Aviva Zacks of Safety Detective had the opportunity to talk with Peer Heinlein, CEO and founder of Mailbox.org. She found out how his company is protecting the end user from cyberthreats and why surveillance is so dangerous.
Safety Detective: What fascinates you about cybersecurity?
Peer Heinlein: I’m fascinated by secure communication. I worked as a journalist in the 1990s, and I was always aware of the threats and the surveillance by the government and by the non-government organizations all over the world. I believe that secure communication and the secrecy of what people are thinking is very important for democracy all over the world.
SD: How did you get into cybersecurity?
PH: In the 1990s, I created one of the first mailbox systems in Germany. We are specialized in non-government organizations in the world and all of the journalists in the world. We work to protect the communication for whistleblowers and for NGOs. We have defied threats and attacks from government and non-government organizations against our infrastructure. So, I see security as part of my life’s work.
SD: How did Mailbox.org get started?
PH: My first ISP jpberlin.de was founded in 1989 by a non-government organization for young journalists in Berlin, and in 1992, I took over the project from the NGO. I still manage the company with the old mindset of the NGO, so it’s dedicated to the public and dedicated to the world to have secure communication. Some years ago we re-invented jpberlin.de and created mailbox.org as a new, modern service that is simple to use.
SD: How does that Mailbox.org help prevent cyberattacks on emails and the cloud?
PH: In the past years, we have been specializing in email security, and we also have been training people in using cryptography all over the world. Our security at mailbox.org is already pre-configured and must be usable by anybody, even someone who has no knowledge about security or secure communication. For example, we’ve been one of the first ISPs that had a one-click PGP support inside the webmail system with automated key exchange and introduced DANE/TLS from the early beginning.
SD: Your company mainly services the end user, but some companies use your service for their businesses also. What type of businesses would be interested in Mailbox.org?
PH: All kinds of business. We have a consumer unit and we also have a business unit where we host big ISPs, medium-sized companies, and universities. Europe is very focused on the GDPR, which is the privacy law. Companies have a very high awareness of data privacy in Europe and they’re interested in using us as a partner to make sure that they follow the laws. You can not trust big ISPs that are under US law.
SD: Tell me more about the company behind Mailbox.org.
PH: Mailbox.org is a brand of Heinlein Support, an old Linux consulting company, specialized to email and data center systems. The company has its mission in helping companies and ISPs in doing better system administration. Most attacks were based on mistakes by the system administrator, so the main point is to qualify and to help the system administrators do better work and have a better awareness and more time to do it right. We are increasing security by qualifying the system administrators.
SD: What do you feel is the biggest threat to cybersecurity today?
PH: The most important thing for sure is the security of the endpoint. If the desktop system of the user is not safe, then everybody can read and have access to their private data. But also: If we cannot stop the surveillance laws, then we will not have a free speech and free mind on the Internet anymore. That’s not a technical threat, it’s a legal threat.
SD: How do you see cybersecurity developing in the next five years?
PH: Cyberthreats caused by botnets, viruses, and attacks are always a problem for the end user. But I’m actually still more frightened about the non-awareness of the users who give away private data. Everybody knows that you should not use Alexa or Facebook, but everybody uses them because it helps their lives. To me, the most dangerous threat against the security of the users is that people give away more and more of their data for free to anyone who asks for it.