The Sheffield Press

Technology

Proton CTO explains how encrypted software protects privacy by default

By Joe Burgett ·
Proton CTO explains how encrypted software protects privacy by default

Bart Butler has been Proton’s CTO since 2015, helping shape the architecture for a company that says privacy should be the default, not an opt-in feature. Proton’s privacy pitch rests on a hard line: protect message content by default, then be explicit about the places software cannot erase legal or technical limits.

How Proton defines privacy by default

Proton was born in Switzerland in 2014, when scientists who met at CERN decided to build a better internet where privacy is the default. That origin story still anchors the company’s identity, and it fits Butler’s own background: Proton-linked bios identify him as one of the company’s first employees, responsible for technical vision and architecture, while his LinkedIn profile lists him as a former experimental particle physicist and data scientist. A conference bio lists previous work at CERN’s Large Hadron Collider.

Proton presents privacy as something that can be built into software design, with the company’s team described as scientists, engineers, and specialists from diverse backgrounds, drawn together by a shared vision of protecting freedom and privacy online.

What the encryption promise actually covers

AI-generated illustration
AI-generated illustration

End-to-end encryption sits at the center of Proton Mail. Proton says end-to-end encryption is how it makes privacy “mathematically guaranteed” for content at rest and in transit, a phrase that captures the company’s strongest technical claim. In practical terms, that means the content of a message is meant to stay readable only to the intended participants, not to Proton itself.

That protection reaches people outside its own ecosystem. Password-protected emails let users send end-to-end encrypted messages to recipients who are not using Proton Mail.

Due to SMTP limitations, account activity metadata is treated differently from message content. Encryption can protect what is written, but it does not automatically erase all the traces created by sending, receiving, or routing that message.

Where the legal and technical limits begin

Proton publishes a transparency report and law-enforcement guidance, and its privacy materials acknowledge that it can still be subject to legal requests and data-processing obligations under applicable law. The company is not positioning itself as outside government reach; it is telling users that it operates inside legal systems that can demand some categories of information.

Related photo

Technical protections, like end-to-end encryption, are built into the product. Contractual and policy protections, like transparency reporting and law-enforcement guidance, define how the company responds when authorities come asking. Users should expect the first category to be stronger on content, while the second category governs how the company handles pressure around information that encryption does not fully shield, especially metadata and account-level activity.

Why Proton has moved beyond email

Proton has increasingly positioned itself as a privacy platform rather than just an email provider. Its ecosystem now includes Proton VPN, Proton Calendar, Proton Drive, Proton Pass, and Proton Meet, and the company rebranded from ProtonMail to Proton in 2022.

A pure privacy tool can be technically strict and narrow; a broader consumer platform has to stay usable for everyday tasks. Proton’s password-protected email feature, its expansion into calendar and storage, and its rebrand all point to the same strategic question: how do you keep privacy central while making the product mainstream enough that people actually use it?

Bart Butler’s role in that balance

Related stock photo
Photo by TREEDEO.ST

Butler’s background helps explain why Proton treats this as an engineering problem as much as a policy one. He steers the technical vision and architecture behind products that have to work across different privacy expectations, different jurisdictions, and different user habits. His path from experimental particle physics to data science and software engineering gives him a lens shaped by complex systems, where edge cases matter as much as the headline promise.

He has also taken part in privacy-focused discussions outside the product stack, including a roundtable with the Embassy of Switzerland in the United States, the National Endowment for Democracy, and Access Now on the role of privacy tools in protecting human rights.

The pressure point Proton cannot escape

Proton has framed the broader privacy fight in political terms too, including a public Proton post about a 770% surge in government requests to Big Tech. Whether one is looking at email, cloud storage, or messaging, the pattern is the same: the demand for user data is rising, and privacy companies have to show exactly what they can protect and what they cannot.

technologyProton CTO