaks like the Panama Papers are leading to discussions on the credibility of the financial system itself and its institutions. The FBI’s demand from Apple escalated to a human rights discussion, and questioning the state’s attitude to respecting privacy and security rights of citizens.
Under such circumstances, IT service providers are enhancing their product portfolio with more advanced security capabilities in order to meet the rising market demand for security and privacy.
Secure Email Based in Switzerland
ProtonMail, an encrypted email services, just stepped into the market as a Swiss-based answer to the rising security demand. ProtonMail, the largest secure email provider in the world as of today, provides free end-to-end (E2E) encrypted email that is as easy to use as any other email provider on the market today. Because it is an E2E Encrypted service, unlike other email services, ProtonMail does not have access to the user’s emails hosted on their servers.
In order to better understand ProtonMail, we interviewed Andy Yen, Co-founder and CEO of Proton Technologies.
“ProtonMail was founded by scientists who met at CERN and MIT in August 2013. After the revelations by Edward Snowden, a lot of us in the scientific community at CERN felt compelled to take action because no good solution existed for email encryption,” says Mr. Yen, when asked about the roots of the service. “Privacy is under attack and it is essential to create services that give people a private alternative.”
E2E vs Main Stream Email Services
The goal for ProtonMail was to build an encrypted email that is easy enough for everybody to use. Before them, E2E mailing services were present, however most of them were technically very complex for the average end user. Seeing this gap, ProtonMail has built the world’s first E2E mail service which has the same ease of use as any other email service. Mr. Yen emphasizes that they believe privacy should be built into the services by default, not as an afterthought.
However, an essential question which comes to mind is: does using an E2E email service compared to main stream email services i.e. Gmail or Outlook mean compromising ease of use? Actually, after examining the service, it is fair to say that there are very few compromises users should make when utilizing ProtonMail. Moreover, users should keep in mind the fact that main stream email providers have full access to all personal information sent and received through their service. This information is at risk of being hacked by malicious persons, requested by government officials, or sold to the highest bidder, as in the few recent examples above. It is important to highlight that since ProtonMail hosts its servers in Switzerland outside US and EU jurisdiction, all user data is protected by strict Swiss privacy laws.
When asked about the underlying reason of not making E2E a standard component of mainstream email services, or in a broader sense, cloud technologies, Mr. Yen replies that most mainstream technology services earn their revenue through selling advertisements. In order to better serve advertisements, and therefore generate increased revenue, these services benefit from having full access to their users' data.
E2E for Enterprises
ProtonMail started to its business life offering consumer-level services. However, in their last release, they unveiled the “tip of the iceberg” to a wider set of products for companies: using ProtonMail with custom domain names. “We hear from many companies every day that are in desperate need of these services, and we are working as hard as possible to release a feature complete enterprise offering of ProtonMail,” says Mr. Yen.
Finally, when asked about the FBI vs. Apple encryption discussion, Mr. Yen highlights that at this critical point in history where so much personal and private data is being collected and stored, it is important that we think about the long term-implications of this behavior. “We believe the discussion between Apple and FBI shows this is a universal concern to consumers who want to protect their information. It is critical to have this discussion before it is too late. E2E provides a solution to prevent the dangers of mass surveillance that is becoming increasingly popular with governmental policies world wide.”
Andy Yen, Co-Founder/CEO
Andy has over 8 years of experience in distributed computing for demanding particle physics and quantitative finance applications. He was a researcher at CERN from 2009 to 2015, has a PhD in Physics from Harvard and a degree in Economics from Caltech.
Sources:
https://www.protonmail.com
https://en.wikipedia.org/wiki/Panama_Papers
http://www.wired.com/2016/04/hack-brief-turkey-breach-spills-info-half-citizens/
https://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple
http://www.zdnet.com/article/apple-iphone-fbi-backdoor-what-you-need-to-know-faq/
Images: protonmail.com
I just started using proton email. It looks great. Limited inbox size and daily limit of emails in the free version may be a bother soon, but I haven't reached that stage yet.
I started using proton mail this year. It has its restrictions. But then, knowing that you're safe makes all of the restrictions worth it.
I'm in a business where I regularly have to send photos of fermented/moldy k-u (k.u.).'s and we should be 100% sure that no one else reads them. They're waiting to be licensed. So this app makes us feel comfortable in our small business.
Good article, which sums it up well. Thanks.