TED | Andy Yen: Think your email’s private? Think again.

Posted on March 5, 2015


0:12 Twenty-five years ago, scientists at CERN created the World Wide Web. Since then, the Internet has transformed the way we communicate, the way we do business, and even the way we live. In many ways, the ideas that gave birth to Google, Facebook, Twitter, and so many others, have now really transformed our lives, and this has brought us many real benefits such as a more connected society. However, there are also some downsides to this. Today, the average person has an astounding amount of personal information online, and we add to this online information every single time we post on Facebook, each time we search on Google, and each time we send an email.

0:55 Now, many of us probably think, well, one email, there’s nothing in there, right? But if you consider a year’s worth of emails, or maybe even a lifetime of email, collectively, this tells a lot. It tells where we have been, who we have met, and in many ways, even what we’re thinking about. And the more scary part about this is our data now lasts forever, so your data can and will outlive you. What has happened is that we’ve largely lost control over our data and also our privacy.

1:28 So this year, as the web turns 25, it’s very important for us to take a moment and think about the implications of this. We have to really think. We’ve lost privacy, yes, but actually what we’ve also lost is the idea of privacy itself. If you think about it, most of us here today probably remember what life was like before the Internet, but today, there’s a new generation that is being taught from a very young age to share everything online, and this is a generation that is not going to remember when data was private. So we keep going down this road, 20 years from now, the word ‘privacy’ is going to have a completely different meaning from what it means to you and I.

2:09 So, it’s time for us to take a moment and think, is there anything we can do about this? And I believe there is.

2:17 Let’s take a look at one of the most widely used forms of communication in the world today: email. Before the invention of email, we largely communicated using letters, and the process was quite simple. You would first start by writing your message on a piece of paper, then you would place it into a sealed envelope, and from there, you would go ahead and send it after you put a stamp and address on it. Unfortunately, today, when we actually send an email, we’re not sending a letter. What you are sending, in many ways, is actually a postcard, and it’s a postcard in the sense that everybody that sees it from the time it leaves your computer to when it gets to the recipient can actually read the entire contents.

2:56 So, the solution to this has been known for some time, and there’s many attempts to do it. The most basic solution is to use encryption, and the idea is quite simple. First, you encrypt the connection between your computer and the email server. Then, you also encrypt the data as it sits on the server itself. But there’s a problem with this, and that is, the email servers also hold the encryption keys, so now you have a really big lock with a key placed right next to it. But not only that, any government could lawfully ask for and get the key to your data, and this is all without you being aware of it.

3:32 So the way we fix this problem is actually relatively easy, in principle: You give everybody their own keys, and then you make sure the server doesn’t actually have the keys. This seems like common sense, right? So the question that comes up is, why hasn’t this been done yet?

3:49 Well, if we really think about it, we see that the business model of the Internet today really isn’t compatible with privacy. Just take a look at some of the biggest names on the web, and you see that advertising plays a huge role. In fact, this year alone, advertising is 137 billion dollars, and to optimize the ads that are shown to us, companies have to know everything about us. They need to know where we live, how old we are, what we like, what we don’t like, and anything else they can get their hands on. And if you think about it, the best way to get this information is really just to invade our privacy. So these companies aren’t going to give us our privacy. If we want to have privacy online, what we have to do is we’ve got to go out and get it ourselves.


4:33 For many years, when it came to email, the only solution was something known as PGP, which was quite complicated and only accessible to the tech-savvy. Here’s a diagram that basically shows the process for encrypting and decrypting messages. So needless to say, this is not a solution for everybody, and this actually is part of the problem, because if you think about communication, by definition, it involves having someone to communicate with. So while PGP does a great job of what it’s designed to do, for the people out there who can’t understand how to use it, the option to communicate privately simply does not exist. And this is a problem that we need to solve. So if we want to have privacy online, the only way we can succeed is if we get the whole world on board, and this is only possible if we bring down the barrier to entry. I think this is actually the key challenge that lies in the tech community. What we really have to do is work and make privacy more accessible.

5:28 So last summer, when the Edward Snowden story came out, several colleagues and I decided to see if we could make this happen. At that time, we were working at the European Organization for Nuclear Research at the world’s largest particle collider, which collides protons, by the way. We were all scientists, so we used our scientific creativity and came up with a very creative name for our project: ProtonMail. (Laughter) Many startups these days actually begin in people’s garages or people’s basements. We were a bit different. We started out at the CERN cafeteria, which actually is great, because look, you have all the food and water you could ever want. But even better than this is that every day between 12 p.m. and 2 p.m., free of charge, the CERN cafeteria comes with several thousand scientists and engineers, and these guys basically know the answers to everything. So it was in this environment that we began working. What we actually want to do is we want to take your email and turn it into something that looks more like this, but more importantly, we want to do it in a way that you can’t even tell that it’s happened. So to do this, we actually need a combination of technology and also design.

