Monday, 21 November 2016

Protect privacy starting with email

 Small Business Solutions, Email Security
Encrypted Email Signups Skyrocketed After Trump Victory.
Donald Trump said US has to get better when it comes to “the cyber,” and it’s clear that many Americans are taking that advice to heart. They’re signing up for secure, encrypted email accounts like never before. ProtonMail is one of the providers of free and low-cost tools that anyone can use to boost their digital privacy.

ProtonMail's scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. This is why they created ProtonMail, an easy to use secure email service with built-in end-to-end encryption and state of the art security features. The goal is to build an internet that respects privacy and is secure against cyberattacks.

They are committed to developing and widely distributing the tools necessary to protect your data online. The team combines deep mathematical and technical knowledge from the world's top research institutions with expertise in building easy to use user interfaces. Together, they are building the encrypted communication technologies of the future.


End-to-End Encryption

Messages are encrypted at all times

Messages are stored on ProtonMail (PM) servers in encrypted format. They are also transmitted in encrypted format between PM servers and user devices. Messages between PM users are also transmitted in encrypted form within PM secure server network. Because data is encrypted at all steps, the risk of message interception is largely eliminated.


Zero Access to User Data

Your encrypted data is not accessible to ProtonMail

ProtonMail’s segregated authentication and decryption system means logging into a ProtonMail private email account requires two passwords. The first password is used to verify the identity of the user. After that, encrypted data can be retrieved. The second password is a decryption password which is never sent to ProtonMail. It is used to decrypt data on your device so PM do not have access to the decrypted data, or the decryption password. This means PM cannot hand over your data to third parties. For this reason, PM are also unable to do decryption password recovery. If you forget your decryption password, PM cannot recover your data.


Open Source Cryptography

Time-tested and trusted encryption algorithms

PM use only secure implementations of AES, RSA, along with OpenPGP. Furthermore, all of the cryptographic libraries PM use are open source. By using open source libraries, PM can guarantee that the encryption algorithms PM are using do not have clandestinely built in back doors. ProtonMail's open source software has been thoroughly vetted by security experts from around the world to ensure the highest levels of protection.


Why Switzerland?

A question often get asked is, Why is ProtonMail based in Switzerland and are there any real advantages?
PM believes there are. The first thing that comes to mind is that Switzerland is outside of US and EU jurisdiction. Unless you host your servers on a boat in international waters, you will need to be under some legal jurisdiction and in the post-Lavabit environment, this choice is particularly important. A common misconception is that the EU offers more legal protection than the US, but many of the same surveillance directives that exist in US law also have EU counterparts, in particular, German law may actually offer less legal protection than American law.

Switzerland however, is NOT part of the EU, and Switzerland applies a very different set of privacy laws. In the US and EU, gag orders can be issued to prevent an individual from knowing they are being investigated or under surveillance. While these type of orders also exist in Switzerland, the prosecutors have an obligation to notify the target of surveillance as soon as possible, and the target has an opportunity to appeal in court. There are no such things as National Security Letters and all surveillance requests MUST go through the courts (this is not the case in Germany). Furthermore, while Switzerland is party to international assistance treaties, such requests for information must hold up under Swiss law which has much stricter privacy provisions.

Nearly every country in the world has laws governing lawful interception of electronic communications. In Switzerland, these regulations are set out in the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT) last revised in 2012. In the SPTT, the obligation to provide the technical means for lawful interception is imposed only on Internet access providers, so ProtonMail, as a mere Internet application provider, is completely exempt from the SPTT’s scope of application. This means that under Swiss law, ProtonMail cannot be compelled to backdoor PM secure email system. As a Swiss company, ProtonMail also cannot be compelled to engage in bulk surveillance on behalf of US intelligence agencies.

This combination of factors means that a Lavabit like situation cannot occur with ProtonMail. However, ProtonMail has taken the Lavabit concept one step further and actually does not even possess the keys required to decrypt user data. As a result, even if ProtonMail was forced to turn over all PM computer systems, email contents will continue to be encrypted.

PM believe that comprehensive security can only be achieved through a combination of technology and legal protections and Switzerland provides the optimal combination of both. By coupling Switzerland advanced IT infrastructure with its unique legal environment, ProtonMail can deliver a service that is both reliable and secure.

For more information about internet surveillance in Switzerland and requests for information made to ProtonMail, please view PM Transparency Report.

No comments:

Post a Comment