Back in 2004, a platform known as Lavabit was one of the most popular, open-source, encrypted webmail services. That is, until Summer of 2013, when the U.S. Federal Government demanded that Lavabit hand over private keys. These would allow the government to spy on emails sent and received by Edward Snowden. After Lavabit’s surrender to the demands, users left in droves and the service eventually suspended its operations.
A new service known as ProtonMail quickly became the go-to encrypted email service for privacy-conscious web users.
Why Did ProtonMail Hand Over Users’ Data?
For context, a green-friendly group known as “Youth for Climate” has been occupying residential and commercial properties since 2020 as part of its activities. Unfortunately for them, the group drew unwanted attention from French authorities recently, when they occupied a Cambodian restaurant in Paris known as Le Petit Cambodge.
The premises suffered heavy damage in the terrorist attack of 2015 that took place in Paris, and their squat in the building didn’t go unnoticed.
Following the trespassing, French police wanted to uncover the identities of these group members communicating via ProtonMail. They submitted a request via Europol to obtain users’ data from the Switzerland-based company.
As it transpires, the request was granted. It seems that Swiss authorities took control of the investigation, issuing the request to ProtonMail directly.
ProtonMail relented to the request and handed over the data requested from them. However, it didn’t go unnoticed by angry users on the web. People have questioned why the company had stored users’ details in the first place.
After all, the homepage is appealing to any privacy-conscious internet user. It talks about data protection under Swiss law and end-to-end encryption. What it doesn’t specifically mention, however, is anything about data logging.
“By default, we do not keep permanent IP logs in relation with your use of the Services. However, IP logs may be kept temporarily to combat abuse and fraud (…) If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation.“
This, according to ProtonMail’s CEO Andy Yen – is the reason why the company took action. He said:
“Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended, and we’re required by Swiss law to answer requests from Swiss authorities (…)”
Essentially, foreign governments or investigative agencies could ask Swiss authorities to request ProtonMail to release user information. And this incident proves that they would have to comply.