Think your email's private? Think again
-
0:01 - 0:06Twenty-five years ago, scientists at CERN
created the World Wide Web. -
0:06 - 0:10Since then, the Internet has transformed
the way we communicate, -
0:10 - 0:14the way we do business,
and even the way we live. -
0:14 - 0:16In many ways,
-
0:16 - 0:21the ideas that gave birth to Google,
Facebook, Twitter, and so many others, -
0:21 - 0:23have now really transformed our lives,
-
0:23 - 0:27and this has brought us many real benefits
such as a more connected society. -
0:27 - 0:30However, there are also
some downsides to this. -
0:31 - 0:34Today, the average person
has an astounding amount -
0:34 - 0:36of personal information online,
-
0:36 - 0:40and we add to this online information
every single time we post on Facebook, -
0:40 - 0:42each time we search on Google,
-
0:42 - 0:44and each time we send an email.
-
0:44 - 0:46Now, many of us probably think,
-
0:46 - 0:49well, one email,
there's nothing in there, right? -
0:49 - 0:53But if you consider
a year's worth of emails, -
0:53 - 0:56or maybe even a lifetime of email,
-
0:56 - 0:58collectively, this tells a lot.
-
0:58 - 1:01It tells where we have been,
who we have met, -
1:01 - 1:05and in many ways,
even what we're thinking about. -
1:05 - 1:09And the more scary part about this is
our data now lasts forever, -
1:09 - 1:12so your data can and will outlive you.
-
1:12 - 1:16What has happened is that we've largely
lost control over our data -
1:16 - 1:18and also our privacy.
-
1:18 - 1:21So this year, as the web turns 25,
-
1:21 - 1:24it's very important for us
to take a moment -
1:24 - 1:26and think about the implications of this.
-
1:26 - 1:28We have to really think.
-
1:28 - 1:30We've lost privacy, yes,
-
1:30 - 1:33but actually what we've also lost
is the idea of privacy itself. -
1:34 - 1:36If you think about it,
-
1:36 - 1:40most of us here today probably remember
what life was like before the Internet, -
1:40 - 1:42but today, there's a new generation
-
1:42 - 1:46that is being taught from a very young age
to share everything online, -
1:46 - 1:50and this is a generation that is not
going to remember when data was private. -
1:50 - 1:54So we keep going down this road,
20 years from now, -
1:54 - 1:57the word 'privacy' is going to have
a completely different meaning -
1:57 - 1:59from what it means to you and I.
-
1:59 - 2:01So, it's time for us
to take a moment and think, -
2:01 - 2:04is there anything we can do about this?
-
2:04 - 2:07And I believe there is.
-
2:07 - 2:10Let's take a look at one of the most
widely used forms of communication -
2:10 - 2:13in the world today: email.
-
2:13 - 2:16Before the invention of email,
we largely communicated using letters, -
2:16 - 2:19and the process was quite simple.
-
2:19 - 2:22You would first start by writing
your message on a piece of paper, -
2:22 - 2:24then you would place it
into a sealed envelope, -
2:24 - 2:26and from there,
you would go ahead and send it -
2:26 - 2:28after you put a stamp and address on it.
-
2:28 - 2:30Unfortunately, today,
-
2:30 - 2:33when we actually send an email,
we're not sending a letter. -
2:33 - 2:35What you are sending, in many ways,
is actually a postcard, -
2:35 - 2:39and it's a postcard in the sense
that everybody that sees it -
2:39 - 2:43from the time it leaves your computer
to when it gets to the recipient -
2:43 - 2:45can actually read the entire contents.
-
2:45 - 2:49So, the solution to this
has been known for some time, -
2:49 - 2:51and there's many attempts to do it.
-
2:51 - 2:54The most basic solution
is to use encryption, -
2:54 - 2:56and the idea is quite simple.
