Andy Yen: Think your email's private? Think again
October 8, 2014
Sending an email message is like sending a postcard, says scientist Andy Yen in this thought-provoking talk: Anyone can read it. Yet encryption, the technology that protects the privacy of email communication, does exist. It's just that until now it has been difficult to install and a hassle to use. Showing a demo of an email program he designed with colleagues at CERN, Yen argues that encryption can be made simple to the point of becoming the default option, providing true email privacy to all.Andy Yen
- Secure email developer
Andy Yen is building an encrypted email program that lets everyone benefit from private communication. Full bio
Double-click the English subtitles below to play the video.
Twenty-five years ago, scientists at CERN
created the World Wide Web.
Since then, the Internet has transformed
the way we communicate,
the way we do business,
and even the way we live.
In many ways,
the ideas that gave birth to Google,
Facebook, Twitter, and so many others,
have now really transformed our lives,
and this has brought us many real benefits
such as a more connected society.
However, there are also
some downsides to this.
Today, the average person
has an astounding amount
of personal information online,
and we add to this online information
every single time we post on Facebook,
each time we search on Google,
and each time we send an email.
Now, many of us probably think,
well, one email,
there's nothing in there, right?
But if you consider
a year's worth of emails,
or maybe even a lifetime of email,
collectively, this tells a lot.
It tells where we have been,
who we have met,
and in many ways,
even what we're thinking about.
And the more scary part about this is
our data now lasts forever,
so your data can and will outlive you.
What has happened is that we've largely
lost control over our data
and also our privacy.
So this year, as the web turns 25,
it's very important for us
to take a moment
and think about the implications of this.
We have to really think.
We've lost privacy, yes,
but actually what we've also lost
is the idea of privacy itself.
If you think about it,
most of us here today probably remember
what life was like before the Internet,
but today, there's a new generation
that is being taught from a very young age
to share everything online,
and this is a generation that is not
going to remember when data was private.
So we keep going down this road,
20 years from now,
the word 'privacy' is going to have
a completely different meaning
from what it means to you and I.
So, it's time for us
to take a moment and think,
is there anything we can do about this?
And I believe there is.
Let's take a look at one of the most
widely used forms of communication
in the world today: email.
Before the invention of email,
we largely communicated using letters,
and the process was quite simple.
You would first start by writing
your message on a piece of paper,
then you would place it
into a sealed envelope,
and from there,
you would go ahead and send it
after you put a stamp and address on it.
when we actually send an email,
we're not sending a letter.
What you are sending, in many ways,
is actually a postcard,
and it's a postcard in the sense
that everybody that sees it
from the time it leaves your computer
to when it gets to the recipient
can actually read the entire contents.
So, the solution to this
has been known for some time,
and there's many attempts to do it.
The most basic solution
is to use encryption,
and the idea is quite simple.
First, you encrypt the connection
between your computer
and the email server.
Then, you also encrypt the data
as it sits on the server itself.
But there's a problem with this,
and that is, the email servers
also hold the encryption keys,
so now you have a really big lock
with a key placed right next to it.
But not only that, any government
could lawfully ask for
and get the key to your data,
and this is all without you
being aware of it.
So the way we fix this problem
is actually relatively easy, in principle:
You give everybody their own keys,
and then you make sure the server
doesn't actually have the keys.
This seems like common sense, right?
So the question that comes up is,
why hasn't this been done yet?
Well, if we really think about it,
we see that the business model
of the Internet today
really isn't compatible with privacy.
Just take a look at some
of the biggest names on the web,
and you see that advertising
plays a huge role.
In fact, this year alone,
advertising is 137 billion dollars,
and to optimize the ads
that are shown to us,
companies have to know
everything about us.
They need to know where we live,
how old we are, what we like,
what we don't like,
and anything else
they can get their hands on.
And if you think about it,
the best way to get this information
is really just to invade our privacy.
So these companies
aren't going to give us our privacy.
If we want to have privacy online,
what we have to do is
we've got to go out and get it ourselves.
For many years, when it came to email,
the only solution
was something known as PGP,
which was quite complicated
and only accessible to the tech-savvy.
Here's a diagram that basically shows
the process for encrypting
and decrypting messages.
So needless to say,
this is not a solution for everybody,
and this actually is part of the problem,
because if you think about communication,
by definition, it involves
having someone to communicate with.
So while PGP does a great job
of what it's designed to do,
for the people out there
who can't understand how to use it,
the option to communicate privately
simply does not exist.
And this is a problem
that we need to solve.
So if we want to have privacy online,
the only way we can succeed
is if we get the whole world on board,
and this is only possible
if we bring down the barrier to entry.
I think this is actually the key challenge
that lies in the tech community.
What we really have to do
is work and make privacy more accessible.
So last summer, when
the Edward Snowden story came out,
several colleagues and I decided to see
if we could make this happen.
At that time, we were working at the
European Organization for Nuclear Research
at the world's largest particle collider,
which collides protons, by the way.
We were all scientists,
so we used our scientific creativity
and came up with a very
creative name for our project:
Many startups these days
actually begin in people's garages
or people's basements.
We were a bit different.
We started out at the CERN cafeteria,
which actually is great, because look,
you have all the food
and water you could ever want.
