Today on Decoder, we’ve got the first of a two-part series on the systems that run the world: I’m talking with Bart Butler, the CTO of Proton, the company that makes private and secure productivity software.
You probably know it best for Proton Mail, which is encrypted by default, but the company also has docs, sheets, a calendar, and even a new AI assistant called Lumo, all built and marketed around the idea that they should be vastly more private than the products from Big Tech companies.
You’ll hear Bart say pretty plainly that the thing Proton sells, at a high level, isn’t really the products themselves, but actually trust. And trust in the software world isn’t only about the people who run the companies, but also the technology they develop and sell and the corporate structure in place to make sure that technology is built against the right incentives. Pure Decoder bait, in other words. The challenge is that Bart also says part of Proton’s mission is very much to succeed at being a viable competitor to Big Tech, and that means the company has to grow and expand to competitive scale, all while preserving its core values.
This philosophy, and that challenge, is baked directly into Proton’s structure and even its physical location — the company and its servers are based in Switzerland, in part because of the Swiss government’s geopolitical neutrality. Two years ago, Proton also transitioned to a nonprofit structure governed by a foundation, which is a familiar model used by all kinds of companies that ostensibly operate in the public interest, but which has failure modes of its own, as we just saw with OpenAI.
Verge subscribers, don’t forget you get exclusive access to ad-free Decoder wherever you get your podcasts. Head here. Not a subscriber? You can sign up here.
We talked about all of that, but I really wanted to talk to Bart because he’s responsible for the technical construction of some very complex systems that interact with all these complex politics. I really wanted to know how you translate all these lofty ideals and concepts like user trust into real, privacy-centric products and features that can withstand all this policy pressure.
For example, earlier this year, the Swiss government requested payment data that led the FBI to unmask a protester associated with the Stop Cop City movement in Atlanta, Georgia, a request Proton complied with. So of course I had to ask Bart about all that, and what it means that the US government can use words like “terrorism” to coerce foreign governments to apply pressure on Proton — and how the company decides when and how to take on those fights.
This pressure manifests in all kinds of ways. Proton is on the record saying it will leave Switzerland, and Bart says it would also consider ditching its operations in EU countries like Germany and Norway if various surveillance laws working their way through European courts continue to threaten Proton’s privacy mission. Bart told me these aren’t just empty threats and that Proton is in the process of figuring out what it would mean to leave Europe if things get, in his words, more “dystopian.”
There is a whole lot in this one. We ran pretty long because we got so deep in the weeds. We first spent the time talking through the broad frameworks before talking about the very real problems of child safety, age verification, and AI — all of which are testing Proton’s values with some of the highest-stakes problems on the internet today. But we took the extra time to get there, and I hope you’ll think it was worth it.
Okay: Bart Butler, the CTO of Proton. Here we go.
This interview has been lightly edited for length and clarity.
Bart Butler, you’re the chief technology officer at Proton. Welcome to Decoder.
Thank you. Happy to be here.
I’m excited to talk to you. It feels like Proton sits at the center of an escalating, spiraling debate about how we build technology systems, how we regulate them, and how consumers can protect their data or have any control at all over their data at the center of it.
Let’s start at the very start. I think most people understand Proton as ProtonMail, but there’s now a suite of office products and productivity products. Describe what Proton is and how you see all the products working together.
So Proton is an ecosystem, if you will — a collection of products that all share the same DNA in the sense that they fundamentally are, in many cases, versions of products you can buy elsewhere, but that are privacy preserving, right?
Yes, we started with mail. We also have a VPN. We have a Proton Drive, which is our file storage, photos, and collaborative real-time docs. We have a calendar. We have a password manager called Proton Pass. We have Meet, which is a video conferencing software. So we have a whole collection of products that do things in some cases very similar to other products that you might be more familiar with, but are also privacy-preserving.
One of the reasons I’m excited to talk to you specifically as chief technology officer is the idea that there’s a set of products that are familiar, but the company running them is going to behave better than the other company, is a familiar pattern in this industry.
Sure, it is.
And Proton promises that the products are actually architected differently.
Yes.
That from the very beginning, the way the products are built is actually what makes and keeps the promise of protecting privacy, not a benevolent CEO or a benevolent board of directors. We’ll come to that. There’s some of that in the mix here.
There’s some of that, too. There’s some corporate structure stuff, but yes, I also consider that there are actually, I would say, two primary structural… or maybe systems. You could call them systems engineering at a broader scale, but structural constraints on how Proton operates.
The first is that we encrypt all the data we can. So if we wanted to turn around and sell that data to somebody, we can’t. It’s mathematically not possible for us to do it, right? This also has other benefits. We can’t easily lose it to hackers or other interested parties, and there’s some data that we can respond to for, say, legal requests, but there’s some data we can’t. And this helps us; basically, we can’t give up data that we don’t have access to.
The second is the business model. I mean, there are other SaaS players, of course, that do this. I don’t think there are a whole lot of B2C consumer-based SaaS players at our size who do this, but our revenue model is getting paid by our users, right? So we don’t sell ads. The products are not carrots to get people to come in and give us their data so we can sell it to advertisers. And that means that those users — the ones who pay our bills, pay our salaries — allow us to grow the business.
