With U.S. crypto war raging, Swiss company opens secure email service to the public

The U.S. government’s war on strong encryption is adding a new twist to an old tech fairy tale.

Here’s how the story goes: An important new tech startup backed by millions in crowdfunding and private investment launches a slick new mobile app, opens to the public, and generates tons of media buzz.

But the increasingly common twist in this kind of story is that it’s happening outside the United States. The latest proof is the Edward Snowden-inspired encrypted email service ProtonMail, which on Thursday debuted mobile apps and began allowing anyone to register.

The founder of the company, which is based in Switzerland, said it would not have been the same if the company were located in America.

“If you’re based in the U.S., you can get harassed by the FBI and NSA,” Dr. Andy Yen, ProtonMail’s co-founder and CEO, told the Daily Dot. “Kind of like Apple is going through right now. In Switzerland, there is a longer tradition of privacy.”

A Swiss operation is beyond the reach of the U.S. government, which since the Sept. 11, 2001 terrorist attacks has ramped up not just its dragnet surveillance operation but also the demands it makes of private companies.

The Justice Department has demanded that Apple write entirely new code allowing it to access the iPhone of one of the San Bernardino shooters, and the precedent may extend to hundreds of other cases.

In addition to Apple, Yen pointed to the now-defunct email service Lavabit. Edward Snowden used Lavabit, and he company, which was based in the U.S., famously shut down in 2013 rather than accede to the Obama administration’s demand for broad access to its user data.

ProtonMail is far from alone. Tutanota, another popular secure email service, is based in Germany. It’s becoming increasingly common for people who want to offer strong privacy protections to design such apps beyond America’s legal reach.

“Actually, until very recently the U.S.A. was the ideal place to start a
privacy-enhancing service or technology,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology. “Our notions of free speech and the pro-innovator nature of our market tended to lay the groundwork for things like PGP.”

PGP, shorthand for Pretty Good Privacy, is a data-encryption algorithm invented in 1991 in the United States. But its creator, Phil Zimmerman, moved overseas to start a new privacy-centric tech business called Silent Circle. Zimmerman’s new home base: Switzerland, just like ProtonMail.

“In Switzerland, there is a longer tradition of privacy,” Yen explained. “This is something that has been enshrined in their culture for the last 100 years.”

Yen pointed to the Swiss system of direct democracy to bolster his argument. When the country’s legislators passed a bill expanding government surveillance powers last year following terrorist attacks in Paris, powerful opposition from tech and privacy groups—including ProtonMail—led the government to organize a nationwide referendum on it in June. Yen expects that vote to defeat the bill.

“It does seem clear that the U.S. government is increasingly hostile toward privacy-enhancing technologies,” Hall said, “and unfortunately the case only gets worse around the world, even in modern representative democracies such as the U.K. and France.”

The rise of ubiquitous unbreakable encryption has cast a spotlight on fights like the one between Apple and the Justice Department, in which the government is trying to compel a private company to jeopardize its reputation for national-security reasons.

“Here in Europe,” Yen said, “people don’t trust American companies.”

The outcome of the case will help shape the limits of the government’s power to force companies to act contrary to their own interests. 

“This is why people are watching the Apple case so closely,” said Nicholas Weaver, a computer scientist at the University of California, Berkeley. “If Apple loses, you can’t build a secure service in the U.S.—period, full stop.”

Photo by Matt Sharpe / Flickr (CC by 2.0) | Remix by Max Fleishman

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.