ProtonMail’s Dr. Andy Yen: Encryption and the New Crypto War

ProtonMail is not just another browser add-on trying to catch your attention. Built by a team of CERN scientists, this encrypted email service offers state-of-the-art security balanced by seamless usability. The company is young. They just began taking open sign-ups in March. Yet it is taking the email market by storm with over one million users already. It’s also guided by the idea that privacy is a right of all citizens. And as a result, it’s found itself on the front line in the fight against intrusive government surveillance.

In this interview, ProntonMail CEO, Dr. Andy Yen, tells us his thoughts on ProtonMail’s rising popularity, the challenges of end-to-end email encryption, and the global battle currently being waged over personal privacy.

On ProtonMail

Before anything, can you please tell me why I need a secure email? What's wrong with Gmail?

Unfortunately, it is not free to operate services on the internet. While Gmail presents itself as free to use, users of this service are paying with their personal data, including every email they send and receive. They give Gmail the right to read every email and show them advertisements in an effort to generate the revenue needed to run the service. In addition to serving you advertisements, Gmail runs the risk of having your data compromised by malicious actors or given to government agencies. ProtonMail get rids of those risks by giving you sole control of the keys that secure your inbox. ProtonMail employees cannot even gain access to your data, let alone malicious actors and government agencies.

You and many of ProtonMail’s team members have a common stop in your careers: CERN. Tell us how that scientific environment helped foster ProtonMail’s development.

CERN is focused on driving innovation in some of the most cutting edge technologies in the world. Started in the same research center where the World Wide Web was first invented, ProtonMail is very much a product of its environment. We combine a strong technical knowledge with the philosophy of peer review and collaborative development. This is why ProtonMail is open source. The Web was created at CERN, and following that tradition, we have an obligation to safeguard the integrity of the web by ensuring that the right to privacy is protected online.

What makes ProtonMail a stronger email encryption service choice than your competitors?

ProtonMail was built with privacy mind. When you start with that mindset you can ensure every piece along the way matches the end goal, this means encryption is at the core of ProtonMail, not an add on feature, but built into the architecture. We believe strongly in the power of open source technology, especially when it comes to encryption.  By utilizing OpenPGP for the encryption of ProtonMail, we leverage the time tested security of this protocol while combining it with the most cutting edge modern technologies to make it accessible to everyone. Our "zero knowledge" architecture means ProtonMail is the first email provider that can't read your emails, and as a result, cannot turn them over to third parties.

ProtonMail has been called the “world’s largest secure email service.” Has all that growth occurred since your big move to open sign-ups in March?

From day one we have experienced tremendous support from the internet community demanding a more secure email solution. After just 3 days of opening our service to beta users we were forced to implement a waiting list due to the interest we received in using ProtonMail. After signing up nearly a million beta users, we were happy to finally be able to open ProtonMail up to the world. We saw a tremendous reception in March especially from businesses and users looking for a mobile secure email solution as we also released iOS and Android applications. We are now gearing up to for another major release, later in 2016, which will bring the full power of ProtonMail's encryption to organization's around the world.

Are there certain countries/locations/markets that are faster to sign up for your service than others? For example, is your U.S. client base rising faster or slower than your European client base?

The split between U.S. and European users is pretty even at the moment. When we first started we saw a larger signup rate in the US, but now our userbase in Europe is growing faster. We have also seen large growth from countries where email privacy is a real necessity and today there are large ProtonMail user communities in Russia, Iran, Turkey, and many other countries with authoritarian governments.

Any reasons for this?

In certain countries, simply holding the wrong political views could be a death sentence. While privacy is something that is nice to have in the Western world, in other parts of the world, it can be an absolute necessity. In these regions, ProtonMail is widely adopted as a tool not just for email privacy, but also for freedom of speech.

ProtonMail has more than 4000 reviews and a 4.7-star rating on the Android Play Store. What has been the key to this success?

We have worked really hard to build a secure mobile email application that people will enjoy using. We knew from the start the only way we could get privacy to the masses was to make ProtonMail enjoyable and easy to use. We spent countless hours ensuring both the Android and iOS applications delivered on this promise. We listened to our community who were very vocal about the service they wanted to use, and we built it for them. We are motivated by the feedback and continue to add features to make the application even better.