If we were to betray them, then that would essentially undermine the value of the business. We have tied the value of the business and the growth of the business to protecting our users so that our interests are aligned. This is also very important because temptations are a thing. People respond to incentives, and we have structurally arranged our company such that those incentives are aligned with the people to whom we have promised to protect.
If I were to very reductively summarize what you just said, it is that we take money from consumers, and what we sell them is encrypted versions of popular services that they rely on, like email, a VPN, and an office suite.
Do you think consumers understand that what they’re buying is the technology solution, or are they buying the promise of privacy? Or is it some mix? Because I’m not actually sure consumers really understand at mass scale how it all works, right? They think their iPhones are listening to them.
What I will tell product people and engineers in meetings about new features is that if you’ve mentioned the word encryption to the user, you’ve already failed. I mean, people don’t understand what this is. That’s fine. Our goal is to make products that are as usable and as functional as our competitors, or more functional.
I mean, I don’t want to sound entirely derivative. We do have features that nobody else has that are often geared towards privacy and functionality for people who need confidential communications. However, in general, we’re selling the promise. We’re selling the promise that we’re a different kind of company. We’re selling the trust — and that trust is critical. Without trust… That is where the real value of the company is. Now, that trust is backed up by technology, right? But we’re selling the trust.
The reason I’m pushing on it, and specifically I’m happy that you mentioned trust, is that the big tech players will all make the same kinds of promises about your data being private. Facebook will happily tell you that they don’t sell an ounce of your data. It’s actually not in their interest to sell the data because the ad targeting that they do depends on the data being theirs and not anyone else’s. We can get into this for days and days and days.
I’m just curious where you see that trust being expressed or where you feel like that trust is most communicated from Proton. Because if you ask me, as a more technical person, I do look at the architecture of “it’s all encrypted” and probably mathematically, it’s impossible to get into. Sure, we’ll come to how much metadata can be shared with authorities because there’s some debate about that.
But that’s the piece that resonates for me as opposed to trusting you or a board of directors. Some other people just look at the promises and take them at face value. Then there’s some set of regulators that say, “Actually, we have a bunch of other interests in being able to see the data that goes on here, and we actually don’t trust you to be a good player in the ecosystem.”
So when you think about trust, does it come down to “the data is encrypted, and that’s the core promise we’re making, and anything that breaks that also breaks the whole product”? Or is there some other dimension of trust that is important at Proton as you build the systems?
So end-to-end encryption is obviously important. It’s the gold standard, and it’s what we strive for. However, there are definitely features that we… privacy, at least to me personally, is about control. There are some times when I want an integration with an external service or something like this, and I mean, my choices are no integration or breaking end-to-end encryption.
Our goal is to make it so the user has an informed choice and control over who sees their data. So it’s not the same as never sharing your data or never sharing your photos with anybody. But the point is, instead of sharing your photos with somebody like Facebook who might monetize them, it’s sharing your photos with grandma and grandpa, and only grandma and grandpa.
That’s not to say that encryption is everything, but I think we’ve set up… I don’t know if we want to get into the corporate structure right now. But we’ve set up the fundamental engineering, which backs up the trust. People like you look at the architecture and say, “Okay, this is encrypted. This is important to me.” And then you go tell somebody else, and to that other person you say, “I trust Proton because of this, this, and this.” The other person, all they know is, “Hey, I know Nilay, I trust him, and he says Proton is good.”
There’s a whole cohort much, much greater than the techie cohort. The techie cohort is our core, of course, and has been since the beginning, but there’s a whole cohort of people who trust Proton because of other people they know. And by now, I mean it might just be people they trust on Reddit, right? But other people they know say Proton is there.
And what I’m trying to say is we have set up… We’ve all been getting object lessons in the rules, bylaws, laws, other things that can be worth something, but ultimately are worth something when they are… Personnel really matters, right? Who enforces them really matters. So we have the technical layer, which is designed to constrain what we can do technically, and then we also have the legal and corporate structure layer, which is its defense in depth, basically. It’s defense in depth. All of these things are interlocking guarantees to our users that we are trustworthy. Ultimately, that’s the most important thing about the business.
I do want to come to the corporate structure. It is Decoder after all, but just one more turn on the product set itself. You started with ProtonMail. You’ve got the other suite of products, including now an AI Assistant.
You talked about the fact that the business model is the consumers paying money directly for the products. Is ProtonMail still the core product that’s making the most money? Are the other lines of business growing? How does this look?
So we don’t disclose direct financials. Mail and VPN are the two oldest products, and as you might expect, they are the two largest products still. But we also have a lot of people who buy bundles and buy multiple products. We try to make the products work well together in an ecosystem. Some products are more tightly bound than others.
The new products, the more recent ones like Calendar, are very tightly tied to Mail, of course, but we also have Drive and Pass. Those are not as big as the older products. They have less of a head start, if you will, but they are growing rapidly. So they all contribute, but yeah, they contribute differently. Often, I’m not going to say it’s exactly how old they are, but those that have had the bigger runway are usually bigger, right?
