TEDGlobal 2014
Andy Yen: Think your email's private? Think again
Filmed:
Readability: 4.1
1,778,432 views
Sending an email message is like sending a postcard, says scientist Andy Yen in this thought-provoking talk: Anyone can read it. Yet encryption, the technology that protects the privacy of email communication, does exist. It's just that until now it has been difficult to install and a hassle to use. Showing a demo of an email program he designed with colleagues at CERN, Yen argues that encryption can be made simple to the point of becoming the default option, providing true email privacy to all.
Andy Yen - Secure email developer
Andy Yen is building an encrypted email program that lets everyone benefit from private communication. Full bio
Andy Yen is building an encrypted email program that lets everyone benefit from private communication. Full bio
Double-click the English transcript below to play the video.
00:13
Twenty-five years ago, scientists at CERN
created the World Wide Web.
created the World Wide Web.
0
1066
5108
00:18
Since then, the Internet has transformed
the way we communicate,
the way we communicate,
1
6174
3909
00:22
the way we do business,
and even the way we live.
and even the way we live.
2
10083
3462
00:25
In many ways,
3
13545
2172
00:27
the ideas that gave birth to Google,
Facebook, Twitter, and so many others,
Facebook, Twitter, and so many others,
4
15717
4825
00:32
have now really transformed our lives,
5
20542
2604
00:35
and this has brought us many real benefits
such as a more connected society.
such as a more connected society.
6
23146
4287
00:39
However, there are also
some downsides to this.
some downsides to this.
7
27433
2801
00:43
Today, the average person
has an astounding amount
has an astounding amount
8
31134
2833
00:45
of personal information online,
9
33967
2113
00:48
and we add to this online information
every single time we post on Facebook,
every single time we post on Facebook,
10
36080
3657
00:51
each time we search on Google,
11
39737
2202
00:53
and each time we send an email.
12
41939
1782
00:56
Now, many of us probably think,
13
44341
2002
00:58
well, one email,
there's nothing in there, right?
there's nothing in there, right?
14
46343
3110
01:01
But if you consider
a year's worth of emails,
a year's worth of emails,
15
49453
3206
01:04
or maybe even a lifetime of email,
16
52659
2902
01:07
collectively, this tells a lot.
17
55561
2346
01:09
It tells where we have been,
who we have met,
who we have met,
18
57907
3563
01:13
and in many ways,
even what we're thinking about.
even what we're thinking about.
19
61470
3239
01:16
And the more scary part about this is
our data now lasts forever,
our data now lasts forever,
20
64709
4377
01:21
so your data can and will outlive you.
21
69086
3007
01:24
What has happened is that we've largely
lost control over our data
lost control over our data
22
72093
3529
01:27
and also our privacy.
23
75622
2322
01:29
So this year, as the web turns 25,
24
77944
3530
01:33
it's very important for us
to take a moment
to take a moment
25
81474
2298
01:35
and think about the implications of this.
26
83772
2532
01:38
We have to really think.
27
86304
1702
01:40
We've lost privacy, yes,
28
88006
1790
01:41
but actually what we've also lost
is the idea of privacy itself.
is the idea of privacy itself.
29
89796
3329
01:45
If you think about it,
30
93995
1754
01:47
most of us here today probably remember
what life was like before the Internet,
what life was like before the Internet,
31
95749
4014
01:51
but today, there's a new generation
32
99763
2542
01:54
that is being taught from a very young age
to share everything online,
to share everything online,
33
102305
3420
01:57
and this is a generation that is not
going to remember when data was private.
going to remember when data was private.
34
105725
4479
02:02
So we keep going down this road,
20 years from now,
20 years from now,
35
110204
3388
02:05
the word 'privacy' is going to have
a completely different meaning
a completely different meaning
36
113592
3096
02:08
from what it means to you and I.
37
116688
2285
02:10
So, it's time for us
to take a moment and think,
to take a moment and think,
38
118973
2440
02:13
is there anything we can do about this?
39
121413
2807
02:16
And I believe there is.
40
124220
2485
02:18
Let's take a look at one of the most
widely used forms of communication
widely used forms of communication
41
126705
3561
02:22
in the world today: email.
42
130266
2267
02:24
Before the invention of email,
we largely communicated using letters,
we largely communicated using letters,
43
132533
3761
02:28
and the process was quite simple.
