[LINK] Proton Mail founder vows to fight Australia’s eSafety regulator in court rather than spy on users

Kim Holburn kim at holburn.net
Fri Dec 15 17:36:49 AEDT 2023


https://www.theguardian.com/australia-news/2023/dec/15/proton-mail-founder-vows-to-fight-australias-esafety-regulator-in-court-rather-than-spy-on-users


Andy Yen says draft safety standards ‘would force online services … to access, collect and read users’ private conversations’

Josh Taylor
@joshgnosis
Fri 15 Dec 2023 13.33 AEDT
Last modified on Fri 15 Dec 2023 13.35 AEDT

The founder of encrypted email service Proton has said the company would fight the Australian online safety regulator in court if 
forced to weaken encryption under proposed standards.

The eSafety commissioner, Julie Inman Grant, has proposed cloud and messaging service providers should detect and remove known child 
abuse material and pro-terror material “where technically feasible” – as well as disrupt and deter new material of that nature.

The eSafety regulator has stressed in an associated discussion paper it “does not advocate building in weaknesses or back doors to 
undermine privacy and security on end-to-end encrypted services”.

But privacy and security groups argue the draft standards, as written, could allow the eSafety commissioner to force companies to 
compromise encryption to comply.

Switzerland-based Proton is one of 350 signatories – including Mozilla and Tor Project – to an open letter to Inman Grant raising 
concerns about the proposal and urging “against creating standards that would force encrypted services to implement such scanning 
measures as they would create an unreasonable and disproportionate risk of harm to individuals and communities”.

Andy Yen, the founder and chief executive of Proton, told Guardian Australia the proposed standards “would force online services, no 
matter whether they are end-to-end encrypted or not, to access, collect, and read their users’ private conversations”.

“These proposals could not only force companies to bypass their own encryption, but could put businesses and citizens at risk while 
doing little to protect people from the online harms they are intended to address,” he said.

He said having the standards apply only “where technically feasible” wouldn’t provide legal safeguards for encryption. Yen said if 
the draft standards weren’t changed before being introduced, Proton would fight them.

“We didn’t change our product or break encryption in Iran, or in Russia, and we won’t in Australia either,” he said. “However we 
have no intention of leaving Australia. Should we receive an enforcement notice to break end-to-end encryption we would be prepared 
to fight it in the courts.”

A spokesperson for the eSafety commissioner said Inman Grant welcomed feedback on the draft standards – including on the technical 
feasibility exception.


“This feedback will assist eSafety to consider whether refinements are required before the standards are finalised,” the 
spokesperson said.

They pointed to the associated discussion paper which “clearly states that the standards do not require service providers to design 
systematic vulnerabilities or weaknesses into encrypted services”.

Five other industry safety codes come into effect on Saturday covering social media, internet service providers, equipment 
providers, hosting services and apps.

“Having mandatory and enforceable codes in place, which put the onus back on industry to take meaningful action against the 
worst-of-the-worst content appearing on their products and services, is a tremendously important online safety milestone,” Inman 
Grant said.

Feedback on the draft standards is open until 21 December.

-- 
Kim Holburn
IT Network & Security Consultant
+61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request




More information about the Link mailing list