Proton boss: UK banks won’t function if encryption disappears
The issue of encryption has become a pressing conundrum for both tech companies and lawmakers involved in the UK’s Online Safety Bill in recent months.
Now at least they agree that there is currently no viable technology to access messages without compromising user privacy.
Encryption is a crucial way of turning messages into an unreadable format to ensure that only the intended recipient can read them.
Andy Yen, the founder and chief executive of Proton, an encrypted mail service, emphasised the critical nature of encryption.
“Even if you create an island of non-encryption, I’m not sure that’s the island you want to be on, because it’s much less secure and much less private,” he said, speaking to City A.M.
He pointed out the immense technical challenges involved in outlawing encryption on a global scale.
“You can comply with legislation but you may still be in breach of company policy or specific regulations,” said Yen.
Take, for example, a multinational bank that requires end-to-end encryption for all customer data.
“The UK office [of such a bank] wouldn’t be able to function unless using existing encryption messaging applications,” he explained.
Tech companies, including Whatsapp, Signal and Proton, have openly stated their intent to leave the UK rather than follow the encryption regulations proposed by the Online Safety Bill (OSB).
“It’s not a bluff,” said Yen, who firmly believes there are greater societal concerns at stake.
While preserving encryption may allow some criminal activity, Yen argues that the alternative – “full surveillance” – is far less desirable.
Drawing parallels, Yen recounted an encounter with Russia’s Roskomnadzor, a counterpart to Ofcom, which approached Proton years ago with demands that had “chilling similarities” to the OSB.
“We of course could not bring ourselves to comply with this law and breach the fundamental trust of our users.”
A government spokesperson said: “Our stance on tackling child sexual abuse online remains firm, and we have always been clear that the Bill takes a measured, evidence-based approach to doing so.
“As has always been the case, as a last resort, on a case-by-case basis and only when stringent privacy safeguards have been met, it will enable Ofcom to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content – which we know can be developed.”