One of the patterns with consumer productivity software is that the suites get bigger, the bundles get bigger, and then the companies realize the class of customers that will actually pay for increased productivity is enterprise.
Yeah.
We see this over and over again in this space. Notion did it, Dropbox did it. I can go on and on and on about companies that we’ve covered as consumer software companies that eventually pivoted to being enterprise companies. Does Proton feel that same pressure, that you’re going to have to go have more corporate clients, enterprise clients, to grow? Or are you still focused on consumer?
This is a very, very interesting question. I think we definitely feel the pressure. There’s… what is it? I don’t know if it’s apocryphal or not, but the old John Dillinger quote like, “Why do I rob banks? Well, it’s where the money is.” There’s a little bit of that in “Why do you go B2B?” Well, it’s where the people who have budgets and are willing to pay for this are.
I think we’re definitely considering it. Even as a primarily consumer-focused business, we have a lot of people in small businesses, in particular, who use our products for business purposes. You just use the consumer. And we’ve also made forays into small business offerings and things like that.
I think this is something that growth will probably demand. And I think there are a lot of businesses for whom things that we offer — confidentiality, non-US-based and European sovereignty type stuff in particular, and just our reputation — are very appealing to those businesses. That said, we have to strike a balance. And today, our business is B2C. We’re not going to jettison the B2C business. I also think that having the B2C business as strong as it is is a competitive strength.
I mean, as you said, there are several that have transitioned to B2B from B2C. But at the same time, I think there are a lot more B2B players that start B2B and stay there. And one of the things that we’re looking at… Communication between businesses and their customers is certainly important, and confidentiality is important there. You see things like WhatsApp’s forays into having businesses connect to consumers who have WhatsApp. I think that when the time comes to really make a push to B2B, the B2C user base and product suite will be a benefit to us.
One of the tensions there as AI infiltrates more and more businesses is that frontier model companies want every ounce of data. I think a bunch of big enterprises are very leery of giving a bunch of data to frontier model companies. The AI works best when they have a bunch of data, and so there’s this big choice about how much of your business you will expose to Claude. How much of yourself will you expose to Claude to get the most value out of those models?
Proton sits right in the middle of that with a technical architecture that you’re saying would provide choice, but it also seems like the game for a lot of these companies is to just hand everything over and say, “Go run my business, AI.” How do you see that working with your enterprise customers today?
Yeah. I mean, it’s a fraught decision. It’s giving all their sensitive data over. And they feel like, in many cases, they don’t have a choice. In some ways, that’s why we developed Lumo, our AI offering, which I think may have been left off the list before, unfortunately. I think we just launched Lumo 2.0, which is a big revamp of the models we use. And part of that is… The goal of the Lumo project in general is to have something that integrates with the rest of our products and can do this in a safe way.
This is to address this sort of trade-off between whether I give random AI companies — possibly in different countries, possibly having compliance problems, all those other things — do I give them all my sensitive business data, or can I do it in a way that is still more protected? Now, in many ways, there are still trade-offs on our side to make, but we keep it in-house within Proton with the guarantees that we give. That should be a more attractive option for those kinds of workloads, and that’s what we’re hoping for as we develop Lumo.
I think this does bring us to the Decoder questions about structure and organization because that’s where it feels like the structure has to be, where the trust lies, not necessarily the technical architecture. So how is Proton structured today? How many people are there?
So, Proton today is approximately 650 people total. That includes engineering, support functions, marketing, et cetera. It also includes customer support, which we do in-house. We always have. We are a corporation called Proton AG, a Swiss corporation.
However, a controlling stake in Proton AG is held by the Proton Foundation, which was seeded with shares from Andy, our CEO, and other early employees. There are other fellow travelers with, I would say, somewhat similar structures. Signal and Mozilla, and our reasons are the same.
The Proton Foundation’s controlling stake in the Proton company means it is empowered to protect the mission. It’s a Swiss foundation. I’m not a lawyer, but I’ve been told it’s very difficult to change. Its job is the guardian of the values and the mission of Proton. So if Proton, the company, were to stray from that mission, the Proton Foundation would be empowered to correct course, if that makes sense.
Has that ever happened?
No. Thus far, no. We have our founder and CEO, Andy Yen. Andy founded the company, and as long as he is in charge, I don’t think that’ll be necessary. But if he gets hit by the bus, there’s a corporate structure that is designed to protect the mission going forward and to make sure the company doesn’t stray regardless.
Because of this ownership model, too, the company is insulated from, say, some sort of takeover or purchase that could also redirect its priorities. I think that factor, the tech, and the business model basically are interlocking protections against us betraying the compact that we have with our users.
One of the things that strikes me as I talk to more and more companies that have transitioned to this kind of foundation model is that that structure is essentially there to insulate you from the rapacious demands of capitalism. You aren’t being pressured to make as much money every quarter as possible to do the things that would lead you to make the most money, and that means maybe the technology can develop in a pure and idealistic state of protecting privacy instead of chasing the dollars.
Do you feel that insulation? I mean, you do have to make money and pay your employees and grow in some way, but what’s the dynamic for you architecting the products?