6:37 So how do we go about doing something like this? Well, it’s probably a good idea not to put the keys on the server. So what we do is we generate encryption keys on your computer, and we don’t generate a single key, but actually a pair of keys, so there’s an RSA private key and an RSA public key, and these keys are mathematically connected.

6:59 So let’s have a look and see how this works when multiple people communicate. So here we have Bob and Alice, who want to communicate privately. So the key challenge is to take Bob’s message and to get it to Alice in such a way that the server cannot read that message. So what we have to do is we have to encrypt it before it even leaves Bob’s computer, and one of the tricks is, we encrypt it using the public key from Alice. Now this encrypted data is sent through the server to Alice, and because the message was encrypted using Alice’s public key, the only key that can now decrypt it is a private key that belongs to Alice, and it turns out Alice is the only person that actually has this key. So we’ve now accomplished the objective, which is to get the message from Bob to Alice without the server being able to read what’s going on.

Bob & Alice

7:51 Actually, what I’ve shown here is a highly simplified picture. The reality is much more complex and it requires a lot of software that looks a bit like this. And that’s actually the key design challenge: How do we take all this complexity, all this software, and implement it in a way that the user cannot see it. I think with ProtonMail, we have gotten pretty close to doing this.

8:13 So let’s see how it works in practice. Here, we’ve got Bob and Alice again, who also want to communicate securely. They simply create accounts on ProtonMail, which is quite simple and takes a few moments, and all the key encryption and generation is happening automatically in the background as Bob is creating his account. Once his account is created, he just clicks “compose,” and now he can write his email like he does today. So he fills in his information, and then after that, all he has to do is click “send,” and just like that, without understanding cryptography, and without doing anything different from how he writes email today, Bob has just sent an encrypted message.

8:52 What we have here is really just the first step, but it shows that with improving technology, privacy doesn’t have to be difficult, it doesn’t have to be disruptive. If we change the goal from maximizing ad revenue to protecting data, we can actually make it accessible. Now, I know a question on everybody’s minds is, okay, protecting privacy, this is a great goal, but can you actually do this without the tons of money that advertisements give you? And I think the answer is actually yes, because today, we’ve reached a point where people around the world really understand how important privacy is, and when you have that, anything is possible. Earlier this year, ProtonMail actually had so many users that we ran out of resources, and when this happened, our community of users got together and donated half a million dollars. So this is just an example of what can happen when you bring the community together towards a common goal. We can also leverage the world. Right now, we have a quarter of a million people that have signed up for ProtonMail, and these people come from everywhere, and this really shows that privacy is not just an American or a European issue, it’s a global issue that impacts all of us. It’s something that we really have to pay attention to going forward.

10:04 So what do we have to do to solve this problem? Well, first of all, we need to support a different business model for the Internet, one that does not rely entirely on advertisements for revenue and for growth. We actually need to build a new Internet where our privacy and our ability to control our data is first and foremost. But even more importantly, we have to build an Internet where privacy is no longer just an option but is also the default.

10:34 We have done the first step with ProtonMail, but this is really just the first step in a very, very long journey. The good news I can share with you guys today, the exciting news, is that we’re not traveling alone. The movement to protect people’s privacy and freedom online is really gaining momentum, and today, there are dozens of projects from all around the world who are working together to improve our privacy. These projects protect things from our chat to voice communications, also our file storage, our online search, our online browsing, and many other things. And these projects are not backed by billions of dollars in advertising, but they’ve found support really from the people, from private individuals like you and I from all over the world.

11:16 This really matters, because ultimately, privacy depends on each and every one of us, and we have to protect it now because our online data is more than just a collection of ones and zeros. It’s actually a lot more than that. It’s our lives, our personal stories, our friends, our families, and in many ways, also our hopes and our aspirations. We need to spend time now to really protect our right to share this only with people that we want to share this with, because without this, we simply can’t have a free society. So now’s the time for us to collectively stand up and say, yes, we do want to live in a world with online privacy, and yes, we can work together to turn this vision into a reality.

11:58 Thank you.

Posted in: Technology, TED