Advertisement
Vikram Kumar: There has been a massive undermining of trust—we now have to have a default assumption that the internet is an untrusted environment. The number of people who doubt whether Silicon Valley-type companies are able to protect their privacy, even if the companies wanted to, has changed. If you don't know who to trust, you trust no one at all.Does that mean there's a new gap in the market for reliable communication companies?
There's always been a need for journalists or activists to remain anonymous or to protect their identity and contacts online. What hasn't been there is a perceived need [for internet privacy] by the average person. What's changed is an emerging mass market for privacy.Right, encryption for the masses. So how does MEGA achieve that?
Right now, MEGA is basically a cloud storage collaboration, but with privacy at its core. Our next step is increasing the communication aspect, which is where email and messaging come in. This isn't about trying to get privacy and security for the tech experts, who can install their own and are happy to do configuration and key management and certificates. We're really focused on how we get privacy for everyone.When you say "everyone," do you mean everyone who grew up using a computer, or, like, my grandpa?
No downloads, no plugins—everything just has to be automated, no extra steps. The second thing we’ve learned is that people will not accept a compromise in functionality.
Advertisement
No, I don’t think so. If people are under targeted surveillance I don’t think MEGA encryption will stop that.Why do they want it then?
The analogy for me is that when we send mail physically, we send letters within an envelope. The reason we use an envelope is because there’s an element of protection, an element of integrity and an element of privacy. We don’t necessarily want the person who is delivering the mail to casually read what is written on a postcard. Today, email is like sending postcards, and what MEGA is trying to do is to provide the envelope. The envelope on its own isn’t going to protect you from a determined person, but it absolutely does protect from casual everyday snooping.Makes sense. Are we going to see a rise of privacy-focused products in the future?
Absolutely. But what worries me is that, just as we had the move toward cloud computing—everyone got into this marketing war where all of these companies decided that they were born-again cloud providers and started questioning and diminishing the definition of cloud computing—I actually see that happening now with privacy. It will become a bandwagon, and there are going to be some pretty dodgy products that claim to be privacy protective and will start arguing the definition of what that means. I think we’re going to have a period of uncertainty.
Advertisement
We don’t trust Microsoft any more, we don’t trust Google. Well, who do we trust and on what basis is that trust justified? And to some extent, that is a marketing opportunity for MEGA.How are you going to convince people that your product is secure?
MEGA absolutely has to get the security and privacy right. That’s why we do things like end-to-end encryption; that’s why we're looking to open-source some of our code so external experts can have a look at it, and we’re trying to get a whole lot of discussion about what is privacy and security online. The second aspect is perception, and there are a couple of things that we’re doing there. We’ve published our guidance of how we deal with all law enforcement and take-down requests to MEGA. Part of the guidance is that MEGA will never release a person’s information unless it is required to do so, not requested to do so. The rest is a little bit of marketing. Kim is very useful and I think the ideology of the company will help with some of that perception, but perception without objective protection isn’t going to work.You brought up the laws and requests that you might be forced to deal with by law enforcement. Do you think it's possible that you could ever meet the same fate as the late Lavabit, the secure-email provider that was shut down because of its involvement in the Snowden case?
MEGA is not exposed to laws that would allow a Lavabit-type situation to develop, specifically a requirement that MEGA hand over SSL keys or somehow undermine its end-to-end encryption model, either generally or for a specific user. If such a situation were ever to develop in the future, MEGA would respond appropriately to protect its core value proposition and design. This could, for example, include moving jurisdictions.
Advertisement
At the moment, I think it does. But we’re a global company, so if we have to make a trade-off between protecting the privacy of our customers or being a New Zealand company, we will always go in favor of being a privacy company.Follow Joseph on Twitter: @josephfcoxMore on internet security:Internet Terrorism Is Really ConfusingWe Talked to the Swedish Pirate Party About America's InfowarsAnonymous Calls Bullshit on the Future of Cyber Warfare