ProtonMail, a Switzerland based email provider, has stated that it was forced to log the IP address of one of its customers after it received a legally binding order from the Swiss government that it couldn’t decline or legally appeal against. This was discovered after images of a French police report which showed that they had obtained the IP address of a climate activist who used ProtonMail was circulating on social media.
Over this weekend, this particular incident came to the attention of the public after it caused some unrest amongst ProtonMail users. The unrest was mainly because of ProtonMail constantly advertising their product as one that assures privacy, end-to-end encryption, and most importantly, no-log policies.
In a Reddit comment, ProtonMail perfectly summed up the whole incident, including how they cannot go against some legal obligations when it came to criminal investigations.
As seen above, they have clarified almost all the aspects of the issue by providing a complete and proper explanation for the incident with the inclusion of their objectives, links to their transparency report and privacy policies, and also about the law governing their actions along with its jurisdiction.
The case leading to the ProtonMail incident
In September 2020, a group of activists under the name ‘Youth for Climate’ led a series of anti-gentrification protests in Paris, France. The group reportedly occupied a series of squares and buildings in the Paris district of Place Sainte Marthe, to protest companies buying real estate and hiking up the rent prices up to four times the normal rate for local residents.
According to the same press release by Paris Luttes, the group used a ProtonMail email address to organize and coordinate their protests. This detail is suggested to have come to the knowledge of both the real estate companies, and thus, the French Police was called in to evacuate the group and investigate its members.
In another article by Paris Luttes, it was later revealed that the French Police worked through Europol, the EU’s premier law enforcement agency, to contact the Swiss government (one of the 27 member states associated with Europol) and ask for help in acquiring the details of the owner of the ProtonMail email address.
You may also like: Whatsapp fined $267m for violating GDPR
Legally binding order from Swiss govt.
As seen in a blog post published by ProtonMail, it has been clearly mentioned that:
“In this case, Proton received a legally binding order from Swiss authorities which we are obligated to comply with. There was no possibility to appeal this particular request.”
ProtonMail also clarified that they can’t, under any circumstance, bypass their encryption; meaning all emails, attachments, calendars, files, etc. cannot be compromised even under legal orders. The company also said that they do not give data to foreign governments, which is illegal under Article 271 of the Swiss Criminal Code.
The email provider has also created a page on its official website entitled, “Information for Law Enforcement Authorities” which highlights all necessary information, especially for such cases.
In this specific instance, ProtonMail has clearly stated that:
“There was no legal possibility to resist or fight this particular request”
Andy Yen, the CEO of ProtonMail, has clearly stated that the company will be making further updates to their website to better clarify its position in cases of criminal prosecution. He has also stated that ProtonMail will be updating its privacy policy as well to clarify its legal obligation. He also said that email and VPN services are treated differently in Switzerland, and authorities can’t use the same legally binding order to force the company to log the details of its VPN product, ProtonVPN.
“We need to help the youth activists, but ProtonMail cannot do that by breaking the law and ignoring court orders. We are on your side, and our shared fight is with the authorities and the unjust laws we have been campaigning against for years. The prosecution in this particular case was very aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used).
We will continue to campaign against such laws and abuses, and we will continue to challenge unjustified government requests whenever possible.“
Concluding statement of Andy Yen’s statement via the ProtonMail blog post
Add Comment