Proton Mail CEO: An online security law that doesn’t protect encryption is a paradox

In 1763, William Pitt the Elder appeared in Parliament and explained why privacy is a vital right enjoyed by all, saying: “The poorest man can defy all the forces of the crown in his hut.” It may be fragile – its roof may shake – the wind may blow through it – the storm may come in – the rain may come in – but the King of England cannot enter!”

Some 260 years later, the same Parliament is likely to pass the Online Safety Bill (OSB), destroying the rights that Pitt so passionately defended. The bill, which received its final reading in the House of Lords this week, gives the government the power to force companies to monitor anyone’s private conversations despite widespread condemnation.

Criticism came from all sides. The UN said laws like the OSB had “a significant chilling effect on freedom of expression and association” and Meta said it “There is a risk that people’s private messages will be constantly monitored and censored.”

To the government’s credit, a spokesman admitted this week that Ofcom cannot require scanning unless there is technology in place to allow companies to scan messages without breaking end-to-end encryption. Another spokesman said Ofcom could only require companies to use “technically feasible” means to scan end-to-end encrypted messages. However, this leaves it up to Ofcom to define “technically feasible” and does not provide any legal protections for encryption in the bill itself.

Unfortunately, you cannot scan encrypted messages and maintain encryption. End-to-end encryption either protects everything or nothing. There is no way for the government to scan an end-to-end encrypted message without destroying it and putting everyone else at risk of hacks and surveillance.

Instead of balancing citizens’ right to privacy with tackling online harm, this bill has the power to destroy end-to-end encryption and the government is asking people to trust it won’t use it. This is a serious mistake. Unless there are strong legal protections for encryption, it gives any future government the opportunity to undermine it.

There are many pragmatic reasons why undermining encryption would be disastrous. First, it ensures that no one is eavesdropping on your messages or spying on the files you share. Security has taken on new importance as cyber warfare has become the daily norm (see Russia and Ukraine). If it is undermined, cyberattacks and data breaches will only become more common. Additionally, numerous studies have shown that public opinion is firmly behind improving online privacy.

Finally, there is also a risk that London’s reputation as the technology capital of Europe will be jeopardized. Despite government promises to wait for “technically feasible” solutions, the OSB undermines the legal protections that businesses need. Meta and Apple have already threatened to exit. Why should future start-ups and entrepreneurs choose London over Paris, Munich or Zurich?

Some say that breaking end-to-end encryption is necessary to combat abusive content, but history is full of appeals to security, eliminating people’s rights, and that goes back to the time of Pitt . He said: “Necessity is the pretext for every violation of human freedom. It is the argument of tyrants.”

That is why the principle of privacy is of crucial importance. With the OSB, the government can access, collect and read anyone’s private conversations at any time. Nobody would tolerate this in the physical world. But the OSB will make this possible in the digital realm. Britain rightly condemns Russia, China or Iran when they monitor their populations, but it gives itself the power to do exactly the same.

At Proton, we have made enormous efforts to ensure that people living under authoritarian governments have access to the privacy and freedoms we enjoy in established liberal democracies. This is made possible by end-to-end encryption. It is worrying that the British government wants to give up the rights that people in Russia, Iran and elsewhere so desperately want.

Unfortunately, the opportunity for elected officials to codify the OSB into the law has been lost, and its implementation now falls to unelected regulators. What can I say that Ofcom will not try to crack end-to-end encryption as Parliament has authorized it to do? More unelected officials would then decide the legality of his actions in court. This is a dereliction of duty by Parliament, a failure of the democratic process and an attack on the rights of British citizens.

The Internet of the future should be one that protects privacy. We believe that everyone, including your family, your neighbors, your friends, journalists, human rights activists and MPs themselves, has the right to communicate without being spied on. However, this future cannot be taken for granted. We must remain vigilant to ensure Ofcom does not fire the loaded pistol that Parliament gave it. The future of the internet – and of privacy – depends on it.

Andy Yen is the founder and CEO of Proton, the company behind end-to-end encrypted email, cloud storage and VPN services