ProtonMail Turned Over French Activist's IP Address To Law Enforcement Following A Request From Swiss Authorities
from the vet-your-secure-providers,-folks dept
ProtonMail has long advertised itself as a particularly privacy-conscious email service. The free end-to-end encrypted email service promises more privacy and security than many of its competitors. But there are limits. ProtonMail operates out of Switzerland, making it subject to that country's laws (which, to be fair, are hardly draconian). It also (at least temporarily) retains a certain amount of information about users' emails -- metadata that can be used to verify accounts in the case of a lost password.
And while email between ProtonMail accounts is encrypted, the same protection isn't applied to emails between services, like communications sent to or from ProtonMail from other email services. This is an understandable limitation, which is why many seeking secure communications have moved to encrypted messaging services, rather than email offerings that collect metadata about communications.
These inherent weaknesses have been exploited by French law enforcement to obtain information about a French activist -- something it achieved with the assistance of Swiss authorities.
ProtonMail, a hosted email service with a focus on end-to-end encrypted communications, has been facing criticism after a police report showed that French authorities managed to obtain the IP address of a French activist who was using the online service. The company has communicated widely about the incident, stating that it doesn’t log IP addresses by default and it only complies with local regulation — in that case Swiss law. While ProtonMail didn’t cooperate with French authorities, French police sent a request to Swiss police via Europol to force the company to obtain the IP address of one of its users.
ProtonMail wasn't able to hand over much information due to its refusal to gather much information about its users. But it did hand over some, which made it clear that ProtonMail not only collects some email metadata, but will actively collect more metadata if forced to do so by local law. French law may not apply to the Swiss-based email company, but Swiss law certainly does.
Proton's founder, Andy Yen, offered up this explanation, which said local law supersedes the privacy ProtonMail claims it offers its users.
Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we're required by Swiss law to answer requests from Swiss authorities.
And that's how foreign governments can extract information from an encrypted email service that gives users the impression that it's capable of protecting even the limited information it collects from nosy officials. The message going forward, however, is that ProtonMail is subject to the laws of multiple countries in the European Union and will comply with Europol orders if issued/forwarded by Swiss authorities.
As Karl Bode (hey, I know that guy!) points out in his article for Motherboard, there are two problems here. The first is that what's advertised appears to exceed what ProtonMail can actually guarantee its users. The other problem is the communication method itself, which generates a lot of information that other communication methods don't, creating a metadata paper trail that can be scooped up/gathered in bulk by law enforcement and intelligence agencies.
While ProtonMail does take some steps to protect user privacy better than other email service providers, the fact remains that email is inherently a protocol that requires a lot of information to be shared between parties, and is notoriously difficult to encrypt.
[...]
Ultimately, many of the security and privacy weaknesses are not necessarily ProtonMail's fault but are weaknesses with email itself. Security experts have pointed out that for highly sensitive communications, email is almost never the best option.
These unavoidable facts -- along with its cooperation with French and Swiss authorities -- have led ProtonMail to revise its claims about user data. It no longer claims it does not collect personal information to create accounts or log IP information "by default."
It now says simply:
ProtonMail is email that respects privacy and puts people (not advertisers) first. Your data belongs to you, and our encryption ensures that.
Well, except for when your data is subject to Swiss government demands for data, either directly or by proxy. User beware is the rule going forward now that this successful metadata grab has been exposed.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: email, encryption, france, ip address, metadata, privacy, switzerland
Companies: protonmail
Reader Comments
Subscribe: RSS
View by: Time | Thread
Good job Andy Yen
Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended
What crime? Any crime anywhere? Can it be suspected, or made up of whole cloth, or does it have to be real? Who gets to determine that? Whose protections can be suspended?
[ link to this | view in thread ]
The subject in question has been described in the media as a "climate activist", who probably used illegal methods or blew the whistle in such a way that it was enough for French police to write a subpoena, go to Europol, have Europol work with the Swiss authorities to demand Protonmail turn on IP logging (which is off by default). No email content was accessed, but the IP is the clue that they're after.
I recall a long time ago a user was complaining on Protonmail's subreddit regarding arbitrary shutdowns of email, sharing the email contents between him and Protonmail support. Well... Protonmail responded in the same thread, using publicly available information (the banned user's email address) to point out the user was, in fact, using the email to sell illegal drugs. In that case Protonmail didn't wait for the police, they simply shut down the user's service. The service's reputation for privacy was not an invitation to break the law, and they are pretty clear in that from their terms of service.
I continue to use them. No ads is a win. No email scanning is a win. I use their IP logging with consent to track bots trying to guess my email password (it happens). All in all, a solid service that's going through some growing pains.
[ link to this | view in thread ]
Re:
Scanning users "encrypted" emails. Thanks. Good to know. Better to mail files you've encrypted yourself, though Protonmail still knows who you're mailing to, because email.
By a similar turn, I don't get phone or email service through my internet provider (nor vice versa). Or send email by way of my encryption software. Or use Facebook.
Sorry, that last just sorta slipped out.
[ link to this | view in thread ]
So they are the email version of most of the VPN's that claim no records as they are handing those records to the cops?
[ link to this | view in thread ]
Re:
...
Those two statements are conflicting in my eyes. How did they know that if they hadn't scanned his emails?
Also, is that drugs that are illegal in Switzerland? Many questions.
[ link to this | view in thread ]
Re: Re:
Their privacy policy says they scan all emails which they have the technical ability to scan (any email which arrives or is sent unencrypted).
[ link to this | view in thread ]
ProtonMail allows data leaks, it will never be anonymous, unlike Umail from the utopia ecosystem
[ link to this | view in thread ]