The most secure collaboration suite in the world

Data is a double-edged sword. In only a few years, it has become an unprecedented source of business and social opportunities like the world has never witnessed before. But at the same time, it has turned into a critical, high-value asset to protect. When data is breached, it can upend entire businesses and compromise citizens’ lives with uncontrollable consequences.

Aware of this, citizens have become more skeptical about the use that businesses and administrations make of their private data.
The last Eurobarometer on data protection before the entry into force of GDPR revealed that 92% of Europeans are concerned about software applications collecting their data without their consent, while only 15% believe they are in control of their personal data.
This phenomenon is particularly clear with respect to online businesses and big-tech corporations,
such as search engines and email service providers. Only 3% of EU citizens trust email and digital service providers to protect their personal information, while big scandals on the treatment of personal data by American tech giants, have given rise to unprecedented levels of mistrust amongst citizens worldwide.
The situation for businesses also reveals the rising impact of security breaches. There were 2.6 billion records compromised in 2017, with only 4% of these breaches being secure breaches, i.e. those where encryption rendered the stolen data useless. Even worse, over 70% of these go undetected.
With digitalization now fully reaching companies of all sizes, the global cost associated with managing the impact of data breaches is expected to rise to $2.1 trillion by 20198, with a four-year increase of 96%.

The problem is that today businesses vastly rely on US-based collaboration and office suites, which are not secure by design. The skepticism towards the possibility of big corporations exploiting their clients’ data is the most immediate answer to why cloud service providers like Google or Microsoft don’t apply state-of-the-art encryption to their clients’ data.

ProtonMail, our flagship product, achieved outstanding results, rising above all competitors in the end-to-end encryption space through a superior user interface.
Our goal now is to go one step further and offer a fully encrypted office suite: a 360-degrees approach that lets consumers and businesses from all over the world benefit from the highest level of data privacy, not only in their email communications but in their everyday, highly digitalized life.

Our web applications use the open source JavaScript library OpenPGPjs for all client-side cryptography, including the encryption, decryption, signing and verifying of data, which our applications use to ensure the confidentiality and authenticity of our users’ data.
To support the protection of arbitrarily large files using this library, it is necessary to support streaming encryption and decryption of files, without loading the entire file into memory.
We have implemented streaming encryption and decryption in OpenPGPjs, and we are successfully using it internally in the development version of the ProtonDrive web application.

We began expanding our storage capacity to support several petabytes of user data in anticipation of ProtonDrive growth. We have invested and will continue to invest in developing a scalable and reasonably priced file storage solution, running in Switzerland and Germany.
We have acquired the necessary server and network infrastructure and it will be further expanded to a datacenter in Frankfurt.
The backend parts of the ProtonDrive system were designed and implemented: the storage subsystem, data models and API. We constructed the data models, encryption system and API to enable the full set of features ProtonDrive will offer: advanced file and folder management, full client-side encryption and content sharing between users and with non- users.
We are developing ProtonDrive clients for the most popular platforms: web (platform independent), mobile (Android and iOS) and desktop (Windows and macOS).
Key Transparency (Note: we previously referred to this project as “Proton Public (Key) Directory” (PPD), and we are now calling it “Key Transparency”. This is more clear, and it is in line with the wider industry’s naming of similar projects) is a project that aims to increase visibility in the distribution of public keys by Proton’s servers, and thereby increase the trust that users have in them. The distribution of public keys is crucial to the security of our applications because the public keys are used to share data and messages securely between users, as well as to encrypt other private user data. Increasing the trustworthiness of the public keys we store and distribute therefore directly increases the trustworthiness and security of our applications.

We started preparing for the commercialization last year, which included a series of measures:
• registering and using domain names in each expansion country
• implementing multi-language support
• partnerships in key areas
• participating in events and trade shows
On the dissemination front, we have started working on our global content strategy, focused on our core audience. The goal is to activate our users as true ambassadors for the company and benefit from high-conversion word-of-mouth marketing.
The Ethics requirements legal analysis has been done and the research does not involve personal data collection or processing nor does it involve any transfer of personal data to third countries or International Organizations.

There are over 3.8 billion email users worldwide, projected to top 4 billion by 2020 almost 2 billion cloud storage consumers, and there will be over 2.3 billion by 2020. The adoption of digital services is unstoppable, and so is their penetration in our daily lives. However, there has been a shift in the way consumers and businesses see the providers of these services.

Internet privacy and security has been a recurring theme in public forums for a long time. Privacy concerns are particularly acute in Europe, where there is a long-established culture of privacy. The latest 2015 Eurobarometer indicates that Europeans distrust organizations when it comes to protecting their personal data. In the UK, France, Germany and Spain, the concern about the unauthorized use of personal data is particularly high (above 65%). As a response to this, the EC has raised the bar in promoting a data protection regulatory framework with the General Data Protection Regulation (GDPR, 2018), which explicitly identifies encryption as the best mechanism to provide citizens with top-level privacy.