What is zero-access encryption and why it is important for security

zero access encryption

Most of us would not give our private, personal information to strangers and then trust them not to leak it. But that’s essentially what we do every time we store chat histories, email, documents, and pictures on the cloud. When you save a document to Google Drive, a photo album to iCloud, or an intimate conversation to Facebook Messenger, you are trusting that this information will not be breached or misused.

There are ways, however, to encrypt your data so that only you can access it, and zero-access encryption is one of these methods. Zero-access encryption is a way of protecting data at rest — that is, while the information is sitting in storage on the cloud. With this type of encryption, even if hackers were to breach the provider’s servers and steal your files, they would not be able to decrypt the data. Zero-access encryption ensures that only you, the data owner, have the technical ability to read your data.

How does zero-access encryption work?

Zero-access encryption is just what it sounds like: a type of encryption for data at rest that renders digital files inaccessible to the service provider. The files can only be decrypted using the user’s private encryption key. Because the server does not have access to the user’s private encryption key, once the files are encrypted with the user’s public encryption key they are no longer accessible to the server or the server’s owner. When the data owner wants to view their data, they request the encrypted files from the server and decrypt them locally on their device, not on the server.

How is zero-access encryption different from end-to-end encryption?

At ProtonMail, we use both zero-access encryption and end-to-end encryption to protect your data. To understand the difference, consider two scenarios:

1. Someone using a Gmail account sends an email to a ProtonMail account. When it arrives at ProtonMail, our servers can read that email because Gmail does not support end-to-end encryption. However, after receiving the email, we encrypt it immediately using the ProtonMail account owner’s public encryption key. Afterwards, we are no longer able to decrypt the message. In fact, the message can now only be decrypted by the ProtonMail account owner. This is zero-access encryption.

2. Someone using a ProtonMail account sends an email to another ProtonMail email address. The email is encrypted on the sender’s device using the public encryption key of the recipient before being transferred to the ProtonMail server and to the recipient. Thus, the message is already encrypted before it reaches our server, and only the sender and the recipient have the ability to decrypt the email. This is end-to-end encryption.

As you can see from these examples, end-to-end encryption is the stronger of these two types of encryption because ProtonMail never sees the unencrypted message. Zero-access encryption does prevent the messages in your mailbox from being shared with third parties or leaked in the event of a data breach, but those messages are accessible to ProtonMail servers for a split second before the message is encrypted. For these reasons, we generally recommend that for highly sensitive conversations, both parties use ProtonMail to take advantage of the stronger end-to-end encryption.

Zero-access encryption solves big security problems

Most companies do not implement zero-access encryption either because they sell your private information to advertisers (Google, Facebook, etc.) or because the technical challenges of implementing it are too great.

Instead, they might use regular encryption where they retain control over the encryption keys. This is like storing the key to the lock with the lock itself and creates many vulnerabilities. For example, if servers are ever hacked, your private conversations can be leaked (like in the Yahoo! breach of all 3 billion of its accounts).

Furthermore, this approach also leaves data open for misuse, either by rogue employees or unscrupulous third parties, such as in the Cambridge Analytica/Facebook scandal. This data can also be made accessible to government surveillance agencies or sold outright to advertisers.

We drastically reduce these security and privacy vulnerabilities by using zero-access encryption to ensure that we ourselves do not have access to your data. That way, even if somehow ProtonMail servers are breached, the contents of users’ emails will still be encrypted. Both zero-access encryption and end-to-end encryption are essential to ensure good protection against data breaches and privacy violations in the digital age, and for this reason, they are highly recommended by experts and important for complying with data protection laws such as the GDPR law.

Best Regards,
The ProtonMail Team

Sign up and get a  free encrypted email accounts from ProtonMail.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

About the Author

Ben Wolford

Ben Wolford is a writer at Proton. A journalist for many years, Ben joined Proton to help lead the fight for data privacy.

 

Leave a Reply to anon Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

29 comments on “What is zero-access encryption and why it is important for security

  • What happens in the case where I send an email from ProtonMail (which is encrypted) to someone who has a Gmail account? How are they able to read my email?

