ProtonMail is under orders from the Swiss authorities |
ProtonMail, a hosted messaging service focused on end-to-end encrypted communications, has come under fire after a police report showed that French authorities were able to obtain the IP address of a French activist who used the service.
The company has communicated extensively about the incident and has stated that it does not log any IP addresses by default and only complies with local regulations - in this case Swiss law.
Although ProtonMail did not cooperate with the French authorities, the French police submitted a request to the Swiss police through Europol asking the company to obtain the IP address of one of its users.
Last year a group of people bought commercial buildings and apartments in Paris. You want to fight real estate speculation, Airbnb and upscale restaurants.
Beginning of the story
On September 1, the organization published an article summarizing various police investigations and legal actions against some members of the organization.
According to reports, French police ProtonMail sent a request from Europol to reveal the identity of the person who created the ProtonMail account - the organization uses this email address to communicate. This address is also shared by multiple sites.
According to the news, the French police received a message with detailed information about the ProtonMail account.
The company's founder and CEO did not respond to the specific circumstances of the case.
"The company must comply with Swiss law," he said. Once a criminal offense has been committed, privacy protections can be suspended, and Swiss law obliges us to respond to Swiss authorities' inquiries.
The company's CEO made it clear that his company does not cooperate with the French police or Europol. Europol appears to act as a channel of communication between the French and Swiss authorities.
At one point, the Swiss authorities took over the case and sent a request directly to ProtonMail. The company classifies these requests as foreign requests that have been approved by the Swiss authorities in its transparency report.
It appears that ProtonMail is required by law to warn account holders for up to eight months, or that Swiss authorities have provided the service with information indicating that delayed warnings are necessary to avoid danger to one or more people, injury, death or irreparable injury.
If the same jurisdictions can block the alert for a longer period of time, the transparency that Swiss law requires to notify people when they request personal data is clearly very limited.
ProtonMail's public disclosures also documented the alarming increase in data requirements by Swiss authorities.
ProtonMail is under orders from the Swiss authorities
According to the Transparency Report, the service received 13 inquiries from Swiss authorities in 2017. However, by 2020 there will be 3,572 items.
The number of foreign applications approved by the Swiss authorities also increased. But not too hot. The service said it received 13 of these requests in 2017, which will rise to 195 by 2020.
The company stated that it meets the legal requirements regarding user data. But you refuse the request that you think is illegal.
Depending on your Privacy Policy, the information you can provide about user accounts may include user-provided account information (such as email addresses), account activity, metadata (such as addresses), sender and recipient email, and incoming IP address), the source of the message, and the time the message was sent and received , message subject, etc.), the total number of messages, the storage space used, the time of the last connection and the unencrypted message sent by the external service provider to ProtonMail.
As an end-to-end encrypted email provider, it cannot decrypt email data. Therefore, even where there is a legally binding order, no information about the content of the email can be provided.
The company also stated in its transparency report that it may have an additional level of data collection that may be required by law to enforce it.
In addition to the items listed in our Privacy Policy, in extreme criminal cases, the service may also monitor IP addresses that are used to access ProtonMail accounts that engage in criminal activities.
The service provides users with an Onion address, which means that activists interested in tracking can access the Tor-encrypted email service, making it difficult to trace the IP address.
As a result, the company provides tools for users to protect themselves from IP surveillance. This is despite the fact that its service can, in certain circumstances, be converted into an IP monitoring tool under Swiss law.