Sunday, November 27, 2022

Here’s how French authorities arrested a user on ProtonMail


Imagine this; you stumble upon ProtonMail, an end-to-end encrypted email service founded in 2013 in Geneva, Switzerland by scientists who dedicated their time to produce the world’s largest secure email service.

Naturally, users would expect to enjoy full confidentiality and anonymity, as privacy seems to be the main element behind ProtonMail.

Yet, this isn’t the case anymore, as the free email service is facing a fury of criticism after it gave up a French climate activist’s IP address to Swiss police, according to a report by TechCrunch.

The company was acting based on a request issued by French authorities, as part of a bigger investigation into a number of climate activists who are currently residing in Paris.

Since ProtonMail is based in Switzerland, French authorities sought help from Swiss officials, in which the founders of the service had to obey. Hence, logging IP addresses from users in “extreme criminal cases,” was un-avoidable, according to the company’s own transparency report.

“Proton received a legally binding order from Swiss authorities which we are obligated to comply with. There was no possibility to appeal this particular request,” Proton CEO Andy Yen wrote in a post titled “Important clarifications regarding arrest of climate activist.”

“The prosecution in this particular case was very aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world,” Yen added.

However, the order did not force the founder to reveal the contents of the activist’s email, as they are encrypted and cannot be accessed by Proton. Proton’s CEO did note that a similar order would also not have the option to provide ProtonVPN metadata, given that VPNs fall under different requirements according to Swiss law.

Nevertheless, the arrest sparked harsh backlash from ProtonMail users who expected the site to be completely secure and anonymous.

Yen promised users to update the service’s rules and regulations to “better clarify ProtonMail’s obligations in cases of criminal prosecution.”

Besides the fact that users cannot feel safe even when using a platform that supposedly ensures privacy at all times, The Verge recounted the alarming increase of Swiss court orders, taking into account those issued by foreign officials.

“In 2020, Proton complied with over 3,000 data orders from Swiss courts, more than double the number served in the previous year,” The Verge noted.

Moving forward, users should be able to obtain a key lesson from this incident; the internet is not a secure and private place, no matter how much a platform re-assures you of your safety.