So the short answer is no, and the reason for that is that part of the mission for us is that we have to compete in capitalism. Our main competitor is Big Tech. Even though we are much smaller than Big Tech, where our users come from when we convert people, when we get new customers, they’re [coming from] Big Tech in general.
We have to play the same game. This might be a little cheesy, but our corporate motto is “Privacy by default.” That “default” part is doing a lot of heavy lifting. I mentioned before that our goal is to design products that are easy to use and secure. There are plenty of tools that are secure, and nobody — but a few experts — uses them. And that’s fine. I’m not criticizing the existence of those tools, but our goal is to make tools that everybody can use without understanding the cryptography, without even knowing that it’s cryptography that they can use, and that are as easy to use and as feature-filled as our unencrypted and essentially data-mining competitors. It’s a tall order.
I’m not saying we’re 100 percent there yet, but that is the goal. But the default word in “privacy by default” means growth. It means we have to be at the scale where we can offer a real alternative to Big Tech. And small startups, small scaleups, being 100 times or 10 times smaller than Big Tech, are not going to cut it. In order to do that, we need to grow.
So growth is actually part of the mission, if you will. That means that we have to be… the word is not rapacious, but we have to be as hungry, efficient, and growth-minded as we possibly can because that’s part of the mission to grow big enough to actually challenge the current paradigm. I mean, we can talk about all kinds of ways capitalism is broken right now, but we have to play the game.
Yeah. All right. I’m going to make a comparison that you are going to hate. I’m just letting you know. I know you’re going to hate it.
Okay.
Maybe the most famous “we’ll build a foundation to protect ourselves from the demands of the market and make sure the thing is healthy” idea is from OpenAI, which basically killed that structure in order to chase an IPO, right?
Maybe they still have really important and idealistic ideas about how AGI should be developed. Maybe some people in that company really feel that way, and it just didn’t work, right? They needed to chase growth in very specific ways for whatever reason they felt. Maybe it was money, maybe it was just to take on Google Search the way that OpenAI felt like it wanted to; they had to change the structure of the company.
That obviously happened. It’s like one of the most apocalyptic foundation moments that has ever happened. This thing just exploded or imploded onto itself. When you look at that, and then you look at, “Okay, we have to grow. To be the default, we have to grow to be big, but we’re making this promise that Google doesn’t have to make, or Microsoft doesn’t have to make,” where is the tension in that? How does that express itself as you design the architecture of the products, which might preclude some opportunities?
What could also be our corporate motto — it’s not, but it could be — is go big or go home. We certainly don’t set modest goals in that regard. But I think that there are a couple of things that make it different. I mentioned before a lot of constraints, but one thing I didn’t mention is that we don’t have VC investors. We don’t have private equity investors. We aren’t burning other people’s money with VCs breathing down our necks that we must exit soon, or otherwise we go belly up.
We built a sustainable business. We reinvest the profits from that business back into the business. And this insulates us from some of the pressure, which I’m sure OpenAI felt given that they were lighting enormous stacks of money on fire all the time, right? But that said, personnel is policy. I think that there’s certainly always this risk. At the same time, we found out a lot recently that sometimes rules, norms, or guidelines aren’t written. Unwritten or not, they’re not worth the paper that they’re written on.
But that’s also where the architecture comes in. We make choices about the tech stuff, and obviously I’m on the tech side of this business, but we have made choices, and some of that is for business competitive reasons, right? We want to sell products where we say, “We can’t access your data. We don’t have access to data. We can’t lose it. We can’t sell it. We can’t do this.”
But that also constrains us from deciding one day to turn around and sell it because we have locked it in a box, and we can’t access it, and therefore we can’t turn around and say, “You know what? Sorry guys, we changed our minds. We’re actually going to mine all this data and go.” Now, is anything perfect? No. But I mean, the structure is designed such that we have these interlocking, as I said, controls.
I think the other thing is that even if, say… The Proton Foundation is barred from selling Proton AG, as far as I’m aware, but even if, for some reason, something happens, the value of Proton is in the reputation. And we said this, and it has been a deliberate choice. The value of Proton is in the trust that we have. If Google bought us, it would have no value because Google does not have the credibility to run Proton. Do you see what I mean?
That’s just the default of Google buying anything. I just want to be very clear about that.
[Laughs] No, they shut it down and then it’s gone, right?
The clock would start ticking that day.
Yeah. I know. It’s happened before, it’ll happen again, I’m sure. But the Proton Foundation structure is designed to say that “No, the company cannot be sold to a buyer.”
That’s the macrostructure. Just tell me about the more tactical structure inside the company that’s building a product. How is Proton itself structured? Is there a team that makes the Lumo assistant? Is there a team that makes email? Is it divisions? Is it functional? How does that work?
So we do have a division structure, a business unit structure. We have certain products that are bundled together, like mail and calendar, so they’re bundled into the same division. The others are separate. So we have Lumo, we have Drive, we have Pass, and we have VPN. These are separate divisions. You make choices about corporate structure based on what communication you want to be the easiest. So that’s designed to allow people to move fast and to have autonomy and make decisions within their product.
