The One Email System the NSA Can’t Access

By Ted Baumann, Offshore and Asset Protection Editor, The Sovereign Investor.

It’s been a busy month on the privacy front.

For starters, word got out on August 5 that Russian hackers stole 1.2 billion user names and passwords across several kinds of websites. Then Facebook got into hot water — again — when it decided to force its risky Messenger app on unwilling users. Meanwhile, a U.S. senator warned that users of wearable fitness-tracking devices are unprotected by any privacy law, putting them at serious risk. And the European Union is poised to counter a U.S. court order demanding Microsoft hand over data stored inside its Irish servers.

Meanwhile, hackers and snoops gathered last week at their annual Black Hat conference in Las Vegas, plotting how to beat our best security efforts.

I was also a busy bee. I decided to start using a secure password-generation and management software, called Dashlane, which works across multiple devices. It was getting to the point where I had so many passwords to remember that it was seriously cutting into my productivity.

And I was at risk, because the natural tendency when you have a lot of passwords to remember is to re-use them on multiple sites. That’s a BAD idea.

But I also did something I’ve been doing every week for months now … checking to see whether I had been accepted by the world’s most secure email service, ProtonMail.

When Edward Snowden’s revelations broke last year, it sent shockwaves through CERN, a particle physics laboratory in Switzerland. A young MIT PhD student working there expressed concern, and soon 40 of the smartest physicists and computer programmers on the planet were pooling their knowledge to found ProtonMail, a Gmail-like email system which uses end-to-end encryption, making it impossible for outside parties to monitor messages sent back and forth.

These are the guys and gals who discovered the Higgs Boson. They are Einstein-level smart. Unlike all other encrypted email services, ProtonMail separates the encrypted message from its encryption key. All the encryption takes place on your computer and the receiver’s computer. Neither message nor key are stored on ProtonMail’s servers, so there’s no way for government to get their hands on them, even with a court order.

But that still wasn’t secure enough for this group. ProtonMail decided to go the extra mile to ensure absolute security. They placed all their servers in Switzerland, which has some of the world’s toughest privacy laws. That’s why I’m on a waiting list — demand for ProtonMail is so high that there aren’t enough available servers in Switzerland to accommodate it. But the group is currently raising money to build more.

ProtonMail’s founders clearly understand that security and privacy is about more than encryption — the decision to base their service in Switzerland demonstrates that they get the politics part, too.

The Government’s Fight Against Your Right to Privacy

In June, PayPal — the same U.S. money-transfer company that blocked contributions to Julian Assange’s WikiLeaks at the U.S. government’s behest — froze ProtonMail’s funds and blocked all further contributions, without notice or explanation. All this after ProtonMail had launched a two-week “crowdfunding” campaign with a set a target of $100,000, collecting more than $300,000 in a few hours.

Why would PayPal do such a thing? Andy Chen, the MIT PhD student who dreamed up ProtonMail, explained that, “When we pressed the PayPal representative on the phone for further details, he questioned whether ProtonMail is legal and if we have government approval to encrypt emails.”

That was a seriously stupid answer on PayPal’s part. It just reinforces the fact that American tech companies are increasingly an extension of the U.S. government, and so cannot be trusted with anyone’s business. Because it’s a voluntary step by PayPal, it’s much worse than a federal court’s order that Microsoft unwillingly turn over the contents of its Irish servers.

This isn’t the first time PayPal has closed an account out of deference to government. Regulations by the U.S. Department of Treasury’s FinCEN unit require financial organizations to monitor accounts for illegal activity, in essence deputizing private companies to act as monitors. These regulations tend to cause companies such as PayPal to freeze perfectly legal accounts in overzealous lock-downs like the ProtonMail fiasco.

Come Together

ProtonMail’s experience ties together a number of strands we’ve written about a lot recently. In my Offshore Confidential report this month, I discussed the great opportunity presented by the iAccount, an Internet-based eWallet service, precisely because it’s based in China, where the U.S. government can’t snoop or confiscate funds.

Last week, my colleague Chad Shoop wrote about the great investment opportunities presented by the rush to create and market secure communications technology like ProtonMail. And as I write, I’m working on another major report on steps you can take to secure your privacy.

The common element in all of these topics is this: you cannot trust the U.S. government or the U.S. private sector to protect your privacy against the growing threat. You need to look elsewhere — and we’re committed to showing you exactly where. By Ted Baumann, Offshore and Asset Protection Editor, The Sovereign Investor.

Our spoiled American tech heroes yearn to get those big-fat contracts with the US Intelligence Community. But it seems IBM is far better at financial engineering than actual engineering. Read….Cloud Wars: Now Even the CIA Slams IBM’s Technology

Enjoy reading WOLF STREET and want to support it? Using ad blockers – I totally get why – but want to support the site? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:

Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.

  5 comments for “The One Email System the NSA Can’t Access

  1. Michael Gorback says:

    “it’s based in China, where the U.S. government can’t snoop or confiscate funds.”

    Oh yeah, I’d feel sooooo much better having my money in China. What could possibly go wrong?

    • Wolf Richter says:

      But, but, but…. the US government can’t snoop on them (presumably)! The assumption is that the Chinese government is busy hunting down its own corrupt former officials, while the USG is hunting down the people who’ve landed on its sinner list. That’s why so many of these corrupt former Chinese officials have landed in the US and Canada – because they feel safer here than in their own countries. It all depends on what you’re afraid of the most.

  2. RD Blakeslee says:

    Wouldn’t possession of a ProtonMail account be discoverable by, e.g., the NHS’ dragnet, and make the possessor a target for scrutiny by means other that email monitoring?

  3. Lyndon says:

    I have been following Protonmail for a few months and eventually decided to buy a Priority Access perk. The interface is still a bit green, lacking many of the functionalities needed in an e-mail client for daily usage. But it is start.

    Sunday evening I tried to access Protonmail and was greeted with a service down message, updates were given as the reason. Apparently, the service was down for more than 24 hours. When it finally come on-line again, late Monday, I was no longer able to log on; my username is no longer recognised. I have tried repeatedly to contact Protonmail about this, but so far without receiving a response. I seems I will be forced to demand my perk back from Indiegogo.

    In essence, yes, there are alternatives to NSA mail, it is just they are miles away in terms of maturity and reliability.


    • Wolf Richter says:

      Sounds like an underfunded, understaffed startup is trying to do something big, has a great idea, a great concept, and great minds, but lacks execution – and, well, customer service. It wouldn’t be the first outfit to suffer from it. So give it some time?

      The other options for their difficulties might be that certain governments don’t want it to function properly.

Comments are closed.