ProtonMail criticised for sharing activist's IP address with law enforcement
The company prides itself on benefitting from Switzerland's strict privacy laws, yet had to follow the “legally binding order"
ProtonMail has been criticised for providing authorities with the IP address of a French climate activist.
The company, which is one of the world’s largest secure email services, offers end-to-end encrypted emails which can only be decrypted by the recipient. However, it can log users’ IP addresses in the case of serious crimes.
French authorities, who were denied the request for the activist’s IP address, managed to obtain the information through Swiss law enforcement. ProtonMail, based in Switzerland, prides itself on benefiting from the country’s strict privacy laws, yet was “obligated" to comply with the “legally binding order from Swiss authorities”, according to founder and CEO Andy Yen.
The case has been extensively criticised, with many disagreeing about the severity of the crime. The activist had been involved in taking over apartments and commercial locations in the Paris neighbourhood of Sainte Marthe, in order to protest the rising gentrification in the area. Amnesty International technologist Etienne Maynier stated on Twitter that he has “a hard time seeing how young people squatting buildings in Paris is an extreme criminal case”.
“In any case, I have an issue with this lack of transparency from ProtonMail, if any police service can ask them to log IP addresses, that is not anonymous,” he added.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
In a company statement published on Tuesday, Yen said that “there was no possibility to appeal this particular request [from the Swiss authorities]”.
However, it has sparked concerns that ProtonMail could be able to give out IP addresses to law enforcement of any country, as long as they file their request through the Swiss authorities.
Security expert Filippo Valsorda said that “the problem with ProtonMail is not that they don't deliver an impossible product (secure email), but that they advertise it”.
“It's a choice, they know it, they benefit from it, their users believe it, and they are responsible for it,” he added.
Yen stated that the company “will be making updates to [its] website to better clarify ProtonMail’s obligations in cases of criminal prosecution”.
Join the 90% of enterprises accelerating to the cloud
Business transformation through digital modernisationFree Download
Delivering on demand: Momentum builds toward flexible IT
A modern digital workplace strategyFree download
Modernise the workforce experience
Actionable insights and an optimised experience for both IT and end usersFree Download
The digital workplace roadmap
A leader's guide to strategy and successFree Download