We also have cross-organizational teams, support teams, and things like that. And on that side, the trade-off of the business unit structure is that we sometimes have to work harder. It’s a little bit like corralling cats, right? Where you have to make sure that, “Okay, I’m building this feature that touches all the products. I need to make sure that all the products are on board and they have it in their planning so that we can ship them correctly.”
So you make decisions about that. We’ve made a deliberate decision to prioritize in-product communication. And then we try to compensate for the shortcomings of that in our cross-product communication. Then, as we transition to more and more ecosystem-based stuff, we may make different choices about the corporate structure to support that. The whole Conway’s law thing. You ship your org chart, but sometimes you want the best of both worlds, and this is where process comes along. It’s not always sexy, but you find it super important as you scale organizations, for sure.
You might be the first Decoder guest to make the connection directly between the fact that I ask everyone how their company is structured and you ship your org chart, which is why I always ask, because it’s the fundamental truth.
You do, and we struggle with that to some degree. We try to compensate for it. But yeah, you do ship your org chart. And therefore, if you want your products to look different, you should adjust your org chart to support that difference, right? I mean, ultimately.
The other Decoder question I ask everybody is about decisions. You have a lot of decisions to make. You are trying to build a new kind of product architecture against a lot of the same constraints as your competitors. How do you make decisions? What’s your framework?
How do I make decisions? We are a founder-led company. Andy started Proton. I was, I think, employee six, I want to say. That’s a funny story in itself. You know how I met Andy?
How’s that?
He was my grad student at CERN. I was a postdoc at Harvard, and he was my grad student. And then he comes and finds me in Silicon Valley after I left physics and says, “Hey, you want to join my startup? You can be CTO.” Anyway, and here we are 11 years later.
But he’s still heavily involved. He has a lot of input on product direction strategy, and he’s a visionary. I think he’s responsible for a lot of Proton’s success. He’s willing to take risks, that kind of stuff. I obviously believe in his leadership, or I wouldn’t still be here after 11 years. That said, I think one thing that sometimes happens with visionaries is they need to surround themselves with people who will challenge them when they get maybe a little too far over their skis, or to also make sure that we have ideas from other places.
One thing that we really try to make sure of is that ideas are judged on their merits, not their origin necessarily. And so we have a senior leadership team whose job is to, yes, execute but also bring new ideas and sell them and things like this. I’m not going to say that we’re perfect in this because nobody is, and we have plenty of things that we can improve, but we try to push decision-making down the org. The whole point of an organization is that you have a way to align lots of different people in the same direction.
The trick is always: how do you get alignment in the same general direction while still having autonomy so that you’re not micromanaging everything? And I’m not saying we always get the balance right, but that’s the goal here. When we do this sort of orientation when we hire new people into Proton, one of the things we always say is: I want to hear… You’re not used to our way of doing things yet. So I want you to look at our way of doing things, and if you’ve experienced another employer or you think this is either crazy or inefficient, I want you to tell us. And we’re very clear, yes, of course we have a hierarchy, and part of this is our size, but we very rarely have more than, say, three or four levels of management.
We always say, “Look, if you need to ping me, you need to ping the CEO, you need to directly talk to people, just do it.” It’s another thing, and again, I’m speaking for myself, but I think this is common throughout Proton: I tell people, “I’m not promising or obligated to agree with you, but you’re never going to regret telling me what you think,” basically.
So we try to do that. And I credit Andy with this, but we have very little internal politics. Maybe this is just because we’re not very big yet, but we have zero tolerance for fiefdoms or internal politics, and that also makes things easier. There’s very much a sense that we’re all pointing in the same direction, and that it’s not my division that I’m trying to grow, it’s Proton in general.
I think that some of that comes with being a mission-driven company. I don’t know if you’ve ever had this experience, but for those of you who haven’t, I’ve had both. I was a physicist as part of the CERN collaboration a long time ago, and there you have the fundamental nature of the universe. I consider that a mission-driven occupation.
I also had a stint in Silicon Valley afterward, which had fun and interesting technical problems, but I missed that. And with Proton, the mission is really… We have to be careful that it doesn’t paper over organizational problems that we should really solve, let’s put it that way. But it really does make the job easier when everybody is aligned in that regard.
Let me ask you a question about that, and then I want to come to the pressures that Proton feels and how you put all of this structure into practice to resist those pressures. Early on in my career, I had no idea how to manage anyone. I went to a bunch of people and asked them a bunch of questions. One of the smartest mentors in all this sat me down and told me very seriously, “Look, you don’t hire people to make them like you. You hire people to change your organization.”
I’ve taken that to heart, and maybe at 15 years into this, I’m like, “That’s actually a pendulum. You need people to buy into what you’re doing. Otherwise, every new person you hire is going to radically disrupt what everyone else is doing because they’re maybe over-empowered and they’re not actually on the same page.”
Proton has a mission, right? You’re describing it as a mission-driven company. How do you strike that balance of wanting to hire new people and get the outside perspective on what you’re doing wrong and then not actually get knocked totally off track? Because it seems very important within a company like Proton.
