Wednesday, 27 August 2014

The Only Email System DotCon and the NSA Can’t Access

Guest post by Hollie Slade

When the NSA surveillance news broke last year it sent shockwaves through CERN, the particle physics laboratory in Switzerland. Andy Yen, a PhD student, took to the Young at CERN Facebook group with a simple message: “I am very concerned about the privacy issue, and I was wondering what I could do about it.”

There was a massive response, and of the 40 or so active in the discussion, six started meeting at CERN’s Restaurant Number 1, pooling their deep knowledge of computing and physics to found ProtonMail, a gmail-like email system which uses end-to-end encryption, making it impossible for outside parties to monitor.

Encrypted emails have actually been around since the 1980s, but they are extremely difficult to use. When Edward Snowden asked a reporter to use an end-to-end encrypted email to share details of the NSA surveillance program the reporter couldn’t get the system to work, says Yen.

“We encrypt the data on the browser before it comes to the server,” he explains. “By the time the data comes to the server it’s already encrypted, so if someone comes to us and says we’d like to read the emails of this person, all we can say is we have the encrypted data but we’re sorry we don’t have the encryption key and we can’t give you the encryption key.”

“We’ve basically separated the message that’s encrypted apart from the key — all the encryption takes place on your computer instead of our servers, so there’s no way for us to see the original message.”

This is different from all other systems, says Yen. While Gmail has implemented some encryption, they still have the encrypted message and the key to decrypt the message.

Cofounders
Cofounders, from left to right, Jason Stockman, Wei Sun, Andy Yen.

While half the team is now at MIT, some are still in Switzerland where the ProtonMail’s servers are housed for extra protection.

“One of the key things we want to do is control our servers and make sure all the servers are in Switzerland which will increase privacy because Switzerland doesn’t do things like seize servers or tape conversations,” says Yen.

This will help avoid a situation where the U.S. government could forcibly shut them down, says Yen, similar to what happened to Lavabit last year.

Yen has turned down venture capital firms looking to invest in ProtonMail. “The reason we have to be bootstrapped is because if we take our money from something like Google Ventures, there goes our credibility. By being in this market we have to fund ourselves,” he says, adding that they’re considering a crowdfunding round next month.

ProtonMail’s revenue model is similar to something like Dropbox — charging only for extra storage.

ChalkboardCo-Founder Jason Stockman giving an informal lecture at MIT

“One of our motivations was human rights,” says Yen. “Having privacy is very important from a freedom of speech standpoint.”

The paid accounts will be $5/month and will provide 1GB of storage. Yen says they will accept bitcoin or even cash payments to allow users to remain anonymous.

They recently ran an update so they could support Chinese. Yen says they didn’t advertise this but through Twitter a blogger who has been involved in the freedom of speech movement heard about the service.

“All of a sudden we had an influx of hundreds of Chinese users — these are dissidents that don’t want the government to be tracking them,” says Yen. “It’s because we want to support users like this that we want to keep a certain level of the service free.”

Yen expects they’ll see the most traction in countries like China, Syria, Russia and Iran, where “you have these massive populations who cannot send an email without fear that they’re going to get arrested.” It’s also an alternative to the ad-based revenue model of free services like Gmail which actively scan your emails to deliver relevant ads to you online.

“You’re forced to trust Google,” says Yen. “What this really shows is that Google is not really trustworthy. Google makes money by scanning your emails and feeding you ads off of what you’re writing about; part of their core structure is to allow Gmail to read your emails and use your data.”

Most of ProtonMail’s team spends half their time working on the project. “We’re all CERN or MIT scientists, so we’re doing research on computing, mathematics, physics that’s actually closely related to what we do on the secure email. Encryption is very mathematical so we have four PhD physicists working on this,” says Yen.

ProtonMail just launched globally out of a private beta and is currently working on an Android or iPhone app expected to be ready by the end of the summer. Yen says demand is far higher than expected.

“We’re close to 20,000 users now and have had to close the signups temporarily while we add more servers. We were not expecting 10,000 users per day even in our most optimistic projections so we’re scrambling now to support more,” he says.


Hollie SladeHollie Slade was previously an editor at Global Security Finance, a London-based newsletter covering security and defence for the finance community which meant uncovering start ups with exciting technologies as well as interviewing VCs, government officials and defence giants on their financing, funding and M&A strategy. As a Columbia Journalism School student she delved into an eclectic mix of city politics, struggling Harlem businesses and the interactive theatre scene.
This post appeared previously at Forbes.Com, and Laissez Faire Today.

No comments:

Post a Comment

1. Commenters are welcome and invited.
2. All comments are moderated. Off-topic grandstanding, spam, and gibberish will be ignored. Tu quoque will be moderated.
3. Read the post before you comment. Challenge facts, but don't simply ignore them.
4. Use a name. If it's important enough to say, it's important enough to put a name to.
5. Above all: Act with honour. Say what you mean, and mean what you say.