44
136294
2322
02:30
You would first start by writing
your message on a piece of paper,
your message on a piece of paper,
45
138616
3112
02:33
then you would place it
into a sealed envelope,
into a sealed envelope,
46
141728
2404
02:36
and from there,
you would go ahead and send it
you would go ahead and send it
47
144132
2255
02:38
after you put a stamp and address on it.
48
146387
1958
02:40
Unfortunately, today,
49
148345
1480
02:41
when we actually send an email,
we're not sending a letter.
we're not sending a letter.
50
149825
2817
02:44
What you are sending, in many ways,
is actually a postcard,
is actually a postcard,
51
152642
2775
02:47
and it's a postcard in the sense
that everybody that sees it
that everybody that sees it
52
155417
3647
02:51
from the time it leaves your computer
to when it gets to the recipient
to when it gets to the recipient
53
159064
3635
02:54
can actually read the entire contents.
54
162699
2620
02:57
So, the solution to this
has been known for some time,
has been known for some time,
55
165319
3459
03:00
and there's many attempts to do it.
56
168778
1843
03:02
The most basic solution
is to use encryption,
is to use encryption,
57
170621
3149
03:05
and the idea is quite simple.
58
173770
1927
03:07
First, you encrypt the connection
59
175697
1769
03:09
between your computer
and the email server.
and the email server.
60
177466
2608
03:12
Then, you also encrypt the data
as it sits on the server itself.
as it sits on the server itself.
61
180074
3626
03:15
But there's a problem with this,
62
183700
1946
03:17
and that is, the email servers
also hold the encryption keys,
also hold the encryption keys,
63
185646
2949
03:20
so now you have a really big lock
with a key placed right next to it.
with a key placed right next to it.
64
188595
4385
03:24
But not only that, any government
could lawfully ask for
could lawfully ask for
65
192980
3231
03:28
and get the key to your data,
66
196211
2230
03:30
and this is all without you
being aware of it.
being aware of it.
67
198441
2623
03:33
So the way we fix this problem
is actually relatively easy, in principle:
is actually relatively easy, in principle:
68
201064
5273
03:38
You give everybody their own keys,
69
206337
2402
03:40
and then you make sure the server
doesn't actually have the keys.
doesn't actually have the keys.
70
208739
3273
03:44
This seems like common sense, right?
71
212012
2136
03:46
So the question that comes up is,
why hasn't this been done yet?
why hasn't this been done yet?
72
214148
3603
03:50
Well, if we really think about it,
73
218261
2535
03:52
we see that the business model
of the Internet today
of the Internet today
74
220796
2925
03:55
really isn't compatible with privacy.
75
223721
2067
03:57
Just take a look at some
of the biggest names on the web,
of the biggest names on the web,
76
225788
2786
04:00
and you see that advertising
plays a huge role.
plays a huge role.
77
228574
2927
04:03
In fact, this year alone,
advertising is 137 billion dollars,
advertising is 137 billion dollars,
78
231501
4828
04:08
and to optimize the ads
that are shown to us,
that are shown to us,
79
236329
2171
04:10
companies have to know
everything about us.
everything about us.
80
238500
2133
04:12
They need to know where we live,
81
240633
1919
04:14
how old we are, what we like,
what we don't like,
what we don't like,
82
242552
3655
04:18
and anything else
they can get their hands on.
they can get their hands on.
83
246207
2162
04:20
And if you think about it,
84
248369
1729
04:22
the best way to get this information
is really just to invade our privacy.
is really just to invade our privacy.
85
250098
4148
04:26
So these companies
aren't going to give us our privacy.
aren't going to give us our privacy.
86
254246
3191
04:29
If we want to have privacy online,
87
257437
1815
04:31
what we have to do is
we've got to go out and get it ourselves.
we've got to go out and get it ourselves.
88
259252
3543
04:34
For many years, when it came to email,
89
262795
2268
04:37
the only solution
was something known as PGP,
was something known as PGP,
90
265063
2915
04:39
which was quite complicated
and only accessible to the tech-savvy.
and only accessible to the tech-savvy.
91
267978
3214
04:43
Here's a diagram that basically shows
92
271192
2418
04:45
the process for encrypting
and decrypting messages.
and decrypting messages.
93
273610
2735
04:48
So needless to say,
this is not a solution for everybody,
this is not a solution for everybody,
94
276345
2886
04:51
and this actually is part of the problem,
95
279231
3132
04:54
because if you think about communication,
96
282363
2462
04:56
by definition, it involves
having someone to communicate with.
having someone to communicate with.
