It’s been a busy month on the privacy front.
For starters, word got out on August 5 that Russian hackers stole 1.2 billion user names and passwords across several kinds of websites. Then Facebook got into hot water — again — when it decided to force its risky Messenger app on unwilling users. Meanwhile, a U.S. senator warned that users of wearable fitness-tracking devices are unprotected by any privacy law, putting them at serious risk. And the European Union is poised to counter a U.S. court order demanding Microsoft hand over data stored inside its Irish servers.
Meanwhile, hackers and snoops gathered last week at their annual Black Hat conference in Las Vegas, plotting how to beat our best security efforts.
I was also a busy bee. I decided to start using a secure password-generation and management software, called Dashlane, which works across multiple devices. It was getting to the point where I had so many passwords to remember that it was seriously cutting into my productivity.
And I was at risk, because the natural tendency when you have a lot of passwords to remember is to re-use them on multiple sites. That’s a BAD idea.
But I also did something I’ve been doing every week for months now … checking to see whether I had been accepted by the world’s most secure email service, ProtonMail.
When Edward Snowden’s revelations broke last year, it sent shockwaves through CERN, a particle physics laboratory in Switzerland. A young MIT PhD student working there expressed concern, and soon 40 of the smartest physicists and computer programmers on the planet were pooling their knowledge to found ProtonMail, a Gmail-like email system which uses end-to-end encryption, making it impossible for outside parties to monitor messages sent back and forth.
These are the guys and gals who discovered the Higgs Boson. They are Einstein-level smart. Unlike all other encrypted email services, ProtonMail separates the encrypted message from its encryption key. All the encryption takes place on your computer and the receiver’s computer. Neither message nor key are stored on ProtonMail’s servers, so there’s no way for government to get their hands on them, even with a court order.
But that still wasn’t secure enough for this group. ProtonMail decided to go the extra mile to ensure absolute security. They placed all their servers in Switzerland, which has some of the world’s toughest privacy laws. That’s why I’m on a waiting list — demand for ProtonMail is so high that there aren’t enough available servers in Switzerland to accommodate it. But the group is currently raising money to build more.
ProtonMail’s founders clearly understand that security and privacy is about more than encryption — the decision to base their service in Switzerland demonstrates that they get the politics part, too.
But politics has a way of resisting evasion.The Government’s Fight Against Your Right to Privacy
In June, PayPal — the same U.S. money-transfer company that blocked contributions to Julian Assange’s WikiLeaks at the U.S. government’s behest — froze ProtonMail’s funds and blocked all further contributions, without notice or explanation. All this after ProtonMail had launched a two-week “crowdfunding” campaign with a set a target of $100,000, collecting more than $300,000 in a few hours.
Why would PayPal do such a thing? Andy Chen, the MIT PhD student who dreamed up ProtonMail, explained that, “When we pressed the PayPal representative on the phone for further details, he questioned whether ProtonMail is legal and if we have government approval to encrypt emails.”
That was a seriously stupid answer on PayPal’s part. It just reinforces the fact that American tech companies are increasingly an extension of the U.S. government, and so cannot be trusted with anyone’s business. Because it’s a voluntary step by PayPal, it’s much worse than a federal court’s order that Microsoft unwillingly turn over the contents of its Irish servers.
This isn’t the first time PayPal has closed an account out of deference to government. Regulations by the U.S. Department of Treasury’s FinCEN unit require financial organizations to monitor accounts for illegal activity, in essence deputizing private companies to act as monitors. These regulations tend to cause companies such as PayPal to freeze perfectly legal accounts in overzealous lock-downs like the ProtonMail fiasco.Come Together
ProtonMail’s experience ties together a number of strands we’ve written about a lot recently. In my Offshore Confidential report this month, I discussed the great opportunity presented by the iAccount, an Internet-based eWallet service, precisely because it’s based in China, where the U.S. government can’t snoop or confiscate funds.
Last week, my colleague Chad Shoop wrote about the great investment opportunities presented by the rush to create and market secure communications technology like ProtonMail. And as I write, I’m working on another major report on steps you can take to secure your privacy.
The common element in all of these topics is this: you cannot trust the U.S. government or the U.S. private sector to protect your privacy against the growing threat. You need to look elsewhere — and we’re committed to showing you exactly where.
Kind regards,
Ted Baumann
Offshore and Asset Protection Editor