Sep 07, 2021 15:15:00

Explains the case where privacy-oriented mail service 'ProtonMail' discloses data at the request of the government

ProtonMail , a user privacy-focused email service that sells encrypted emails, has been accused of providing the IP address of a specific user in response to a data disclosure request from the authorities. About this, ProtonMail CEO Andy Yen reveals the 'eight points' of how ProtonMail protects data and when to disclose it, and points out the current problems.

Important clarifications regarding arrest of climate activist

https://protonmail.com/blog/climate-activist-arrest/

Regarding sending and receiving emails, ProtonMail explained on its website that it 'does not store the user's IP address', but on May 9, 2021, 'Swiss police were exchanging information using ProtonMail. We asked ProtonMail to disclose our IP address, and ProtonMail accepted it. '

The privacy-oriented email service 'ProtonMail' disclosed the user's IP address to the authorities, and it was criticized as a hype --GIGAZINE

The disclosure of the IP address was requested by the Swiss authorities to ProtonMail as part of an investigation by a group of activists on climate change in France. Members of this group of activists were anonymous, but because they used the email address '[email protected]' in their online posts, French police filed a request for disclosure to ProtonMail.

Since ProtonMail is headquartered in Switzerland, it is in principle compliant with Swiss law and is not subject to requests from French or EU authorities. However, this time the French police Europol with the help of, submit a request to the Swiss police. A Swiss court granted the request and requested ProtonMail to disclose its IP address. As a result, information was handed over to the French police, identifying activists and leading to arrests, but this news is of concern to many users, as ProtonMail is often used by activists seeking high privacy. Caused.

In a blog post entitled 'Important clarifications regarding arrest of climate activist,' Yen received a legally binding order from the Swiss authorities and complies with the order. Explained that it was obligatory. ProtonMail basically doesn't record IP addresses, but said it does record IP addresses 'only if you receive a legal order for a particular account.'

Yen explains how ProtonMail will be affected by requests from the authorities:

1. 1. Under no circumstances will ProtonMail encryption be bypassed. In other words, emails, attachments, calendars, files, etc. will not be revealed by legal order.
2. ProtonMail does not provide data to foreign governments. This is illegal under Article 271 of the Swiss Criminal Code. ProtonMail only follows legally binding orders from the Swiss authorities.
3. 3. Swiss authorities only approve requests that meet Swiss legal standards. (Only Swiss law matters)
Four. User community transparency is very important to ProtonMail. Since 2015, ProtonMail has published a report on 'How ProtonMail has handled the demands of the Swiss authorities.'
Five. Swiss law requires third parties to notify you when they use your privacy data, such as in criminal procedures. You can check the details here.
6. Current Swiss law treats email and VPN as separate. Therefore, you cannot force ProtonVPN to record user data .
7. 7. Due to ProtonMail's strict privacy, ProtonMail cannot identify the user's identity. In this case, ProtonMail was unaware that the target was a climate change activist. ProtonMail only knew that the data disclosure orders required by the Swiss government came through routes that normally deal with felony.
8. There was no legal possibility to resist or fight against this order.

'You can't break the law or ignore court orders,' Yen said, saying ProtonMail needs to help young activists. ProtonMail has resisted data disclosure requests as much as possible, and there were more than 700 cases in 2020 that fought against data disclosure. However, anti-terrorism legislation is being used improperly in France, for example, and patterns like this are on the rise worldwide, Yen said.

To clarify ProtonMail's obligations in the event of criminal prosecution, Yen promised to update ProtonMail's website. We recommended using Tor , which allows anonymous access, for users who want stronger privacy.

ProtonMail --Tor Encrypted Email
https://protonmail.com/tor

Yen also said that while companies must comply with the laws of their country, no matter what service they provide, Switzerland has a relatively abuse-prone mechanism for requesting data disclosure to companies. .. Speaking of this request, it has been approved by three authorities in two countries before it is made, and Swiss law requires suspects to be notified that data disclosure is required. However, in some countries such a mechanism does not exist. In addition, Switzerland does not support prosecution in countries without a fair judicial system, Yen said.