Placeholder Image

Subtitles section Play video

  • Twenty-five years ago, scientists at CERN created the World Wide Web.

  • Since then, the Internet has transformed the way we communicate,

  • the way we do business, and even the way we live.

  • In many ways,

  • the ideas that gave birth to Google, Facebook, Twitter, and so many others,

  • have now really transformed our lives,

  • and this has brought us many real benefits such as a more connected society.

  • However, there are also some downsides to this.

  • Today, the average person has an astounding amount

  • of personal information online,

  • and we add to this online information every single time we post on Facebook,

  • each time we search on Google,

  • and each time we send an email.

  • Now, many of us probably think,

  • well, one email, there's nothing in there, right?

  • But if you consider a year's worth of emails,

  • or maybe even a lifetime of email,

  • collectively, this tells a lot.

  • It tells where we have been, who we have met,

  • and in many ways, even what we're thinking about.

  • And the more scary part about this is our data now lasts forever,

  • so your data can and will outlive you.

  • What has happened is that we've largely lost control over our data

  • and also our privacy.

  • So this year, as the web turns 25,

  • it's very important for us to take a moment

  • and think about the implications of this.

  • We have to really think.

  • We've lost privacy, yes,

  • but actually what we've also lost is the idea of privacy itself.

  • If you think about it,

  • most of us here today probably remember what life was like before the Internet,

  • but today, there's a new generation

  • that is being taught from a very young age to share everything online,

  • and this is a generation that is not going to remember when data was private.

  • So we keep going down this road, 20 years from now,

  • the word 'privacy' is going to have a completely different meaning

  • from what it means to you and I.

  • So, it's time for us to take a moment and think,

  • is there anything we can do about this?

  • And I believe there is.

  • Let's take a look at one of the most widely used forms of communication

  • in the world today: email.

  • Before the invention of email, we largely communicated using letters,

  • and the process was quite simple.

  • You would first start by writing your message on a piece of paper,

  • then you would place it into a sealed envelope,

  • and from there, you would go ahead and send it

  • after you put a stamp and address on it.

  • Unfortunately, today,

  • when we actually send an email, we're not sending a letter.

  • What you are sending, in many ways, is actually a postcard,

  • and it's a postcard in the sense that everybody that sees it

  • from the time it leaves your computer to when it gets to the recipient

  • can actually read the entire contents.

  • So, the solution to this has been known for some time,

  • and there's many attempts to do it.

  • The most basic solution is to use encryption,

  • and the idea is quite simple.

  • First, you encrypt the connection

  • between your computer and the email server.

  • Then, you also encrypt the data as it sits on the server itself.

  • But there's a problem with this,

  • and that is, the email servers also hold the encryption keys,

  • so now you have a really big lock with a key placed right next to it.

  • But not only that, any government could lawfully ask for

  • and get the key to your data,

  • and this is all without you being aware of it.

  • So the way we fix this problem is actually relatively easy, in principle:

  • You give everybody their own keys,

  • and then you make sure the server doesn't actually have the keys.

  • This seems like common sense, right?

  • So the question that comes up is, why hasn't this been done yet?

  • Well, if we really think about it,

  • we see that the business model of the Internet today

  • really isn't compatible with privacy.

  • Just take a look at some of the biggest names on the web,

  • and you see that advertising plays a huge role.

  • In fact, this year alone, advertising is 137 billion dollars,

  • and to optimize the ads that are shown to us,

  • companies have to know everything about us.

  • They need to know where we live,

  • how old we are, what we like, what we don't like,

  • and anything else they can get their hands on.

  • And if you think about it,

  • the best way to get this information is really just to invade our privacy.

  • So these companies aren't going to give us our privacy.

  • If we want to have privacy online,

  • what we have to do is we've got to go out and get it ourselves.

  • For many years, when it came to email,

  • the only solution was something known as PGP,

  • which was quite complicated and only accessible to the tech-savvy.

  • Here's a diagram that basically shows

  • the process for encrypting and decrypting messages.

  • So needless to say, this is not a solution for everybody,

  • and this actually is part of the problem,

  • because if you think about communication,

  • by definition, it involves having someone to communicate with.

  • So while PGP does a great job of what it's designed to do,

  • for the people out there who can't understand how to use it,

  • the option to communicate privately simply does not exist.

  • And this is a problem that we need to solve.

  • So if we want to have privacy online,

  • the only way we can succeed is if we get the whole world on board,

  • and this is only possible if we bring down the barrier to entry.

  • I think this is actually the key challenge that lies in the tech community.

  • What we really have to do is work and make privacy more accessible.

  • So last summer, when the Edward Snowden story came out,

  • several colleagues and I decided to see if we could make this happen.

  • At that time, we were working at the European Organization for Nuclear Research

  • at the world's largest particle collider, which collides protons, by the way.

  • We were all scientists, so we used our scientific creativity

  • and came up with a very creative name for our project:

  • ProtonMail. (Laughter)

  • Many startups these days actually begin in people's garages

  • or people's basements.

  • We were a bit different.

  • We started out at the CERN cafeteria,

  • which actually is great, because look,

  • you have all the food and water you could ever want.