I mean, culture is extremely important. It’s extremely important. That comes from the top as well. Andy, if you were to ask him what the most important thing in any business is, he’s very likely to say culture. As a result, we try to be very careful about who we hire. We hire relatively slowly. I wish we could hire faster.
I think hiring is one of the things that we could be better at, but we don’t do these massive hires, massive layoffs, things like this because… And we don’t hire so fast that we dilute the culture. We want to integrate people into the Proton culture, not necessarily… And yes, sometimes we have to change it, sometimes we have to evolve it, but we want that to be done in a deliberate way.
I also had maybe a similar evolution as a manager. I’ve been there through all of Proton’s growth phases. So early on, I wrote a lot of code, and then I was effectively a team lead. Then I was a manager of managers. At some point, I was running all of Proton’s engineering. Then I handed off some of the management things, but kept the CTO technical direction stuff.
In that course, I definitely made a lot of mistakes too, right? Early on, I had to teach myself not to make other people like me, not to, maybe not micromanage, but not to just tell people what to do and have them execute it. And then I went through a phase later where I realized that, okay, people need to learn, people need to make their own mistakes. I want to import people with expertise; I’m not infallible. Let’s do this. That was probably too permissive. We had some… nothing catastrophic, but we had some expensive mistakes that I had a bad feeling about, but I let go through anyway. Because I was trying to do this.
That’s the worst.
So I think moderation doesn’t tend to be the sexiest thing to sell, but it is. It’s a balance. You don’t want to mandate how things are done, but you also want to make sure that you’re there to stop people from making truly catastrophic or expensive decisions. You can see the brick wall in the distance, and you want to make sure that doesn’t happen. Yeah, it’s not the most dramatic answer, but a lot of this is finding the right balance there, moderation.
The reason I spent so much time on the technical and corporate structure side, as well as the culture, is that Proton faces a lot of pressure. And all of this, as you’ve described, is designed to resist that pressure and designed to build products that can’t be broken by that pressure in different ways. Let’s just start with, I don’t know, the governments of the world, which put a lot of pressure on Proton, and have found lots and lots of ways to get past the kinds of controls you put in place to protect user data.
So we’ll just start with the splashiest one. In March, a report from 404Media found that Proton handed over the payment data of an account called Stop Cop City, which is located in the United States. They handed that data to the Swiss authorities, who then gave that data to the FBI, and that led to their identification. And this is metadata; I don’t think it’s actually the data, the contents of the emails.
Proton’s argument is, “Look, we never actually gave anything to the FBI. We just complied with a legal request from the Swiss government.” Let’s start at the very basics. What is the Swiss government legally allowed to request from you? And does the fact that they can just serve as a proxy for the United States government undermine any of this trust or put any novel kind of pressure on your structures?
So any company anywhere is going to have a jurisdiction and be subject to jurisdiction. No company or individual is above the law. And no company is going to go to jail for you. That said, you can arrange structures such that there are safeguards here. And our safeguard, for instance, is that we are a Swiss company. And we’ve actually been asked repeatedly, “Hey, can you just respond to requests from friendly government agencies?”
We have repeatedly said no because it can’t be our job to decide what is legitimate and what is not. That is not something that we can take on. So what we do is we engineer our products to have, within constraints, like making a product that people want to use and can use and does the job, but we engineer our products to be as private as possible.
We are subject to Swiss jurisdiction. Mutual Legal Assistance Treaty requests, MLAT requests, come in from governments. The Swiss authorities decide what is legitimate and what is not. We have no stake in that. And then they issue an order, we comply with those orders, and that’s the way it has to be. We very deliberately chose our jurisdiction in a way that the Swiss are famously neutral. Every government is made up of humans, but they have a reputation for being reasonable people, and that system has worked pretty well.
In general, there are countries that are less trustworthy than others, and those requests… We don’t have a lot of visibility into where the requests are coming from, but those requests we have on good authority are usually not honored. Whereas peoples’ opinions may vary these days, the FBI requests, they tend to be given a certain presumption of legitimacy, but they’re still evaluated by the Swiss authorities. And then what we do is we comply. We have no discretion here. And this would be the case for anything, but we have arranged the system such that we think it is one of the safest that can be constructed and stay legal.
So let me just ask you about that, because you are a systems person; you’re describing a system.
Yeah.
The failure point in that system, as you’re describing it to me, is that the Swiss government is going to make a bunch of decisions about what you have to comply with. The United States government, in this case specifically, I think, has realized that if they just say that everything is terrorism, the floodgates open on the mechanisms for data sharing.
So in this case, this is an account called “Stop Cop City.” They said this is terrorism. Here in the United States, whether or not the government’s claims of everything being terrorism are legitimate or not, I think, is wide open for debate.
Sure.
But it feels like they found what you would describe as an attack vector on the Swiss government’s mechanisms, where if you say these magic words, the Swiss government will come to you and start asking for metadata. Does that feel appropriate? Does that feel survivable?
I think a lot of this stuff, at some point, is going to be up to people. We’ve done the best we can, and I don’t think… People are going to have different opinions about which requests are legitimate or not, but we’ve done the best we can in saying that, “Okay, the Swiss authorities will decide, and then we will comply with whatever they say because we are a Swiss jurisdiction.”
