Tech

Proton CTO warns of exodus from Europe as encryption laws tighten

The company’s chief technology officer outlines the tension between regulatory demands for surveillance and the firm’s foundational commitment to end-to-end encryption.

Author
Owen Mercer
Markets and Finance Editor
Published
Draft
Source: The Verge · original
‘No company is going to go to jail for you’: Proton’s CTO on balancing privacy, policy, and trust
Bart Butler says the Swiss privacy firm is prepared to relocate its infrastructure if EU Chat Control measures are enacted, citing the technical impossibility of secure backdoors.

Proton, the Swiss-based encrypted communications provider, has indicated it may relocate its operations out of Europe if proposed surveillance legislation is enacted. Bart Butler, the company’s chief technology officer, stated that laws such as the EU’s Chat Control proposal would compromise the firm’s core privacy mission, forcing a strategic exit from jurisdictions including Germany and Norway.

Butler, speaking in an interview with The Verge, asserted that it is technically impossible to create encryption backdoors accessible only to legitimate authorities. He warned that any vulnerability introduced to facilitate government surveillance would inevitably be exploited by malicious actors, undermining the security of the entire system. This stance places Proton at odds with regulators in the United States and Europe who are pushing for client-side scanning and age verification measures.

The company’s governance structure is designed to insulate it from external political pressure. Proton AG is controlled by the Proton Foundation, a Swiss entity established to protect the company’s mission and prevent sale to parties that would alter its privacy-focused model. Butler described this as a "defense in depth" strategy, combining technical encryption with legal and corporate safeguards to ensure the company cannot betray user trust.

Despite its strong privacy stance, Proton complies with legal requests for metadata where required by Swiss jurisdiction. The company recently handed over payment data linked to the "Stop Cop City" movement to Swiss authorities, which was subsequently shared with the FBI. Butler noted that while the company minimises the data it retains, it remains subject to Swiss law and mutual legal assistance treaties, relying on the neutrality of Swiss authorities to evaluate the legitimacy of such requests.

To combat abuse without breaking encryption, Proton allocates nearly 10 per cent of its resources to anti-abuse efforts. Butler declined to disclose specific detection methods, citing security through obscurity, but confirmed the company uses alternative indicators to identify and shut down bad actors. The firm is also developing Lumo, an AI assistant built on open-source models, to offer a privacy-preserving alternative to Big Tech services without the massive data collection typical of frontier AI companies.

Continue reading

More from Tech

Read next: Kimi AI launches K3 model with focus on agentic coding and parallel task execution
Read next: OpenAI’s hardware pivot risks deepening losses as smart speaker market shrinks
Read next: Suno integrates generative AI music into Apple’s iMessage