  • But even better than this is that every day

  • between 12 p.m. and 2 p.m., free of charge,

  • the CERN cafeteria comes with several thousand scientists and engineers,

  • and these guys basically know the answers to everything.

  • So it was in this environment that we began working.

  • What we actually want to do is we want to take your email

  • and turn it into something that looks more like this,

  • but more importantly, we want to do it in a way

  • that you can't even tell that it's happened.

  • So to do this, we actually need a combination of technology

  • and also design.

  • So how do we go about doing something like this?

  • Well, it's probably a good idea not to put the keys on the server.

  • So what we do is we generate encryption keys on your computer,

  • and we don't generate a single key, but actually a pair of keys,

  • so there's an RSA private key and an RSA public key,

  • and these keys are mathematically connected.

  • So let's have a look and see how this works

  • when multiple people communicate.

  • So here we have Bob and Alice, who want to communicate privately.

  • So the key challenge is to take Bob's message

  • and to get it to Alice in such a way that the server cannot read that message.

  • So what we have to do is we have to encrypt it

  • before it even leaves Bob's computer,

  • and one of the tricks is, we encrypt it using the public key from Alice.

  • Now this encrypted data is sent through the server to Alice,

  • and because the message was encrypted using Alice's public key,

  • the only key that can now decrypt it is a private key that belongs to Alice,

  • and it turns out Alice is the only person that actually has this key.

  • So we've now accomplished the objective,

  • which is to get the message from Bob to Alice

  • without the server being able to read what's going on.

  • Actually, what I've shown here is a highly simplified picture.

  • The reality is much more complex

  • and it requires a lot of software that looks a bit like this.

  • And that's actually the key design challenge:

  • How do we take all this complexity, all this software,

  • and implement it in a way that the user cannot see it.

  • I think with ProtonMail, we have gotten pretty close to doing this.

  • So let's see how it works in practice.

  • Here, we've got Bob and Alice again,

  • who also want to communicate securely.

  • They simply create accounts on ProtonMail,

  • which is quite simple and takes a few moments,

  • and all the key encryption and generation

  • is happening automatically in the background

  • as Bob is creating his account.

  • Once his account is created, he just clicks "compose,"

  • and now he can write his email like he does today.

  • So he fills in his information,

  • and then after that, all he has to do is click "send,"

  • and just like that, without understanding cryptography,

  • and without doing anything different from how he writes email today,

  • Bob has just sent an encrypted message.

  • What we have here is really just the first step,

  • but it shows that with improving technology,

  • privacy doesn't have to be difficult, it doesn't have to be disruptive.

  • If we change the goal from maximizing ad revenue to protecting data,

  • we can actually make it accessible.

  • Now, I know a question on everybody's minds is,

  • okay, protecting privacy, this is a great goal,

  • but can you actually do this

  • without the tons of money that advertisements give you?

  • And I think the answer is actually yes,

  • because today, we've reached a point

  • where people around the world really understand how important privacy is,

  • and when you have that, anything is possible.

  • Earlier this year,

  • ProtonMail actually had so many users that we ran out of resources,

  • and when this happened, our community of users got together

  • and donated half a million dollars.

  • So this is just an example of what can happen

  • when you bring the community together towards a common goal.

  • We can also leverage the world.

  • Right now,

  • we have a quarter of a million people that have signed up for ProtonMail,

  • and these people come from everywhere,

  • and this really shows that privacy

  • is not just an American or a European issue,

  • it's a global issue that impacts all of us.

  • It's something that we really have to pay attention to going forward.

  • So what do we have to do to solve this problem?

  • Well, first of all,

  • we need to support a different business model for the Internet,

  • one that does not rely entirely on advertisements

  • for revenue and for growth.

  • We actually need to build a new Internet

  • where our privacy and our ability to control our data is first and foremost.

  • But even more importantly,

  • we have to build an Internet where privacy is no longer just an option

  • but is also the default.

  • We have done the first step with ProtonMail,

  • but this is really just the first step in a very, very long journey.

  • The good news I can share with you guys today,

  • the exciting news, is that we're not traveling alone.

  • The movement to protect people's privacy and freedom online

  • is really gaining momentum,

  • and today, there are dozens of projects from all around the world

  • who are working together to improve our privacy.

  • These projects protect things from our chat to voice communications,

  • also our file storage, our online search,

  • our online browsing, and many other things.

  • And these projects are not backed by billions of dollars in advertising,

  • but they've found support really from the people,

  • from private individuals like you and I from all over the world.

  • This really matters, because ultimately,

  • privacy depends on each and every one of us,

  • and we have to protect it now because our online data

  • is more than just a collection of ones and zeros.

  • It's actually a lot more than that.

  • It's our lives, our personal stories,

  • our friends, our families,

  • and in many ways, also our hopes and our aspirations.

  • We need to spend time now to really protect our right

  • to share this only with people that we want to share this with,

  • because without this, we simply can't have a free society.

  • So now's the time for us to collectively stand up and say,

  • yes, we do want to live in a world with online privacy,

  • and yes, we can work together to turn this vision into a reality.