ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

ProtonMail's cooperation with Swiss authorities to out climate activist sparks outrage

It was revealed this week that ProtonMail provided information yet again to the Swiss police regarding a French activist. 

The news is a huge blow to the company, often lauded for its attitude to privacy and its thousands of worldwide users, who are now unsure of who they should trust to keep their information safe.  

 

What happened? 

The alleged cooperation between the authorities and ProtonMail was confirmed by the email and VPN provider this week. A blog post explained why the provider turned over information to the Swiss police regarding a French activist operating in Paris. The data was requested as part of a much wider-reaching investigation into a number of French activists squatting in buildings in Paris. The buildings, reports claim, are a mixture of apartments and commercial premises. 

Although ProtonMail does not cooperate with governments outside of Switzerland, it was obliged to act in this case because the French Police sent a request to the Swiss authorities through Europol, the EU's law enforcement agency. 

The news that one of the activists had been discovered via ProtonMail was broken by the activists themselves on French anticapitalist website Paris-luttes.info. Questions still remain on when – if at all – the French activist in question was notified his data was being tracked (which is a legal obligation outlined in Swiss law). 

Why is this so controversial?

The core reason this news is so troubling is that ProtonMail markets itself as a secure and privacy-preserving email service, one that is particularly unique in a global marketplace lacking secure email providers. Gmail, for instance, is not very secure at all. But If ProtonMail has started cooperating with the authorities in any country, then the service isn't anonymous as is often advertised.

Admittedly, in ProtonMail's Privacy Policy, the company states that IP addresses can be logged in 'criminal cases' – but that's also part of the problem. If it's possible for ProtonMail to start logging your IP address at all, then the platform as a whole is not very anonymous. 

On top of this, elsewhere – such as their 2021 transparency report – it is suggested that this only pertains to extreme criminal cases. But this case seems far from the sort that a privacy-conscious person would see it fit to meddle in. A user commented last year asking for clarification on this point, to which a ProtonMail writer replied:

A public prosecutor may request this if:

  1. There is a strong suspicion that an offense considered as severe has been committed (a full list can be found at art. 269 al. 2 of the Swiss Code of Criminal Procedure).
  2. The seriousness of the offense justifies surveillance.
  3. Investigative activities carried out so far have been unsuccessful or the inquiries would otherwise have no prospect of success or made unreasonably complicated.

The perpetrator in this case, at least in most people's eyes, has not committed a serious offense. They're a climate change activist who has been squatting buildings, something which few observers would classify as an extreme criminal act.

It's an odd situation for ProtonMail: if you're compelled by the law of the country you're in to do something for the government, you have to do it – but their reputation was built on the notion of them being an anonymous mail service, despite the surveillance law being passed in 2015. 

How did ProtonMail respond?

ProtonMail has issued a response to this specific case, in which they said that "there was no legal possibility to resist or fight this particular request", and that they were unaware that the individual being pursued by the police was a climate activist.

In the response, ProtonMail claims the request came through 'channels typically reserved for serious crimes', provides a number of other reasons as to why this action to place, and clarifies what authorities can and can't compel them to give over user data. 

ProtonMail in crisis

This is, unfortunately, the second time in a matter of weeks that ProtonMail's reputation has been dragged through the dirt due to cooperating with the authorities. Two weeks ago, it was revealed that the US government was able to obtain information about a user that had been making death threats about Dr. Anthony Fauci, the incredibly well-regarded scientist heading up the US's response as the President's Chief Medical Advisor. 

ProPrivacy's Hannah Hart explained in a recent article that this cooperation with authorities is due "in no small part to new laws passed in response to the 2015 terrorist attacks in Paris. ProtonMail previously slammed the introduction of these surveillance laws (the Nachrichtendienstgesetzt, or NDG, and the BÜPF), claiming that they would lead to the creation of a 'mini NSA' within Switzerland. ProtonMail's founder, Andy Yen, also claimed that the service would leave Switzerland entirely rather than cooperate with the BÜPF".

Importantly, ProtonVPN, a VPN network run by the same company, has confirmed that VPNs are not subject to the same surveillance under Swiss law, so they cannot be compelled to give out information on VPN users in the same way.

Written by: Aaron Drapkin

After graduating with a philosophy degree from the University of Bristol in 2018, Aaron became a researcher at news digest magazine The Week following a year as editor of satirical website The Whip. Freelancing alongside these roles, his work has appeared in publications such as Vice, Metro, Tablet and New Internationalist, as well as The Week's online edition.

3 Comments

patheticMail
on October 11, 2021
patheticMail
Derk
on September 23, 2021
goodbye proton, we will remember this service. Apparently, to be safe, there is no alternative to the utopia ecosystem.
John M
on September 17, 2021
Very disturbing. Is there any anonymous email provider that can be trusted?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service