97
284825
4355
05:01
So while PGP does a great job
of what it's designed to do,
of what it's designed to do,
98
289180
3214
05:04
for the people out there
who can't understand how to use it,
who can't understand how to use it,
99
292394
2821
05:07
the option to communicate privately
simply does not exist.
simply does not exist.
100
295215
2902
05:10
And this is a problem
that we need to solve.
that we need to solve.
101
298117
3008
05:13
So if we want to have privacy online,
102
301125
1998
05:15
the only way we can succeed
is if we get the whole world on board,
is if we get the whole world on board,
103
303123
3319
05:18
and this is only possible
if we bring down the barrier to entry.
if we bring down the barrier to entry.
104
306442
3251
05:21
I think this is actually the key challenge
that lies in the tech community.
that lies in the tech community.
105
309693
3529
05:25
What we really have to do
is work and make privacy more accessible.
is work and make privacy more accessible.
106
313222
4063
05:29
So last summer, when
the Edward Snowden story came out,
the Edward Snowden story came out,
107
317285
2996
05:32
several colleagues and I decided to see
if we could make this happen.
if we could make this happen.
108
320281
3615
05:35
At that time, we were working at the
European Organization for Nuclear Research
European Organization for Nuclear Research
109
323896
4987
05:40
at the world's largest particle collider,
which collides protons, by the way.
which collides protons, by the way.
110
328883
3731
05:44
We were all scientists,
so we used our scientific creativity
so we used our scientific creativity
111
332614
3445
05:48
and came up with a very
creative name for our project:
creative name for our project:
112
336059
2624
05:51
ProtonMail.
(Laughter)
(Laughter)
113
339293
2096
05:53
Many startups these days
actually begin in people's garages
actually begin in people's garages
114
341389
2868
05:56
or people's basements.
115
344257
1684
05:57
We were a bit different.
116
345941
1497
05:59
We started out at the CERN cafeteria,
117
347438
2643
06:02
which actually is great, because look,
118
350081
2456
06:04
you have all the food
and water you could ever want.
and water you could ever want.
119
352537
2473
06:07
But even better than this
is that every day
is that every day
120
355010
2480
06:09
between 12 p.m. and 2 p.m.,
free of charge,
free of charge,
121
357490
3971
06:13
the CERN cafeteria comes with
several thousand scientists and engineers,
several thousand scientists and engineers,
122
361461
4249
06:17
and these guys basically know
the answers to everything.
the answers to everything.
123
365710
2786
06:20
So it was in this environment
that we began working.
that we began working.
124
368496
2787
06:23
What we actually want to do
is we want to take your email
is we want to take your email
125
371283
3111
06:26
and turn it into something
that looks more like this,
that looks more like this,
126
374394
3460
06:29
but more importantly,
we want to do it in a way
we want to do it in a way
127
377854
2275
06:32
that you can't even tell
that it's happened.
that it's happened.
128
380129
2145
06:34
So to do this, we actually need
a combination of technology
a combination of technology
129
382274
2987
06:37
and also design.
130
385261
1587
06:38
So how do we go about
doing something like this?
doing something like this?
131
386848
2290
06:42
Well, it's probably a good idea
not to put the keys on the server.
not to put the keys on the server.
132
390018
4154
06:46
So what we do is we generate
encryption keys on your computer,
encryption keys on your computer,
133
394172
3898
06:50
and we don't generate a single key,
but actually a pair of keys,
but actually a pair of keys,
134
398070
3788
06:53
so there's an RSA private key
and an RSA public key,
and an RSA public key,
135
401858
3705
06:57
and these keys
are mathematically connected.
are mathematically connected.
136
405563
2628
07:00
So let's have a look
and see how this works
and see how this works
137
408191
2205
07:02
when multiple people communicate.
138
410396
2391
07:04
So here we have Bob and Alice,
who want to communicate privately.
who want to communicate privately.
139
412787
4445
07:09
So the key challenge
is to take Bob's message
is to take Bob's message
140
417232
3562
07:12
and to get it to Alice in such a way
that the server cannot read that message.
that the server cannot read that message.
141
420794
4309
07:17
So what we have to do
is we have to encrypt it
is we have to encrypt it
142
425103
2413
07:19
before it even leaves Bob's computer,
143
427516
2124
07:21
and one of the tricks is, we encrypt it
using the public key from Alice.
using the public key from Alice.