-
2:56 - 2:57First, you encrypt the connection
-
2:57 - 3:00between your computer
and the email server. -
3:00 - 3:04Then, you also encrypt the data
as it sits on the server itself. -
3:04 - 3:06But there's a problem with this,
-
3:06 - 3:09and that is, the email servers
also hold the encryption keys, -
3:09 - 3:13so now you have a really big lock
with a key placed right next to it. -
3:13 - 3:16But not only that, any government
could lawfully ask for -
3:16 - 3:18and get the key to your data,
-
3:18 - 3:21and this is all without you
being aware of it. -
3:21 - 3:26So the way we fix this problem
is actually relatively easy, in principle: -
3:26 - 3:29You give everybody their own keys,
-
3:29 - 3:32and then you make sure the server
doesn't actually have the keys. -
3:32 - 3:34This seems like common sense, right?
-
3:34 - 3:38So the question that comes up is,
why hasn't this been done yet? -
3:38 - 3:41Well, if we really think about it,
-
3:41 - 3:44we see that the business model
of the Internet today -
3:44 - 3:46really isn't compatible with privacy.
-
3:46 - 3:49Just take a look at some
of the biggest names on the web, -
3:49 - 3:52and you see that advertising
plays a huge role. -
3:52 - 3:56In fact, this year alone,
advertising is 137 billion dollars, -
3:56 - 3:58and to optimize the ads
that are shown to us, -
3:58 - 4:01companies have to know
everything about us. -
4:01 - 4:03They need to know where we live,
-
4:03 - 4:06how old we are, what we like,
what we don't like, -
4:06 - 4:08and anything else
they can get their hands on. -
4:08 - 4:10And if you think about it,
-
4:10 - 4:14the best way to get this information
is really just to invade our privacy. -
4:14 - 4:17So these companies
aren't going to give us our privacy. -
4:17 - 4:19If we want to have privacy online,
-
4:19 - 4:23what we have to do is
we've got to go out and get it ourselves. -
4:23 - 4:25For many years, when it came to email,
-
4:25 - 4:28the only solution
was something known as PGP, -
4:28 - 4:31which was quite complicated
and only accessible to the tech-savvy. -
4:31 - 4:34Here's a diagram that basically shows
-
4:34 - 4:36the process for encrypting
and decrypting messages. -
4:36 - 4:39So needless to say,
this is not a solution for everybody, -
4:39 - 4:42and this actually is part of the problem,
-
4:42 - 4:45because if you think about communication,
-
4:45 - 4:49by definition, it involves
having someone to communicate with. -
4:49 - 4:52So while PGP does a great job
of what it's designed to do, -
4:52 - 4:55for the people out there
who can't understand how to use it, -
4:55 - 4:58the option to communicate privately
simply does not exist. -
4:58 - 5:01And this is a problem
that we need to solve. -
5:01 - 5:03So if we want to have privacy online,
-
5:03 - 5:06the only way we can succeed
is if we get the whole world on board, -
5:06 - 5:10and this is only possible
if we bring down the barrier to entry. -
5:10 - 5:13I think this is actually the key challenge
that lies in the tech community. -
5:13 - 5:17What we really have to do
is work and make privacy more accessible. -
5:17 - 5:20So last summer, when
the Edward Snowden story came out, -
5:20 - 5:24several colleagues and I decided to see
if we could make this happen. -
5:24 - 5:29At that time, we were working at the
European Organization for Nuclear Research -
5:29 - 5:33at the world's largest particle collider,
which collides protons, by the way. -
5:33 - 5:36We were all scientists,
so we used our scientific creativity -
5:36 - 5:39and came up with a very
creative name for our project: -
5:39 - 5:41ProtonMail.
(Laughter) -
5:41 - 5:44Many startups these days
actually begin in people's garages -
5:44 - 5:46or people's basements.
-
5:46 - 5:47We were a bit different.
-
5:47 - 5:50We started out at the CERN cafeteria,
-
5:50 - 5:53which actually is great, because look,
-
5:53 - 5:55you have all the food
and water you could ever want. -
5:55 - 5:57But even better than this
is that every day -
5:57 - 6:01between 12 p.m. and 2 p.m.,
free of charge, -
6:01 - 6:06the CERN cafeteria comes with
several thousand scientists and engineers, -
6:06 - 6:08and these guys basically know
the answers to everything. -
6:08 - 6:11So it was in this environment
that we began working. -
6:11 - 6:14What we actually want to do
is we want to take your email -
6:14 - 6:18and turn it into something
that looks more like this, -
6:18 - 6:20but more importantly,
we want to do it in a way -
6:20 - 6:22that you can't even tell
that it's happened. -
6:22 - 6:25So to do this, we actually need
a combination of technology -
6:25 - 6:27and also design.
