ProtonMail criticised for sharing activist's IP address with law enforcement

The company prides itself on benefitting from Switzerland's strict privacy laws, yet had to follow the “legally binding order"

ProtonMail has been criticised for providing authorities with the IP address of a French climate activist.

The company, which is one of the world’s largest secure email services, offers end-to-end encrypted emails which can only be decrypted by the recipient. However, it can log users’ IP addresses in the case of serious crimes.

French authorities, who were denied the request for the activist’s IP address, managed to obtain the information through Swiss law enforcement. ProtonMail, based in Switzerland, prides itself on benefiting from the country’s strict privacy laws, yet was “obligated" to comply with the “legally binding order from Swiss authorities”, according to founder and CEO Andy Yen.

The case has been extensively criticised, with many disagreeing about the severity of the crime. The activist had been involved in taking over apartments and commercial locations in the Paris neighbourhood of Sainte Marthe, in order to protest the rising gentrification in the area. Amnesty International technologist Etienne Maynier stated on Twitter that he has “a hard time seeing how young people squatting buildings in Paris is an extreme criminal case”. 

“In any case, I have an issue with this lack of transparency from ProtonMail, if any police service can ask them to log IP addresses, that is not anonymous,” he added.

Related Resource

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Policeperson tapping ID to phone with car in the background - whitepaper from SamsungFree download

In a company statement published on Tuesday, Yen said that “there was no possibility to appeal this particular request [from the Swiss authorities]”.

However, it has sparked concerns that ProtonMail could be able to give out IP addresses to law enforcement of any country, as long as they file their request through the Swiss authorities.

Security expert Filippo Valsorda said that “the problem with ProtonMail is not that they don't deliver an impossible product (secure email), but that they advertise it”.

“It's a choice, they know it, they benefit from it, their users believe it, and they are responsible for it,” he added.

Yen stated that the company “will be making updates to [its] website to better clarify ProtonMail’s obligations in cases of criminal prosecution”.

“We apologise if this was not clear. As a Swiss company, we must follow Swiss laws,” he said, adding ProtonMail’s privacy policy will also be updated “to make clearer our legal obligations under Swiss law”.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Bridging the DevSecOps divide: Spotlight on key relationships
Whitepaper

Bridging the DevSecOps divide: Spotlight on key relationships

3 Dec 2021
Planned Parenthood cyber attack exposes data of 400,000 patients
cyber attacks

Planned Parenthood cyber attack exposes data of 400,000 patients

3 Dec 2021
Bridging the DevSecOps divide: Spotlight on zero trust
Whitepaper

Bridging the DevSecOps divide: Spotlight on zero trust

3 Dec 2021
Bridging the developer and security divide
Whitepaper

Bridging the developer and security divide

3 Dec 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
Access brokers are making it easier for ransomware operators to attack businesses
cyber security

Access brokers are making it easier for ransomware operators to attack businesses

1 Dec 2021