Proton Mail Joins Tech Companies in Opposition to Australia’s Proposed Online Safety Regulation
Secure email service provider Proton Mail has raised concerns about Australia’s proposed “online safety” regulation, stating that it could force companies to compromise encryption and expose user data to governments and potential criminal syndicates. Proton Mail offers end-to-end encrypted email, virtual private network (VPN), and online data and password storage services, prioritizing privacy by default.
Threats to User Privacy
Andy Yen, founder and CEO of Proton, warns that the proposed standards would require online services, regardless of whether they are end-to-end encrypted or not, to access, collect, and read their users’ private conversations. Yen argues that these measures not only pose a risk to encryption but also endanger businesses and citizens without effectively protecting them from online harms.
Australia’s Draft Standard
The draft standard released by Australia’s eSafety Commissioner Julie Inman Grant applies to various services, including email, instant messaging, SMS, MMS, chat platforms, online gaming, and dating services. The standard covers all online services accessible to Australians, even if there are no visitors to the platforms.
Encryption Dilemma
While Inman Grant claims that providers will not need to breach encryption to comply with the standard, the Global Encryption Coalition argues that it would be impossible to do so without compromising encryption. Proton is the first provider to openly declare its defiance of the standard if implemented, emphasizing its commitment to not breaking end-to-end encryption.
Protecting Privacy and Cybersecurity
Proton urges Commissioner Inman Grant to safeguard end-to-end encryption in the eSafety proposals, emphasizing that undermining cybersecurity and encryption in the name of online safety would leave everyone except criminals more vulnerable. Proton, based in Switzerland, asserts that it is subject only to Swiss law, raising questions about the enforceability of cross-border regulations on entities without a presence in the imposing country.
Industry Response
While other tech companies have expressed concerns about the proposed regulation, many are taking steps to strengthen encryption. Telegram, with a user base of 200 million people, was the first mass-market messaging service to adopt end-to-end encryption. Meta, the parent company of WhatsApp and Facebook, has also pledged to prioritize encryption and secure data storage across its platforms.
Facebook Messenger, used by over a billion people, has introduced end-to-end encryption, and online storage services like iCloud and Google Cloud now offer encrypted storage options.
As the debate continues, the balance between online safety and user privacy remains a key challenge for governments and tech companies worldwide.
