Andy Yen: I started my career in science, and I was a particle physicist at CERN (the European Organization for Nuclear Research) before getting involved in technology. CERN has had a long history with the web (in fact the World Wide Web was invented at CERN) and our work on ProtonMail and cybersecurity is really just a natural extension built upon those foundations. ProtonMail started as an online privacy project, but as privacy and security are just two sides of the same coin, this work soon also drew us into cybersecurity.
SD: What does ProtonMail do to keep end-users’ information secure?
AY: ProtonMail secures the contents of users’ emails in such a way that even we do not have the ability to access them. This is drastically different from most mainstream email services, which can and do read users’ emails. But we protect users’ information in other ways, too. For example, our use of open source code allows any developer to check and make sure our code is secure. The best way to protect information is to not collect it in the first place: we don’t require any personally identifying information to sign up for ProtonMail.
SD: What is the email encryption process?
AY: We use two main types of encryption for emails: end-to-end encryption and zero-access encryption. All emails between ProtonMail users are end-to-end encrypted. When you send an email to another ProtonMail account, the message is “locked” with the public key of the recipient so that only they can open it with their corresponding private key. (ProtonMail does not have access to users’ private keys.) We also use zero-access encryption to protect messages on our servers, which makes it impossible for us or any third party to read the messages in your ProtonMail inbox.
SD: What is the worst cyber threat today?
AY: I think it depends what we’re talking about. For countries and governments, they’re probably most worried about cyberattacks that disrupt infrastructure and put lives at risk. Businesses have to defend themselves against increasingly aggressive ransomware attacks and data breaches that compromise secrets and drain resources. For most individuals who don’t have special circumstances that put them at a unique risk, the biggest cyber threat is probably a low-level crime, like identity theft or fraud. But interestingly, most cyber attacks at any level tend to exploit individual human vulnerabilities, like accidentally falling for a phishing email. So using secure online services is beneficial for mitigating all kinds of cyber threats.
SD: How do you see cybersecurity developing in the next five years?
AY: ProtonMail is almost five years old, and in that time cybersecurity has only become more and more important for businesses and consumers. The need for more privacy and security online is entering the mainstream consciousness, and more tech companies are moving in that direction. However, most of the biggest companies have business models that aren’t compatible with using strong encryption. Fortunately, there are many companies like ProtonMail building innovative new products that meet the needs of this new online era.