In the meantime, we do and can arrange — and, of course, there are laws that govern this — but we do whatever we can to minimize the amount of data that we can give. I mean, with payment data, we can encrypt it. We use payment processors. They can get it from lots of different sources. So if you have a credit card attached and there’s a legal request coming in, there’s not a whole lot we can do, right?
You mentioned systems… because I think this is important. What’s important to me, and I realize this… I don’t want this to sound callous for a specific hypothetical abusive case that might not have been… Mistakes can be made, of course. But I want a system like the system we have, which is that if the government has some sort of reasonable cause and can convince people in a defined process to give data, then yeah, the data should probably be given. What I really worry about is that we often live in a world where basically the government can instead ask, “Give me all your data, and I’m going to look for problems. I’m going to look for a crime.”
The word wiretap comes from a time when they had to literally go to your house and tap the wire. I don’t think it was really thought of at the time, but that — the actual physical act of having to do this — had a barrier to the fact that you couldn’t surveil everybody at once. It was simply logistically impossible. We live in a world today where you can surveil everybody, so we want to build services and systems where this is impossible, right? Where the default should be privacy, as I said, privacy by default.
Yes, we are also responsive to legitimate law enforcement requests, however you define legitimate. And that legitimate question will always be a matter of process, in which we, of course, are only one player in this process. But I think that’s the-
Well, there’s legitimacy, and there’s a market dynamic here. So the Swiss government has applied a lot of pressure to Proton in the last few years. They want you to basically have an unencrypted VPN and be able to decrypt user data that was traveling over VPN. I believe Proton has threatened to leave Switzerland over this, and then you announced that you were going to build a more distributed infrastructure and place some of that infrastructure in Germany and Norway.
We’re going to come to Chat Control. Yesterday, I think the EU passed a version of this law, and Proton’s response was, “We’ll just leave the EU. We’re going to take ourselves out of this legal jurisdiction.” I want to talk about that stuff in detail, but just in the sort of broader context that you’re talking about right now, you’re picking, right? You’re picking a foundation, and often the response is, “Well, if you change the legal foundation here, we will leave.”
Yeah.
How real is that?
It’s dead serious. With all due respect to Swiss authorities and everybody else, I think it would be absolutely suicidal to continue down this path. I mean, part of the Swiss brand is privacy. It’s been that way for 80 years, and they have a good, via Proton largely, but also, they have a good case for bringing that reputation and those economic advantages — because there are a lot of businesses, a lot of commerce, that require confidentiality — to the 21st century, to the digital age. And throwing it away is, I think, shortsighted to say the least. But no, it’s a serious threat. The thing about digital services is that they can be moved. There’s a lot of flexibility in this.
I mean, I guess if we get truly dystopian, there may be a world where there’s no place to move to, but at the moment there are options. It’s certainly also… It’s a threat. I mean, it’s a real threat. We hope not to have to do it. We hope that the powers that be are responsive to this and change course, but yeah.
That’s a cost, right? I’m curious about this-
It’s a cost. Well, it is a cost. We’ll have to do it, but it’s maybe not as much of a cost as you might think. We already have employees in different countries. We have satellite offices, and we have other things. We have data centers in Germany. We have data centers in Norway. Not to be too blasé about it, but we could do a corporate inversion to somewhere else and then say, “Okay, all the legal requests have to come through here.” And all the data is in-
How does that play with “you can’t sell it”? The part where you’re like, “It’s a Swiss foundation. It’s very hard to sell.” You want to leave Switzerland and reincorporate in Germany. Is the Swiss government going to stop you?
I’m going to have to defer on that because I am not a lawyer. I have no idea, but I’m sure it’s possible.
I’m just curious because it feels like, at least as of this conversation, NATO still exists. Germany and Norway are still in the EU. There’s Swiss law, there’s German law, then there’s EU law. And the EU law is also getting increasingly intense about what they can scan and what they can’t scan.
I mentioned Chat Control earlier. That’s the law in the EU that would require service providers to scan the contents of messages for CSAM material and for other kinds of infringing material. That’s a big problem. I think Proton said, “We will just leave the EU if you make us do this. This is going to break the core promise.”
Yeah.
If you move to Germany and Norway, and then the EU passes the harshest version of Chat Control, are you geared up to leave?
Yeah.
How ready are you? Can you pull the switch tomorrow? Where would you go?
I don’t know, I’d have to consult with other people for that. I’m not deep in that, but it’s a real threat. I know it’s a real threat. I know we’ve made some preparations about where we could possibly land for this if both the EU and Switzerland become inhospitable to this.
There are separate things. There are the practical challenges that we all know this stuff is happening. There’s a wave, whether it be age verification or breaking encryption or stuff like this, that seems to be in vogue right now, and it’s something we are fighting on the policy front. In my opinion, it’s very misguided. Hopefully, at some point, the fever breaks. You cannot brand a backdoor with an American flag and say that only good people can use it. It doesn’t work like that, or an EU flag or anything like that.