-
6:27 - 6:29So how do we go about
doing something like this? -
6:30 - 6:34Well, it's probably a good idea
not to put the keys on the server. -
6:34 - 6:38So what we do is we generate
encryption keys on your computer, -
6:38 - 6:42and we don't generate a single key,
but actually a pair of keys, -
6:42 - 6:46so there's an RSA private key
and an RSA public key, -
6:46 - 6:48and these keys
are mathematically connected. -
6:48 - 6:50So let's have a look
and see how this works -
6:50 - 6:53when multiple people communicate.
-
6:53 - 6:57So here we have Bob and Alice,
who want to communicate privately. -
6:57 - 7:01So the key challenge
is to take Bob's message -
7:01 - 7:05and to get it to Alice in such a way
that the server cannot read that message. -
7:05 - 7:08So what we have to do
is we have to encrypt it -
7:08 - 7:10before it even leaves Bob's computer,
-
7:10 - 7:14and one of the tricks is, we encrypt it
using the public key from Alice. -
7:14 - 7:19Now this encrypted data is sent
through the server to Alice, -
7:19 - 7:24and because the message was encrypted
using Alice's public key, -
7:24 - 7:28the only key that can now decrypt it
is a private key that belongs to Alice, -
7:28 - 7:33and it turns out Alice is the only person
that actually has this key. -
7:33 - 7:35So we've now accomplished the objective,
-
7:35 - 7:37which is to get the message
from Bob to Alice -
7:37 - 7:40without the server being able
to read what's going on. -
7:40 - 7:43Actually, what I've shown here
is a highly simplified picture. -
7:43 - 7:45The reality is much more complex
-
7:45 - 7:49and it requires a lot of software
that looks a bit like this. -
7:49 - 7:51And that's actually
the key design challenge: -
7:51 - 7:55How do we take all this complexity,
all this software, -
7:55 - 7:59and implement it in a way
that the user cannot see it. -
7:59 - 8:02I think with ProtonMail,
we have gotten pretty close to doing this. -
8:02 - 8:05So let's see how it works in practice.
-
8:05 - 8:08Here, we've got Bob and Alice again,
-
8:08 - 8:10who also want to communicate securely.
-
8:10 - 8:12They simply create accounts on ProtonMail,
-
8:12 - 8:15which is quite simple
and takes a few moments, -
8:15 - 8:17and all the key encryption and generation
-
8:17 - 8:19is happening automatically
in the background -
8:19 - 8:21as Bob is creating his account.
-
8:21 - 8:24Once his account is created,
he just clicks "compose," -
8:24 - 8:27and now he can write his email
like he does today. -
8:27 - 8:28So he fills in his information,
-
8:28 - 8:32and then after that,
all he has to do is click "send," -
8:32 - 8:35and just like that,
without understanding cryptography, -
8:35 - 8:39and without doing anything different
from how he writes email today, -
8:39 - 8:41Bob has just sent an encrypted message.
-
8:41 - 8:46What we have here
is really just the first step, -
8:46 - 8:48but it shows that
with improving technology, -
8:48 - 8:52privacy doesn't have to be difficult,
it doesn't have to be disruptive. -
8:52 - 8:57If we change the goal from maximizing
ad revenue to protecting data, -
8:57 - 8:59we can actually make it accessible.
-
8:59 - 9:01Now, I know a question
on everybody's minds is, -
9:01 - 9:04okay, protecting privacy,
this is a great goal, -
9:04 - 9:06but can you actually do this
-
9:06 - 9:09without the tons of money
that advertisements give you? -
9:09 - 9:11And I think the answer is actually yes,
-
9:11 - 9:14because today, we've reached a point
-
9:14 - 9:18where people around the world really
understand how important privacy is, -
9:18 - 9:21and when you have that,
anything is possible. -
9:21 - 9:22Earlier this year,
-
9:22 - 9:25ProtonMail actually had so many users
that we ran out of resources, -
9:25 - 9:28and when this happened,
our community of users got together -
9:28 - 9:30and donated half a million dollars.
