Proton Mail's Legal Battle for Privacy: Challenging Australia's eSafety Regulator

Proton Mail's Legal Battle for Privacy: Challenging Australia's eSafety Regulator
Photo by Joel Moysuh / Unsplash

Introduction

Proton, the Switzerland-based encrypted email service, has taken a firm stand against the Australian online safety regulator's proposed standards that could potentially weaken encryption. The company's founder, Andy Yen, has vowed to fight in court rather than compromise user privacy.

Take Action: Sign the joint letter in response to Australian eSafety proposed industry standards – Global Encryption Coalition
The Australian government is currently considering draft online safety standards that threaten to undermine the use of end-to-end encryption, putting security and privacy of Internet users at greater risk. The eSafety Commissioner has proposed two draft industry standards under the Online Safety Act. Both draft standards include a range of proactive detection obligations on digital […]

Background of the Issue

The eSafety commissioner of Australia, Julie Inman Grant, proposed standards requiring cloud and messaging service providers to detect and remove known child abuse and pro-terror material "where technically feasible." This includes disrupting and deterring the creation of new harmful content.

Proton Mail Joins Global Encryption Coalition to Challenge Australia’s eSafety Standards
Introduction Proton Mail, along with the Global Encryption Coalition, is taking a stand against the Australian government’s proposed online safety standards. These standards, under scrutiny for potentially undermining end-to-end encryption, have sparked a significant response from privacy advocates and tech companies worldwide. Proton will never break encryption for any gov’t.

Concerns Over Privacy and Encryption

Privacy and security groups, including Proton, argue that these draft standards could force companies to compromise encryption to comply. The eSafety regulator has stated that it does not advocate for weaknesses or back doors in encrypted services. However, the concern remains that the standards, as written, could lead to such outcomes.


Proton's Stance

Andy Yen, Proton's founder and CEO, expressed concerns that the proposed standards would require services, encrypted or not, to access, collect, and read users' private conversations. He emphasized that these measures could force companies to bypass their encryption, posing risks to businesses and citizens while being ineffective against online harms.


Legal Preparedness

Proton has a history of upholding its encryption standards in various countries, including Iran and Russia. Yen stated that Proton would not change its product or break encryption in Australia and is prepared to fight any enforcement notice in court.


eSafety Commissioner's Response

The eSafety commissioner welcomed feedback on the draft standards, including on the technical feasibility exception. The associated discussion paper clarifies that the standards do not require service providers to design systematic vulnerabilities into encrypted services.


Industry Safety Codes

Alongside this issue, five other industry safety codes covering social media, internet service providers, equipment providers, hosting services, and apps are set to come into effect. These codes aim to put the onus back on the industry to act against harmful content on their platforms.


Feedback and Finalization

Feedback on the draft standards is open until December 21, with the eSafety commissioner considering refinements before finalizing the standards.


Conclusion

Proton's legal challenge against Australia's eSafety regulator highlights a critical debate on balancing online safety with the right to privacy and secure communication. The outcome of this battle could have significant implications for tech companies and users globally, setting a precedent in the ongoing tension between privacy rights and regulatory efforts to combat online harms.

Read more