Secure email service provider Proton Mail has added its voice to a growing number of tech companies concerned that Australia’s proposed “online safety” regulation will force firms to break encryption to expose user data to governments and potentially criminal syndicates.
Proton offers end-to-end encrypted email, virtual private network (VPN), and online data and password storage services. Its slogan is “privacy by default.”
Andy Yen, founder and CEO of Proton, told The Epoch Times: “With the current eSafety proposals, the Internet as we know it faces a very real threat. The proposed standards would force online services—no matter whether they are end-to-end encrypted or not—to access, collect, and read their users’ private conversations.
“These proposals could not only break encryption, but could put businesses and citizens at risk while doing little to protect people from the online harms they are intended to address.”
Australia’s eSafety Commissioner Julie Inman Grant has released the draft standard, which applies to services including “email, instant messaging, short messages services (SMS), multimedia message services (MMS) and chat, as well as services that enable people to play online games with each other and dating services.”
Other “apps and websites ... as well as online file storage services” will also be covered. Everything online, provided it’s accessible to Australians (even if there are no visitors) is captured.
While Ms. Inman Grant insists providers will not need to breach encryption to comply with the standard, the Global Encryption Coalition says it will be impossible to do so otherwise.
Proton is the first provider to openly say it will defy the standard if it’s introduced.
“Under no circumstances would we break end-to-end encryption,” Mr. Yen said. “As other jurisdictions are realising, there is no such thing as technology that can scan everyone’s online activity while also providing privacy and safety.
“There is still time to safeguard end-to-end encryption in the eSafety proposals, and we urge Commissioner Inman Grant to ensure the protection of privacy for Australian citizens. Undermining cybersecurity and encryption in the name of eSafety will only lead to the opposite result, leaving everyone but criminals more at risk.”
Proton AG is based in Switzerland, and says it is therefore subject only to Swiss law.
The legal and technical hurdles to enforcing cross-border regulations on entities that have no presence in the country imposing them have yet to be really tested.
While other tech companies have so far expressed disquiet with the proposals, many are moving to tighten encryption.
Meta attempted to win back market share for WhatsApp soon after it purchased it, by adding encryption, and has also pledged to work toward encryption and secure data storage across Facebook.
The company also announced the introduction of end-to-end encryption in Facebook Messenger, which is used by over a billion people. Online storage services such as iCloud and Google Cloud are also offering encrypted storage.
