[LINK] Proton Mail founder vows to fight Australia’s eSafety regulator in court rather than spy on users
Kim Holburn
kim at holburn.net
Fri Dec 15 17:36:49 AEDT 2023
https://www.theguardian.com/australia-news/2023/dec/15/proton-mail-founder-vows-to-fight-australias-esafety-regulator-in-court-rather-than-spy-on-users
Andy Yen says draft safety standards ‘would force online services … to access, collect and read users’ private conversations’
Josh Taylor
@joshgnosis
Fri 15 Dec 2023 13.33 AEDT
Last modified on Fri 15 Dec 2023 13.35 AEDT
The founder of encrypted email service Proton has said the company would fight the Australian online safety regulator in court if
forced to weaken encryption under proposed standards.
The eSafety commissioner, Julie Inman Grant, has proposed cloud and messaging service providers should detect and remove known child
abuse material and pro-terror material “where technically feasible” – as well as disrupt and deter new material of that nature.
The eSafety regulator has stressed in an associated discussion paper it “does not advocate building in weaknesses or back doors to
undermine privacy and security on end-to-end encrypted services”.
But privacy and security groups argue the draft standards, as written, could allow the eSafety commissioner to force companies to
compromise encryption to comply.
Switzerland-based Proton is one of 350 signatories – including Mozilla and Tor Project – to an open letter to Inman Grant raising
concerns about the proposal and urging “against creating standards that would force encrypted services to implement such scanning
measures as they would create an unreasonable and disproportionate risk of harm to individuals and communities”.
Andy Yen, the founder and chief executive of Proton, told Guardian Australia the proposed standards “would force online services, no
matter whether they are end-to-end encrypted or not, to access, collect, and read their users’ private conversations”.
“These proposals could not only force companies to bypass their own encryption, but could put businesses and citizens at risk while
doing little to protect people from the online harms they are intended to address,” he said.
He said having the standards apply only “where technically feasible” wouldn’t provide legal safeguards for encryption. Yen said if
the draft standards weren’t changed before being introduced, Proton would fight them.
“We didn’t change our product or break encryption in Iran, or in Russia, and we won’t in Australia either,” he said. “However we
have no intention of leaving Australia. Should we receive an enforcement notice to break end-to-end encryption we would be prepared
to fight it in the courts.”
A spokesperson for the eSafety commissioner said Inman Grant welcomed feedback on the draft standards – including on the technical
feasibility exception.
“This feedback will assist eSafety to consider whether refinements are required before the standards are finalised,” the
spokesperson said.
They pointed to the associated discussion paper which “clearly states that the standards do not require service providers to design
systematic vulnerabilities or weaknesses into encrypted services”.
Five other industry safety codes come into effect on Saturday covering social media, internet service providers, equipment
providers, hosting services and apps.
“Having mandatory and enforceable codes in place, which put the onus back on industry to take meaningful action against the
worst-of-the-worst content appearing on their products and services, is a tremendously important online safety milestone,” Inman
Grant said.
Feedback on the draft standards is open until 21 December.
--
Kim Holburn
IT Network & Security Consultant
+61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list