    Reply
  • Thanks, Irina. In the post, it describes how zero-access encryption can help protect our data that we might want to store on a cloud. But I don’t know how to do that. How might I encrypt my photos that I’d like Amazon Prime Photos to store? Or how do I encrypt files that I want to store on Google Drive. I like these clouds services because they can provide an offsite back-up. But the blog describes very well why for privacy concerns it would be worth encrypting it before Google or Amazon can see my personal stuff

    Reply
    • Hi, Joy! The zero-access encryption refers to the way ProtonMail stores data on our servers. We cannot control how you store your private data on Google or Amazon because we do not own those servers. This type of encryption happens automatically on ProtonMail when you use our service to send or receive emails.

      Reply
  • In describing email sent between ProtonMail accounts, you say “The email is encrypted on the sender’s device using the public encryption key of the recipient before being transferred to the ProtonMail server and to the recipient. Thus, the message is already encrypted before it reaches our server, and only the sender and the recipient have the ability to decrypt the email.” Does the sender really have the ability to decrypt a message encrypted with someone else’s public key? I thought, once encrypted, only the reciepient can decrypt the message. If I don’t save a plaintext copy, I can’t get to it anymore.

    Reply
  • I would be very helpful if someone at ProtonMail can shed some light on the following questions, because I’m unable to find the answers myself in the support section.
    I know that a reset ProtonMail password can’t decrypt the data already on server, but what If I change the password? What happens with the encrypted data on the server? Is it reencrypted with the new password? In other words is the process of changing (not resetting) the password a benign one regarding the accessibility of old data? Or has the same outcome as resetting the password?

    Reply
    • Yes, that’s correct: If you change your password, we will re-encrypt your data and old messages will still be accessible. However, resetting your password if you’ve forgotten your old one will render all your old emails inaccessible (unless you later remember your password).

      Reply
  • Hi Ben, I got d that Proton required the receiver to join proton after 7 conversations with the same client; also, a secure code to open the E mail. I also received emails but could not send or forward any as they were stuck in a Draft mode!.

    email

    Reply
  • How do you protect from malicious users who want to harm the world? This can be used by terrorist organizations and criminals to exchange information and plan stuff without being noticed. If this is as encrypted as you say, then these types of people can easily make use of this to plan stuff and unleash their terror activities.

    Reply
    • Hello Anand, this is an important question. Like any tool, encryption can be used for good and for evil. We feel that zero-access encryption is an important tool individuals can use to protect their fundamental human right to privacy. However, we have a zero-tolerance policy for criminal acts committed using ProtonMail. We offer our full cooperation with law enforcement authorities on all criminal matters, including those that take place outside of Switzerland, subject to judicial review and approval from Swiss authorities.

      Reply
  • Question:

    Does a manufacturer that builds your internet access device (for example Lenovo computers, Motorola phones, Samsung tablets), let’s use for example a Lenovo Computer – made and manufactured in China. Since Lenovo manufactured the device in this example, do they still have access to data that is run through their machine in spite of encryption (because the encryption code is stored locally in the machine do they have access to the encryption code)?

    Reply
    • Hi Jeanne. In theory, anything is possible.The Intel Management Engine (IME) built into all modern Intel CPUs, for example, potentially provides a malicious actor with a scary level of access to a system. It is easy enough, though, to monitor traffic entering and leaving a computer to determine if calling somewhere it shouldn’t (such as its manufacture). No such cases have come to light that we am aware of, and they did, it would be very damaging to the manufacture.

      Reply
  • When deleting copies of emails (encrypted or not) from your servers, do you shred* them ?
    * Shredding means overwriting e.g. with zeroes, so data becomes impossible to recover.

    Reply
    • Hi Alice. As described in our Privacy Policy, h “When a ProtonMail account is closed, data is immediately deleted from production servers. Active accounts will have data retained indefinitely. Deleted emails are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 14 days.”

      Reply
  • I am a new Protonmail user. I prefer sending and receiving emails on my MacBookPro. Why do I need to input my user name and password every time I use the Protonmail icon on my Mac, but that is not required when using the Protonmail app on my iPhone? Is there a way to use the app on my Mac without using my user name and password every time?

    Reply
    • Hi Helen. Your browser’s built-in password manager should remember your login details for you. Since this doesn’t seem to be the case, you might want to either consider changing browser, or using a third party password manager to auto-fill your login details for you.

      Reply
  • Hey,

    My brother just recommended your company for email. I am reading about end-to-end and zero-access encryption and I am pleasantly surprised and impressed. I think this solves an important problem in today’s time and I wanted to express my gratitude and appreciation for the team.

    Thanks, and if it will be relevant in the future, it would be nice to meet the team and work on something together

    Enjoy your day,

    RB

    Reply