Encryption Faces an Existential Threat in Europe

Get real time updates directly on you device, subscribe now.

That’s a lot of lawyers.

They [Big Tech] are throwing literally hundreds of millions of euros at this problem. And as much as Ms. Vestager is committed to fighting this, she is facing an uphill battle against enormous resources of entrenched powers. So it will be a tough fight. But what is making me very optimistic is that, for the first time, I’m seeing the commission reach out to small companies like Proton to really understand what the issue is and get to the heart of it. 

It’s a shift. Instead of just listening to whatever Big Tech’s consultants and lawyers are spewing out, they’re taking time to talk to small companies and, for the first time—maybe ever—I feel like we have a voice in Brussels. 

When did that shift happen? After the DMA was passed? 

Just within the past year. I think it really shows a shift in the mindset in Brussels that has, so far, not yet happened in the US. In the US, the antitrust side is much tougher. 

What about other European regulation? I know there’s a lot of concern about the legislation drafted by EU Home Affairs commissioner Ylva Johansson which proposes forcing encrypted platforms to carry out automated searches for child sexual abuse material. Is that something you think could affect you?

Of course, it could potentially impact us. There’s also the Online Safety Bill here in the UK. It seems like it’s coming back from the dead. 

But if these things go through, there’s the risk that encryption will be demonized at a time where you’re having breakthroughs in these other areas. 

The problem with these legislations is they are written too broadly; they are trying to cover too many unrelated issues. I’ll give you an example from the UK’s online safety debate. Part of its focus is content moderation on social media. But there’s a difference between messaging on social media versus private messaging. The two things should be decoupled. So, no one is saying that there are no problems and that we shouldn’t try to fix them. But I think we need to define clearly what we’re trying to solve and how the remedy is geared toward the actual problem. Otherwise you come up with legislation which has a lot of unforeseen consequences. 

That might be the case in the online safety bill in the UK, which is trying to tackle lots of different things. But the EU’s chat control proposal is very much arguing that encrypted messaging creates a space where there is a concern child abuse is taking place. How do you approach that debate? Because it is so emotional. 

Typically, the purpose of legislation is to step in when markets don’t create the right incentive structures to enforce an outcome that will be good for society, right? And if you look at the, let’s say, the child sexual abuse control debate, is there any company in the world that is incentivized not to tackle this problem? I would say no. It’s a huge problem from a PR standpoint, from a business standpoint. So Big Tech and small tech companies like Proton are already putting all the resources that we can into combating this issue. So given that is already the case, legislation perhaps isn’t necessary because the incentives to tackle the problem are already there.