-
9:30 - 9:33So this is just an example
of what can happen -
9:33 - 9:36when you bring the community together
towards a common goal. -
9:36 - 9:37We can also leverage the world.
-
9:37 - 9:39Right now,
-
9:39 - 9:42we have a quarter of a million people
that have signed up for ProtonMail, -
9:42 - 9:44and these people come from everywhere,
-
9:44 - 9:45and this really shows that privacy
-
9:45 - 9:48is not just an American
or a European issue, -
9:48 - 9:50it's a global issue
that impacts all of us. -
9:50 - 9:54It's something that we really
have to pay attention to going forward. -
9:54 - 9:57So what do we have to do
to solve this problem? -
9:57 - 9:59Well, first of all,
-
9:59 - 10:02we need to support a different
business model for the Internet, -
10:02 - 10:04one that does not rely
entirely on advertisements -
10:04 - 10:06for revenue and for growth.
-
10:06 - 10:09We actually need to build a new Internet
-
10:09 - 10:14where our privacy and our ability
to control our data is first and foremost. -
10:14 - 10:16But even more importantly,
-
10:16 - 10:21we have to build an Internet
where privacy is no longer just an option -
10:21 - 10:23but is also the default.
-
10:24 - 10:26We have done the first step
with ProtonMail, -
10:26 - 10:30but this is really just the first step
in a very, very long journey. -
10:30 - 10:33The good news I can share
with you guys today, -
10:33 - 10:36the exciting news,
is that we're not traveling alone. -
10:36 - 10:38The movement to protect people's privacy
and freedom online -
10:38 - 10:40is really gaining momentum,
-
10:40 - 10:43and today, there are dozens of projects
from all around the world -
10:43 - 10:47who are working together
to improve our privacy. -
10:47 - 10:51These projects protect things
from our chat to voice communications, -
10:51 - 10:53also our file storage, our online search,
-
10:53 - 10:56our online browsing,
and many other things. -
10:56 - 11:00And these projects are not backed
by billions of dollars in advertising, -
11:00 - 11:02but they've found support
really from the people, -
11:02 - 11:05from private individuals like you and I
from all over the world. -
11:05 - 11:08This really matters, because ultimately,
-
11:08 - 11:12privacy depends on each
and every one of us, -
11:12 - 11:15and we have to protect it now
because our online data -
11:15 - 11:18is more than just a collection
of ones and zeros. -
11:18 - 11:19It's actually a lot more than that.
-
11:19 - 11:22It's our lives, our personal stories,
-
11:22 - 11:24our friends, our families,
-
11:24 - 11:28and in many ways,
also our hopes and our aspirations. -
11:28 - 11:31We need to spend time now
to really protect our right -
11:31 - 11:34to share this only with people
that we want to share this with, -
11:34 - 11:36because without this,
we simply can't have a free society. -
11:36 - 11:39So now's the time for us
to collectively stand up and say, -
11:39 - 11:43yes, we do want to live
in a world with online privacy, -
11:43 - 11:47and yes, we can work together
to turn this vision into a reality. -
11:47 - 11:49Thank you.
-
11:49 - 11:56(Applause)
- Title:
- Think your email's private? Think again
- Speaker:
- Andy Yen
- Description:
-
Sending an email message is like sending a postcard, says scientist Andy Yen in this thought-provoking talk: Anyone can read it. Yet encryption, the technology that protects the privacy of email communication, does exist. It's just that until now it has been difficult to install and a hassle to use. Showing a demo of an email program he designed with colleagues at CERN, Yen argues that encryption can be made simple to the point of becoming the default option, providing true email privacy to all.
- Video Language:
- English
- Team:
- closed TED
- Project:
- TEDTalks
- Duration:
- 12:09
Morton Bast edited English subtitles for Think your email's private? Think again | ||
Morton Bast edited English subtitles for Think your email's private? Think again | ||
Morton Bast edited English subtitles for Think your email's private? Think again | ||
Morton Bast edited English subtitles for Think your email's private? Think again | ||
Morton Bast approved English subtitles for Think your email's private? Think again | ||
Madeleine Aronson accepted English subtitles for Think your email's private? Think again | ||
Madeleine Aronson edited English subtitles for Think your email's private? Think again | ||
Madeleine Aronson edited English subtitles for Think your email's private? Think again |