ProtonMail: The One Email System the NSA Can’t Access

It’s been a busy month on the privacy front.

For starters, word got out on August 5 that Russian hackers stole 1.2 billion usernames and passwords across several kinds of websites. Then, Facebook got into hot water — again — when it decided to force its risky Messenger app on unwilling users.

Meanwhile, Senator Chuck Schumer (D-N.Y.) warned that users of wearable fitness-tracking devices are unprotected by any privacy law, putting them at serious risk. And the European Union is poised to counter a U.S. court order demanding Microsoft hand over data stored inside its Irish servers.

ProtonMail is a Gmail-like email system that uses end-to-end encryption, making it impossible for outside parties to monitor messages sent back and forth.
Meanwhile, hackers and snoops recently gathered at their annual Black Hat conference in Las Vegas, plotting how to beat our best security efforts.

I was also a busy bee. I decided to start using a secure password-generation and management software, called Dashlane, which works across multiple devices. It was getting to the point where I had so many passwords to remember that it was seriously cutting into my productivity.

And I was at risk, because the natural tendency when you have a lot of passwords to remember is to re-use them on multiple sites. That’s a BAD idea.

But I also did something I’ve been doing every week for months now — checking to see whether I had been accepted by the world’s most secure email service, ProtonMail.

When Edward Snowden’s revelations broke last year, it sent shock waves through CERN, a particle physics laboratory in Switzerland. A young MIT PhD student working there expressed concern, and soon 40 of the smartest physicists and computer programmers on the planet were pooling their knowledge to create ProtonMail.

What is ProtonMail?

ProtonMail is a Gmail-like email system that uses end-to-end encryption, making it impossible for outside parties to monitor messages sent back and forth.

Unlike all other encrypted email services, ProtonMail separates the encrypted message from its encryption key. All the encryption takes place on your computer and the receiver’s computer. Neither message nor key are stored on ProtonMail’s servers, so there’s no way for the government to get its hands on them, even with a court order.

But that still wasn’t secure enough for this group. ProtonMail decided to go the extra mile to ensure absolute security.

The system’s creators placed all their servers in Switzerland, which has some of the world’s toughest privacy laws. That’s why I’m on a waiting list — demand for ProtonMail is so high, there aren’t enough available servers in Switzerland to accommodate it. But the group is currently raising money to build more.

ProtonMail’s founders understand that security and privacy are about more than encryption — the decision to base their service in Switzerland demonstrates that they get the politics part, too.

But politics has a way of resisting evasion.

The Government’s Fight Against Your Right to Privacy

In June, PayPal — the same U.S. money-transfer company that blocked contributions to Julian Assange’s WikiLeaks at the U.S. government’s behest — froze ProtonMail’s funds and blocked all further contributions without notice or explanation. This happened after ProtonMail launched a two-week “crowdfunding” campaign with a set target of $100,000 — they collected more than $300,000 in a few hours.

Why would PayPal do such a thing? Andy Yen, the MIT PhD student who dreamed up ProtonMail, explained:

“When we pressed the PayPal representative on the phone for further details, he questioned whether ProtonMail is legal and if we have government approval to encrypt emails.”

This isn’t the first time PayPal has closed an account out of deference to government.

Regulations by the U.S. Department of Treasury’s FinCEN unit require financial organizations to monitor accounts for illegal activity, essentially deputizing private companies to act as monitors. These regulations can cause companies such as PayPal to freeze perfectly legal accounts in overzealous lock-downs like the ProtonMail fiasco.

Come Together

ProtonMail’s experience ties together a number of strands we’ve written about a lot recently. I’ve discussed the great opportunity presented by the iAccount, an Internet-based eWallet service, precisely because it’s based in China, where the U.S. government can’t snoop or confiscate funds.

The common element in all of these topics is this: you cannot trust the U.S. government or the U.S. private sector to protect your privacy against the growing threat. You need to look elsewhere — and we’re committed to showing you exactly where.

Editor’s note: This article originally published on The Sovereign Investor Daily on August 11, 2014, and has been edited for publication on IVN.

 

Photo retrieved from PCWorld.com. No photo credit attributed.