Maybe this comes a little bit back. So there’s the practical part. What do we do if this happens? What do we do if this happens? At the end of the day, governments hold a lot of power over policy, and you have to figure out how you can comply, or if you can’t comply, you leave, or you do something else. But there are a lot of countries in the world, and I think we will ultimately do what we have to.
The other part — just to, I guess, use your platform a bit to make the case — is that Chat Control, age verification, all this stuff, is a very bad idea. I don’t want to say… There are real threats to children online, and it’s not that we shouldn’t take them seriously, but there are ways to do this. We talked about systems thinking before and systems design. There are ways to do this that balance the appropriate concerns, that can gate mature material behind age gates that don’t reveal who you are.
Once you build a system that essentially abolishes anonymity online, how long before that system… I mean, it’s Chekhov’s gun. How long before somebody comes along to use it? If it’s built, somebody’s going to use it eventually for purposes that it wasn’t designed for.
How long until China says, “Hey, identify all the dissidents for me who are using this”? Because they have to use their ID for everything on the internet. So we want to build systems, internet systems, that can’t be commandeered like this. This is how we build Proton, but I think this principle applies to the larger internet.
This is a kind of thought experiment, right? I’m probably going to butcher this, but there was some crazy statistic that a huge fraction of East Germans were actually employed as informants by the Stasi on other East Germans in the height of the Cold War. And the Iron Curtain, of course, fell pretty much right before the dawn of the digital age, in some ways, the internet age.
I think you could argue — and I think you can look at counterexamples like China — that if some of the Eastern Bloc authoritarian regimes made it into the digital age, maybe they would have had enough control over information to not fall anymore because it’s so much easier to do this. So the fact that Facebook and Google, arguably with their ad ecosystems, have built the most sophisticated — okay, China’s is perhaps — but some of the most sophisticated surveillance systems ever built, but we do the most American thing ever with it, which is we use them to sell you crap you don’t need.
But that doesn’t mean that’s the only use for those, and the fact that those are sitting on the mantelpiece like Chekhov’s gun, waiting for somebody to pick them up and do something truly horrific with them, is a threat to free society. All this other stuff with Chat Control and age verification is the same thing. It’s saying, “We have this harm. Let’s build a system to prevent this harm that then can be used for really nefarious purposes.” We need to make sure that we don’t engineer systems that threaten the existence of a free society. Sorry, that was my soapbox speech, but it’s something I care deeply about.
The reason I asked you so much about the structure of the company and its culture and how the systems are built is that idealism is often expressed in Silicon Valley. I’ve heard it from all of the big companies that you have described. I hear it from big companies today, and then the compromises creep in.
And sometimes the compromises are, “Well, we’re domiciled in the United States. We’re just going to have to listen. There’s nothing we can do. You can look at our warrant canary page to see how many legal requests we’re getting, and that’s going to be the answer.”
Sometimes the compromises are, “Look, we have to grow. We have to get bigger, and that’s it.” And sometimes the compromises are “there’s no way to build the system that would protect people the way we want, and comply with the legal regimes.” I think encryption sits at the absolute heart of that tension.
I’ll give the example of Apple because I think everyone is familiar with Apple. Apple routinely resists these calls for a backdoor. [The company] is big enough to do it in the ways that it can do it, and then the iPhone gets zero day-ed anyway. It doesn’t matter. That cycle repeats in a way that it repeats. But if you talk to the folks at Apple, they say, “Look, the regulators come to us, and they’re like, ‘Just be smart. Just do some smart stuff, smart guys, and find a way to do a backdoor that will preserve privacy.'” And Apple’s response is, “You cannot.”
It’s impossible.
We cannot nerd hard enough to solve this problem for you. I think there’s some willful ignorance on the part of the regulators; I think the regulators know this. And then I think there’s a massive number of activists who want to protect children. Maybe they do understand it, maybe they don’t understand it, but what they certainly understand at a visceral level is the kids are being harmed, right?
All of the other systems that everyone claims can ameliorate the problems or mitigate the risk to encryption do not actually exist, such that the kids are not being harmed at the rate they’re being harmed today. You sit in the middle of this. The governments of the world come to you. They’ve asked you for backdoors. They’ve asked you for client-side scanning of chat messages to detect CSAM. What’s your response to just be smart? Just nerd harder and figure it out?
I mean, it’s impossible to create a backdoor that can only be used by the good guys. And the consequences of the backdoors being used by the bad guys are basically catastrophic, right? I think you mentioned there are still harms being perpetrated at these rates and that’d be-
Like at a massive scale. I do think it’s important to say that clearly. The harm is being perpetrated at a massive scale.
I mean, the concerns are legitimate, right? But we tolerate a lot of harms. We tolerate ingesting things that aren’t good for you if you’re an adult, right? And this is maybe US-centric, but there have been several… I mean, I don’t know if it’s still a precedent with the way things are going, but there have been several court precedents that have basically said that… I think this actually has to do with scanning or otherwise; they have said that, “Okay, these must be compatible and balanced against restricting the freedom of adults, to essentially be very, very secure.”
You can make society very, very, very secure by taking away all freedom whatsoever. You can do that. And this is a trade-off of what we want to make, but I don