144
429640
4501
07:26
Now this encrypted data is sent
through the server to Alice,
through the server to Alice,
145
434141
5192
07:31
and because the message was encrypted
using Alice's public key,
using Alice's public key,
146
439333
4280
07:35
the only key that can now decrypt it
is a private key that belongs to Alice,
is a private key that belongs to Alice,
147
443613
4288
07:39
and it turns out Alice is the only person
that actually has this key.
that actually has this key.
148
447901
4715
07:44
So we've now accomplished the objective,
149
452616
2668
07:47
which is to get the message
from Bob to Alice
from Bob to Alice
150
455284
2167
07:49
without the server being able
to read what's going on.
to read what's going on.
151
457451
2692
07:52
Actually, what I've shown here
is a highly simplified picture.
is a highly simplified picture.
152
460143
2957
07:55
The reality is much more complex
153
463100
2005
07:57
and it requires a lot of software
that looks a bit like this.
that looks a bit like this.
154
465105
3714
08:00
And that's actually
the key design challenge:
the key design challenge:
155
468819
2440
08:03
How do we take all this complexity,
all this software,
all this software,
156
471259
3521
08:06
and implement it in a way
that the user cannot see it.
that the user cannot see it.
157
474780
4118
08:10
I think with ProtonMail,
we have gotten pretty close to doing this.
we have gotten pretty close to doing this.
158
478898
3598
08:14
So let's see how it works in practice.
159
482496
2462
08:16
Here, we've got Bob and Alice again,
160
484958
3017
08:19
who also want to communicate securely.
161
487975
1970
08:21
They simply create accounts on ProtonMail,
162
489945
2187
08:24
which is quite simple
and takes a few moments,
and takes a few moments,
163
492132
2410
08:26
and all the key encryption and generation
164
494542
2422
08:28
is happening automatically
in the background
in the background
165
496964
2390
08:31
as Bob is creating his account.
166
499354
1706
08:33
Once his account is created,
he just clicks "compose,"
he just clicks "compose,"
167
501060
2542
08:35
and now he can write his email
like he does today.
like he does today.
168
503602
2987
08:38
So he fills in his information,
169
506589
1867
08:40
and then after that,
all he has to do is click "send,"
all he has to do is click "send,"
170
508456
3284
08:43
and just like that,
without understanding cryptography,
without understanding cryptography,
171
511740
3541
08:47
and without doing anything different
from how he writes email today,
from how he writes email today,
172
515281
3553
08:50
Bob has just sent an encrypted message.
173
518834
2647
08:53
What we have here
is really just the first step,
is really just the first step,
174
521481
4112
08:57
but it shows that
with improving technology,
with improving technology,
175
525593
2297
08:59
privacy doesn't have to be difficult,
it doesn't have to be disruptive.
it doesn't have to be disruptive.
176
527890
4175
09:04
If we change the goal from maximizing
ad revenue to protecting data,
ad revenue to protecting data,
177
532065
4447
09:08
we can actually make it accessible.
178
536512
2496
09:11
Now, I know a question
on everybody's minds is,
on everybody's minds is,
179
539008
2460
09:13
okay, protecting privacy,
this is a great goal,
this is a great goal,
180
541468
2390
09:15
but can you actually do this
181
543858
2440
09:18
without the tons of money
that advertisements give you?
that advertisements give you?
182
546298
2792
09:21
And I think the answer is actually yes,
183
549090
2386
09:23
because today, we've reached a point
184
551476
2230
09:25
where people around the world really
understand how important privacy is,
understand how important privacy is,
185
553706
3946
09:29
and when you have that,
anything is possible.
anything is possible.
186
557652
2973
09:32
Earlier this year,
187
560625
1164
09:33
ProtonMail actually had so many users
that we ran out of resources,
that we ran out of resources,
188
561789
3665
09:37
and when this happened,
our community of users got together
our community of users got together
189
565454
2829
09:40
and donated half a million dollars.
190
568283
2116
09:42
So this is just an example
of what can happen
of what can happen
191
570399
2431
09:44
when you bring the community together
towards a common goal.
towards a common goal.
192
572830
2813
09:47
We can also leverage the world.
193
575643
1736
09:49
Right now,
194
577449
1148
09:50
we have a quarter of a million people
that have signed up for ProtonMail,
that have signed up for ProtonMail,
195
578597
3426
09:54
and these people come from everywhere,
196
582023
1809
09:55
and this really shows that privacy
197
583832
1632
09:57
is not just an American
or a European issue,
or a European issue,
198
585464
2252
09:59
it's a global issue
that impacts all of us.
that impacts all of us.