But even better than this
is that every day
between 12 p.m. and 2 p.m.,
free of charge,
the CERN cafeteria comes with
several thousand scientists and engineers,
and these guys basically know
the answers to everything.
So it was in this environment
that we began working.
What we actually want to do
is we want to take your email
and turn it into something
that looks more like this,
but more importantly,
we want to do it in a way
that you can't even tell
that it's happened.
So to do this, we actually need
a combination of technology
and also design.
So how do we go about
doing something like this?
Well, it's probably a good idea
not to put the keys on the server.
So what we do is we generate
encryption keys on your computer,
and we don't generate a single key,
but actually a pair of keys,
so there's an RSA private key
and an RSA public key,
and these keys
are mathematically connected.
So let's have a look
and see how this works
when multiple people communicate.
So here we have Bob and Alice,
who want to communicate privately.
So the key challenge
is to take Bob's message
and to get it to Alice in such a way
that the server cannot read that message.
So what we have to do
is we have to encrypt it
before it even leaves Bob's computer,
and one of the tricks is, we encrypt it
using the public key from Alice.
Now this encrypted data is sent
through the server to Alice,
and because the message was encrypted
using Alice's public key,
the only key that can now decrypt it
is a private key that belongs to Alice,
and it turns out Alice is the only person
that actually has this key.
So we've now accomplished the objective,
which is to get the message
from Bob to Alice
without the server being able
to read what's going on.
Actually, what I've shown here
is a highly simplified picture.
The reality is much more complex
and it requires a lot of software
that looks a bit like this.
And that's actually
the key design challenge:
How do we take all this complexity,
all this software,
and implement it in a way
that the user cannot see it.
I think with ProtonMail,
we have gotten pretty close to doing this.
So let's see how it works in practice.
Here, we've got Bob and Alice again,
who also want to communicate securely.
They simply create accounts on ProtonMail,
which is quite simple
and takes a few moments,
and all the key encryption and generation
is happening automatically
in the background
as Bob is creating his account.
Once his account is created,
he just clicks "compose,"
and now he can write his email
like he does today.
So he fills in his information,
and then after that,
all he has to do is click "send,"
and just like that,
without understanding cryptography,
and without doing anything different
from how he writes email today,
Bob has just sent an encrypted message.
What we have here
is really just the first step,
but it shows that
with improving technology,
privacy doesn't have to be difficult,
it doesn't have to be disruptive.
If we change the goal from maximizing
ad revenue to protecting data,
we can actually make it accessible.
Now, I know a question
on everybody's minds is,
okay, protecting privacy,
this is a great goal,
but can you actually do this
without the tons of money
that advertisements give you?
And I think the answer is actually yes,
because today, we've reached a point
where people around the world really
understand how important privacy is,
and when you have that,
anything is possible.
Earlier this year,
ProtonMail actually had so many users
that we ran out of resources,
and when this happened,
our community of users got together
and donated half a million dollars.
So this is just an example
of what can happen
when you bring the community together
towards a common goal.
We can also leverage the world.
we have a quarter of a million people
that have signed up for ProtonMail,
and these people come from everywhere,
and this really shows that privacy
is not just an American
or a European issue,
it's a global issue
that impacts all of us.
It's something that we really
have to pay attention to going forward.
So what do we have to do
to solve this problem?
Well, first of all,
we need to support a different
business model for the Internet,
one that does not rely
entirely on advertisements
for revenue and for growth.
We actually need to build a new Internet
where our privacy and our ability
to control our data is first and foremost.
But even more importantly,
we have to build an Internet
where privacy is no longer just an option
but is also the default.
We have done the first step
but this is really just the first step
in a very, very long journey.
The good news I can share
with you guys today,
the exciting news,
is that we're not traveling alone.
The movement to protect people's privacy
and freedom online
is really gaining momentum,
and today, there are dozens of projects
from all around the world
who are working together
to improve our privacy.
These projects protect things
from our chat to voice communications,
also our file storage, our online search,
our online browsing,
and many other things.
And these projects are not backed
by billions of dollars in advertising,
but they've found support
really from the people,
from private individuals like you and I
from all over the world.
This really matters, because ultimately,
privacy depends on each
and every one of us,
and we have to protect it now
because our online data
is more than just a collection
of ones and zeros.
It's actually a lot more than that.
It's our lives, our personal stories,
our friends, our families,
and in many ways,
also our hopes and our aspirations.
We need to spend time now
to really protect our right
to share this only with people
that we want to share this with,
because without this,
we simply can't have a free society.
So now's the time for us
to collectively stand up and say,
yes, we do want to live
in a world with online privacy,
and yes, we can work together
to turn this vision into a reality.
- Secure email developer
Andy Yen is building an encrypted email program that lets everyone benefit from private communication.Why you should listen
Andy Yen is a scientist at CERN. With two colleagues, Wei Sun and Jason Stockman, he co-founded ProtonMail, an encrypted email startup based in Geneva, Switzerland, that seeks to make secure email accessible. The group aims to advance internet security and protect online privacy rights by making it possible for everyone to incorporate encryption into their everyday communication.
A physicist and economist by training, since 2010 Andy has been part of the ATLAS experiment at CERN, where his research focus has been on searches for supersymmetric particles. He is translating his experience in large-scale computing to build the infrastructure that is used to run ProtonMail.
The original video is available on TED.com