ProtonMail is already available on mobile and desktop platforms. What are the next developmental milestones for you?

We are currently focused on bringing more value to our business and organization users. From government organizations to healthcare providers, there is a huge need for a secure email provider. We hear from new organization's everyday who are in desperate need of what ProtonMail offers and are seeking an alternative to Google Apps. We are working around the clock to get it to them as quickly as possible. We are excited to serve these organizations and think they will be extremely pleased when they see the suite of features we are building, some of which may even depart from the email base ProtonMail was founded on.

On Privacy Issues and the Crypto War

When you initially began, ProntonMail enjoyed a successful crowdfunding campaign, getting help from more than 10,000 supporters. In your mind, does this speak to the public’s hunger for more online security?

Absolutely, we are lucky to have such a supportive community that believes in ProtonMail. They are the driving force behind what we do every day and through their support, we have been able to bring encrypted email to millions of individuals around the world.

ProntonMail only earns money when a customer upgrades to a paid account or when someone donates to the project. This business plan is laudable, but is it sustainable, especially with your rapid growth?

Privacy should be accessible to everyone. The idea of selling users’ data or using users’ data to show effective advertisements goes against this principle.  A large percentage of our user base has found value in our premium features and support ProtonMail by upgrading their accounts while others decide to donate to the project. Long term sustainability is still difficult to gauge at the moment, but I believe more and more people are realizing now that if a service is free, they are paying with their privacy, and this will give ProtonMail more and more sustainability over time.

In the blog post announcing your worldwide launch, you talk passionately about the onset of the 2^nd crypto war. How do you see this war shaping up so far?

We are at a critical juncture in the 2^nd crypto war. There are services like ProtonMail which continue to innovate and provide more and more options that bring privacy to the internet. For the first time, people can vote with their actions. By switching to services that respect privacy and helping them grow, the second crypto war can in fact be definitively won. It is imperative that we win because if people don't take a stand for online privacy today, they will forever lose that right.

How do you see ProtonMail’s role in this fight?

We take pride in pioneering advancements in innovation. Our roadmap includes ongoing efforts to broaden our offerings with various products and services that prioritize user privacy. Moreover, we aim to persistently engage our community in molding the future of Internet Privacy laws. Our commitment has been demonstrated previously when we successfully compelled a nationwide referendum in Switzerland on surveillance and privacy.

Besides encrypted email, what should a consumer do to protect his/her online privacy?

The internet can be like the wild west at times. It is important that consumers remain diligent as they navigate through their daily tasks to ensure you don’t visit any malicious websites or download attachments from unknown parties. In addition, we recommend the use of VPN services to protect against IP collection. There are also other good services such as Signal for chat.

In January, ProtonMail made headlines by forcing a referendum on a new surveillance law passed by the Swiss government. Please update us and our readers on how this movement is going…

That was a great example of activating our community to shape the future. The Nachrichtendienstgesetzt (NDG) is an Intelligence law that stands to place significant pressures on the privacy of the Swiss people. Even though it does not impact ProtonMail due to the end-to-end encryption we use, we are campaigning to win the vote in September.

You’ve equated the Nachrichtendienstgesetzt with the FBI vs Apple case in the U.S. and the Snooper’s Charter in the U.K. As a company who stays ahead of government encryption-breaking efforts, please tell our readers about these opponents. How pervasive are they and what must be done to beat them?

Government agencies have a tremendously tough job. They are focused on keeping their citizens safe from both domestic and international threats. At times, in their effort to execute on their mission, their actions end up doing more harm than good. Encryption-breaking efforts is one of those instances. As most encryption is open source and widely available, banning encryption leaves general citizens exposed while doing little to hinder terrorists from communicating anyways. The approach we have taken to confronting government efforts to ban strong encryption is by getting encryption out there to as many people as possible. After a certain critical mass is hit, the "ship has sailed" so to speak, and it no longer becomes feasible to ban encryption anymore.