199
587716
2345
10:02
It's something that we really
have to pay attention to going forward.
have to pay attention to going forward.
200
590061
3460
10:05
So what do we have to do
to solve this problem?
to solve this problem?
201
593521
2996
10:08
Well, first of all,
202
596517
1997
10:10
we need to support a different
business model for the Internet,
business model for the Internet,
203
598514
2994
10:13
one that does not rely
entirely on advertisements
entirely on advertisements
204
601508
2333
10:15
for revenue and for growth.
205
603841
2334
10:18
We actually need to build a new Internet
206
606175
2509
10:20
where our privacy and our ability
to control our data is first and foremost.
to control our data is first and foremost.
207
608684
5693
10:26
But even more importantly,
208
614377
1745
10:28
we have to build an Internet
where privacy is no longer just an option
where privacy is no longer just an option
209
616122
4868
10:32
but is also the default.
210
620990
1903
10:35
We have done the first step
with ProtonMail,
with ProtonMail,
211
623923
2570
10:38
but this is really just the first step
in a very, very long journey.
in a very, very long journey.
212
626493
3581
10:42
The good news I can share
with you guys today,
with you guys today,
213
630074
2923
10:44
the exciting news,
is that we're not traveling alone.
is that we're not traveling alone.
214
632997
2528
10:47
The movement to protect people's privacy
and freedom online
and freedom online
215
635525
2850
10:50
is really gaining momentum,
216
638375
1486
10:51
and today, there are dozens of projects
from all around the world
from all around the world
217
639861
3594
10:55
who are working together
to improve our privacy.
to improve our privacy.
218
643455
3511
10:58
These projects protect things
from our chat to voice communications,
from our chat to voice communications,
219
646966
3646
11:02
also our file storage, our online search,
220
650612
2804
11:05
our online browsing,
and many other things.
and many other things.
221
653416
3041
11:08
And these projects are not backed
by billions of dollars in advertising,
by billions of dollars in advertising,
222
656457
3529
11:11
but they've found support
really from the people,
really from the people,
223
659986
2323
11:14
from private individuals like you and I
from all over the world.
from all over the world.
224
662309
3047
11:17
This really matters, because ultimately,
225
665356
3117
11:20
privacy depends on each
and every one of us,
and every one of us,
226
668473
3471
11:23
and we have to protect it now
because our online data
because our online data
227
671944
2833
11:26
is more than just a collection
of ones and zeros.
of ones and zeros.
228
674777
2764
11:29
It's actually a lot more than that.
229
677541
1856
11:31
It's our lives, our personal stories,
230
679397
2346
11:33
our friends, our families,
231
681743
2298
11:36
and in many ways,
also our hopes and our aspirations.
also our hopes and our aspirations.
232
684041
3506
11:39
We need to spend time now
to really protect our right
to really protect our right
233
687547
3104
11:42
to share this only with people
that we want to share this with,
that we want to share this with,
234
690651
2950
11:45
because without this,
we simply can't have a free society.
we simply can't have a free society.
235
693601
2740
11:48
So now's the time for us
to collectively stand up and say,
to collectively stand up and say,
236
696341
2853
11:51
yes, we do want to live
in a world with online privacy,
in a world with online privacy,
237
699194
3493
11:54
and yes, we can work together
to turn this vision into a reality.
to turn this vision into a reality.
238
702687
4528
11:59
Thank you.
239
707215
2135
12:01
(Applause)
240
709350
6757
ABOUT THE SPEAKER
Andy Yen - Secure email developerAndy Yen is building an encrypted email program that lets everyone benefit from private communication.
Why you should listen
Andy Yen is a scientist at CERN. With two colleagues, Wei Sun and Jason Stockman, he co-founded ProtonMail, an encrypted email startup based in Geneva, Switzerland, that seeks to make secure email accessible. The group aims to advance internet security and protect online privacy rights by making it possible for everyone to incorporate encryption into their everyday communication.
A physicist and economist by training, since 2010 Andy has been part of the ATLAS experiment at CERN, where his research focus has been on searches for supersymmetric particles. He is translating his experience in large-scale computing to build the infrastructure that is used to run ProtonMail.
More profile about the speakerA physicist and economist by training, since 2010 Andy has been part of the ATLAS experiment at CERN, where his research focus has been on searches for supersymmetric particles. He is translating his experience in large-scale computing to build the infrastructure that is used to run ProtonMail.
Andy Yen | Speaker | TED.com