Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - AU
The Guardian - AU
National
Josh Taylor

Proton Mail founder vows to fight Australia’s eSafety regulator in court rather than spy on users

Proton Mail is seen displayed on a mobile phone screen with AI written in the background
Switzerland-based Proton is one of 350 signatories to an open letter to eSafety commissioner, Julie Inman Grant, raising concerns about the online safety regulator’s proposed standards. Photograph: Idrees Abbas/SOPA Images/Shutterstock

The founder of encrypted email service Proton has said the company would fight the Australian online safety regulator in court if forced to weaken encryption under proposed standards.

The eSafety commissioner, Julie Inman Grant, has proposed cloud and messaging service providers should detect and remove known child abuse material and pro-terror material “where technically feasible” – as well as disrupt and deter new material of that nature.

The eSafety regulator has stressed in an associated discussion paper it “does not advocate building in weaknesses or back doors to undermine privacy and security on end-to-end encrypted services”.

But privacy and security groups argue the draft standards, as written, could allow the eSafety commissioner to force companies to compromise encryption to comply.

Switzerland-based Proton is one of 350 signatories – including Mozilla and Tor Project – to an open letter to Inman Grant raising concerns about the proposal and urging “against creating standards that would force encrypted services to implement such scanning measures as they would create an unreasonable and disproportionate risk of harm to individuals and communities”.

Andy Yen, the founder and chief executive of Proton, told Guardian Australia the proposed standards “would force online services, no matter whether they are end-to-end encrypted or not, to access, collect, and read their users’ private conversations”.

“These proposals could not only force companies to bypass their own encryption, but could put businesses and citizens at risk while doing little to protect people from the online harms they are intended to address,” he said.

He said having the standards apply only “where technically feasible” wouldn’t provide legal safeguards for encryption. Yen said if the draft standards weren’t changed before being introduced, Proton would fight them.

“We didn’t change our product or break encryption in Iran, or in Russia, and we won’t in Australia either,” he said. “However we have no intention of leaving Australia. Should we receive an enforcement notice to break end-to-end encryption we would be prepared to fight it in the courts.”

A spokesperson for the eSafety commissioner said Inman Grant welcomed feedback on the draft standards – including on the technical feasibility exception.

“This feedback will assist eSafety to consider whether refinements are required before the standards are finalised,” the spokesperson said.

They pointed to the associated discussion paper which “clearly states that the standards do not require service providers to design systematic vulnerabilities or weaknesses into encrypted services”.

Five other industry safety codes come into effect on Saturday covering social media, internet service providers, equipment providers, hosting services and apps.

“Having mandatory and enforceable codes in place, which put the onus back on industry to take meaningful action against the worst-of-the-worst content appearing on their products and services, is a tremendously important online safety milestone,” Inman Grant said.

Feedback on the draft standards is open until 21 December.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.