![](\"https:\/\/media.wired.com\/photos\/628d53d164f6937ef8df9005\/master\/pass\/Andy-Yen-Proton-Security-GettyImages-1236341455.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Gilad Edelman| Date: Wed, 25 May 2022 10:00:00 +0000<\/strong><\/p>\n Gilad Edelman<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n Since its founding<\/span> in 2014, ProtonMail<\/a> has become synonymous with user-friendly encrypted email. Now the company is trying to be synonymous with a whole lot more. On Wednesday morning, it announced that it\u2019s changing its name to, simply, Proton\u2014a nod at its broader ambitions within the universe of online privacy. The company will now offer an \u201cecosystem\u201d of linked products, all accessed via one paid subscription. Proton subscribers will have access not just to encrypted email, but also an encrypted calendar, file storage platform, and VPN.<\/p>\n This content can also be viewed on the site it originates<\/a> from.<\/p>\n This is all part of CEO Andy Yen\u2019s master plan to give Proton something close to a fighting chance against tech giants like Google. A Taiwanese-born former particle physicist, Yen moved to Geneva, Switzerland, after grad school to work at CERN, the nuclear research facility. Geneva proved a natural place to pivot to a privacy-focused startup, thanks to both Switzerland\u2019s privacy-friendly legal regime and to a steady crop of poachable physicists. Today, Yen presides over a company with more than 400 employees and nearly 70 million users. He recently spoke to WIRED about the enduring need for greater privacy, the dangers of Apple's and Google's dominance, and how today\u2019s attacks on encryption recall the rhetorical tactics of the War on Terror.<\/p>\n This interview has been condensed and lightly edited.<\/p>\n WIRED: You're in the online privacy business. To start super broadly, how do you define privacy?<\/strong><\/p>\n Andy Yen<\/strong>: These days, all Google and Apple and Big Tech talk about is privacy, so the best way to give our definition is to give the contrast. The way Google defines privacy is, \u201cNobody can exploit your data, except for us.\u201d Our definition is cleaner, more simple, and more authentic: Nobody can exploit your data\u2014period. We literally want to build things that give us access to as little data as possible. The use of end-to-end encryption and zero-access encryption allows that. Because fundamentally, we believe the best way to protect user data is to not have it in the first place.<\/p>\n If you ask someone, \u201cWould you like more privacy or less?\u201d they always say more. But if you watch how people actually behave, for most people, data privacy is not a very high priority. Why do you think that is?<\/strong><\/p>\n Privacy is inherent to being human. We have curtains on the windows, we have locks on our doors. But we tend to disconnect the digital world from the physical world. So if you take the analogy of Google, it's someone that's following you around every single day, recording everything that you say and every place you visit. In real life, we would never tolerate that. On the internet, somehow, because it's not visible, we tend to think that it's not there. But the surveillance that you don't notice tends to be far more insidious than the one that you do.<\/p>\n Your company has come out in support of reforms to strengthen antitrust enforcement. But a lot of people argue that privacy and competition are in conflict. Apple will say, \u201cIf you force us to allow more competition on the platform that we run, then that will reduce our control over the security and the privacy of the user. So if you make us increase competition, that will bring privacy down.\u201d And then you see the flip side of the argument, which is when Apple or Google implements some new privacy feature that may hurt competitors. How do you think about these potential conflicts?<\/strong><\/p>\n What Apple is basically claiming is, you need to let us continue our use of app store practices because we're the only company in the world that can get privacy right. It\u2019s an attempt to monopolize privacy, which I don\u2019t think makes any sense.<\/p>\n If you look at the FTC lawsuit against Facebook<\/a>, the theory is that privacy and competition are two sides of the same coin. If you're not happy with Facebook's privacy practices, what is the alternative social media that you can go to other than Facebook and Instagram? You don't really have that many options. We need more players out there. If they had to compete, then competition would force privacy to be a selling point.<\/p>\n The same is true for other services that we offer. Today, Google controls the Android operating system, which is used by the majority of people, and they can preload all their applications as a default on your user devices. So they have a massive advantage already because users don't change the defaults. So even though their privacy practices are quite terrible for most people, there's no real pressure to change it because the alternatives don't really exist. And if they do exist, Google's able to hide them, because they set the defaults on their devices. So if you want to fix the privacy issue, the best way to do it is to have more competition, because then there will be user choice, and users tend to choose what is more private, because, as you said, everybody wants more privacy.<\/p>\n Europe\u2019s new Digital Market Act has a controversial section requiring the biggest messaging platforms to let competitors interoperate with them, while still preserving end-to-end encryption. But quite a lot of people<\/strong> argue<\/strong><\/a> that you can't actually do both of those things. So here's a place where privacy and competition really do seem to be conflicting with each other technologically.<\/strong><\/p>\n I have to say, this has been around since the early '90s<\/a>. PGP is basically interoperable encryption, based on the email standard. So it may not be technologically the easiest to do. But to say it\u2019s technologically impossible is also not correct.<\/p>\n Another EU proposal<\/strong><\/a> would require companies to implement methods of detecting child sex abuse material, or CSAM, on their platforms. People are very alarmed about the implications of that for encryption.<\/strong><\/p>\n We're still in the process of analyzing it, so I can\u2019t comment specifically on the details of the proposal. But these proposals are not new. In fact, they've been coming up in various forms over the past decade. What is novel and different this time is that these proposals used to be packaged under \u201cterrorism.\u201d Now, they\u2019re packaged under CSAM. It was very clever to repackage this idea into a topic that is even more toxic, which makes informed debate difficult. Obviously, CSAM is a horrible problem, something that the world is better without. But a wholesale attack on encryption can have unforeseeable consequences that are not always completely understood or considered by the drafters of these proposals.<\/p>\n Do you think that this<\/strong> is<\/strong><\/em> a wholesale attack on encryption, though? The people making these proposals say, \u201cWe're not attacking encryption. You just have to figure out a way to monitor for CSAM.\u201d<\/strong><\/p>\n Well, there is really no practical way in today's technology to do that in a way that doesn't weaken encryption.<\/p>\n The analogy to terrorism is interesting because, during the Bush-era War on Terror, there was a sense of literally anything being justified in the name of stopping terrorism. The US government was secretly spying on its own citizens. It was really hard to argue that we have to accept that some terrorism is going to happen. It's even harder to say, look, we've got to accept that some amount of child exploitation is going to happen and people are going to use digital tools to spread it. But at some point, I think you do have to defend the principle that we have to tolerate a certain amount of even the very worst things if we want to have meaningful civil liberties.<\/strong><\/p>\n If there was no privacy in the world, that world would be more \u201csecure.\u201d But that world does exist; it's called North Korea. And the people that live there probably don't feel very secure. As a democracy, you have to strike the right balance. The balance is not total mass surveillance of everybody, because we know that there are serious consequences to democracy and freedom as a result of that. It's not easy to find the right balance. But during the Bush years, with terrorism, I think they went to an extreme that really was a backsliding on democracy. And this is something that we need to avoid.<\/p>\n