ProtonMail Founder to Challenge Australia’s eSafety in Court
2 min read
Andy Yen claims safety standards would compel access, collection, and reading of private conversations on online services
Proton’s founder declares a legal battle against Australia’s eSafety regulator if encryption is weakened under proposed standards. Julie Inman Grant, the eSafety commissioner, suggests providers should detect and remove harmful content, emphasizing no support for undermining privacy and security. Privacy groups argue the standards, as drafted, might enable compromising encryption to comply.
Proton, based in Switzerland, is one of 350 signatories, alongside Mozilla and the Tor Project, opposing the proposal in an open letter to Inman Grant. The letter expresses concerns about creating standards that compel encrypted services to implement scanning measures, deeming it an unreasonable and disproportionate risk. Andy Yen, Proton’s founder and CEO, stated the proposed standards would mandate online services, regardless of encryption, to access, collect, and read users’ private conversations.
These suggestions might not only compel companies to circumvent their encryption but could also jeopardize businesses and citizens, offering minimal protection against the intended online harms. Yen emphasized that limiting the standards to cases “where technically feasible” lacks legal safeguards for encryption. He added that if the draft standards remain unchanged upon introduction, Proton would challenge them.
“We maintained our product and upheld encryption integrity in Iran and Russia, and we’ll do the same in Australia,” he asserted. “Although we have no plans to exit Australia, if served with an enforcement notice to compromise end-to-end encryption, we are ready to contest it in court.”
A spokesperson for the eSafety commissioner mentioned that Inman Grant appreciates feedback on the draft standards, including input on the technical feasibility exception.
The feedback will aid eSafety in assessing whether adjustments are necessary before finalizing the standards,” the spokesperson stated. They referenced the associated discussion paper, emphasizing that the standards don’t mandate service providers to incorporate systematic vulnerabilities or weaknesses into encrypted services.
Five additional industry safety codes, encompassing social media, internet service providers, equipment providers, hosting services, and apps, will be enforced starting Saturday.
Establishing obligatory and enforceable codes that shift the responsibility onto the industry to effectively address the most harmful content on their products and services marks a highly significant milestone in online safety,” Inman Grant emphasized.
