Swiss Post, the former public mail delivery company that became a limited liability company in 2013, diversifying into logistics, finance, transport and more (including drone delivery) while retaining its role as Switzerland’s national postal service, has acquired a majority stake in the Swiss-Hungarian startup Tresorit, one of the first European pioneers of end-to-end encrypted cloud services.
Terms of the acquisition are not disclosed. But the revenues of Swiss Post have declined in recent years, while the volumes of letters (postal mail) continue to decline. And a 2019 missive warned that his business had to find new sources of revenue.
Tresorit, meanwhile, last raised in 2018 – when it announced a round of funding of 11.5 million euros, with investors including 3TS Capital Partners and PortfoLion. The startup’s other funders include business angels and serial entrepreneurs like MÃ¡rton SzÅke, BalÃ¡zs Fejes and Andreas Kemi. According to Crunchbase, Tresorit had raised less than $ 18 million in its decade-plus.
It sounds like a measure of the rise of data security that a veteran âhouseholdâ brand like Swiss Post sees strategic value in expanding its range of digital services with the help of a startup from trust in the e2e encryption space.
Zero access encryption was still a pretty big niche when Tresorit started over a decade ago, but it has essentially become the gold standard for trusted information security, with a variety of players now offering e2e encrypted services – to businesses and consumers.
Announcing the acquisition in a press release today, the couple said they would “work together to further develop secure, privacy-friendly digital services that allow people and businesses to easily exchange information while keeping their data secure and private “.
Tresorit will remain an independent company within the Swiss Post Group, continuing to serve its global target regions of EU countries, UK and US, the current management (founders), brand and service ahead. also remain unchanged, according to the announcement.
The startup, founded in 2011, sells what it calls âultra secureâ cloud services – such as storage, file synchronization and collaboration – aimed at business users (it has more than 10,000 customers worldwide); all compressed with a promise of zero access thanks to a technical architecture which means that Tresorit literally cannot decrypt customer data because it does not hold the encryption keys.
He said today that the acquisition will strengthen its business by supporting further expansion in key markets including Germany, Austria and Switzerland. (The Swiss Post brand should obviously help here.)
The couple also said they see potential for Tresorit’s technology to expand Swiss Post’s existing digital product portfolio, which includes services such as a ‘digital letterbox’ (ePost) application and an encrypted electronic mail offer. So it’s not a matter of starting from scratch here.
Commenting on the acquisition in a statement, Istvan Lam, Co-Founder and CEO of Tresorit, said: âFrom the very beginning, our mission has been to empower everyone to maintain control of their digital valuables. We are proud to have found in the Swiss Post a partner who shares our values ââin terms of security and confidentiality and makes us even stronger. We are convinced that this collaboration strengthens both companies and opens up new opportunities for us and our customers.
When asked why the startup decided to sell at this point in its business development – rather than taking another route, such as an IPO and an IPO – Lam pointed to the ‘trust’ mark of the Swiss Post and what he described as “100% compliant” on values ââand mission.
“Tresorit’s last investment, our biggest funding round, was in 2018. As usual with venture capital-backed companies, the life cycle of this investment cycle is now starting to come to an end.” , he told TechCrunch.
âIPO via IPO was also on our roadmap and could have been a realistic scenario over the next 3-4 years. The reason why we have decided to partner now with a strategic investor and to collaborate with the Swiss Post is that its core values ââand its vision of data privacy correspond 100% to our values ââand our mission of protecting the data. private life. With this acquisition, we have entered into a long-term strategic partnership and are confident that with Tresorit’s end-to-end encryption technology and Swiss Post’s trusted brand, we will continue to develop services that help individuals and businesses to exchange information in a secure and private manner.
âTresorit has paved the way for true end-to-end encryption in the software industry over the past decade. With the acquisition of Tresorit, we are strategically expanding our skills in digital data security and digital privacy, which allows us to further develop existing offers â, added Nicole Burth, member of the Post Group management and manager. communications services, in a statement of support.
Switzerland remains somewhat of a hub for startups and pro-privacy services, due to a historic reputation for strict privacy laws.
However, as Republik reported earlier this year, state surveillance activity in the country has intensified – following a 2018 amendment to legislative powers that expanded interception capabilities. to cover digital communications.
Such encroachments are worrisome but can arguably make e2e encryption even more important, as it can provide a technical barrier against state-sanctioned privacy intrusions.
At the same time, there is a risk that lawmakers will perceive the growing use of strong encryption as a threat to national security interests and their associated surveillance powers – meaning they could seek to counter the law. trend by passing even broader legislation that directly targets and or even prohibits the use of e2e encryption. (Australia passed an anti-encryption law, for example, while the UK boosted its mass surveillance capabilities in 2016 – passing legislation that includes the power to compel companies to limit use encryption.)
At the European Union level, lawmakers have also recently proposed a program of “lawful access” to encrypted data – while simultaneously claiming to support the use of encryption for reasons of data security and privacy. It remains to be seen how the EU will encircle this square in legislative terms.
But there are also more positive legal hurdles for European crypto startups like Tresorit: a decision last summer by Europe’s highest court highlighted the complexity of removing personal data from users in the region – certainly when information from people are transmitted to third countries like the United States where it is threatened by mass surveillance of state agencies.
When asked if Tresorit has seen renewed interest following the ‘Schrems II’ decision, Lam told us, âWe see demand for Europe-based SaaS cloud services increasing in the future. Being a company based in Europe has already been an important competitive advantage for us, especially among our commercial and corporate clients. “
EU law in this area contains a quirk that the national security powers of member states are not so clearly taken into account compared to third countries. And although Switzerland is not a member of the EU, it remains a closely associated country, part of the bloc’s single market.
Nonetheless, questions persist about the sustainability of Switzerland’s decision on the adequacy of EU data, given that its growing national surveillance regime does not provide individuals with adequate remedies – and therefore could violate their rights. fundamental rights.
If Switzerland loses EU data adequacy, this could impact the compliance requirements of digital services based in the country – although, again, e2e encryption could offer Swiss businesses a technical solution. to get around this legal uncertainty. So that always seems to be good news for companies like Tresorit.