A Swiss lawyer has accused ProtonMail that the company has initiated offering IP Logging upon request of Swiss authorities.
ProtonMail, the famous end-to-end encrypted email service from Switzerland, has denied the claims made by a Swiss lawyer Martin Steiger regarding the company’s involvement in voluntary assistance to Swiss authorities for real-time surveillance.
The head of the Cybercrime Competence Center, Zurich, and public prosecutor Stephen Walder stated that the company doesn’t offer voluntary real-time surveillance but is obliged to help authorities in certain situations. However, Mr. Steiger publicly posted about ProtonMail’s offer stating that the company has initiated offering IP Logging upon request of Swiss authorities.
For your information, Zurich, Switzerland-based lawyer attended a presentation earlier in May where he mentioned ProtonMail, and later Mr. Steiger tweeted from his Twitter account that he learned at the event that the encrypted email service provider “voluntarily offers assistance for real-time surveillance.”
Gelernt: @ProtonMail unterstützt Echtzeit-Überwachungsmassnahmen, auch ohne BGE … Wird von Cybercrime-Staatsanwalt Walder ausdrücklich als positives Beispiel erwähnt!
— Martin Steiger 🦈 (@martinsteiger) May 10, 2019
Contrary to Mr. Steiger’s claims, Walder states that he is being misquoted and that he only said that ProtonMail is a reliable assistance provider. Steiger immediately responded that he has reported everything he learned at the event accurately and to prove his point, he cited the company’s recent Transparency Report in his blog post, which read that:
“In April 2019, at the request of the Swiss judiciary in a case of clear criminal conduct, we enabled IP logging against a specific user account which is engaged in illegal activities which contravene Swiss law.”
According to the report, ProtonMail enabled IP logging in April 2019, which actually falls into the category of criminal misconduct as per the Swiss law.
ProtonMail claims that the use of the term Voluntary is rather misleading because the company is obligated to assists authorities just like every other company does not just in Switzerland but around the world. ProtomMail cleared the air in one of its tweets that read:
“All Swiss service providers are obligated by law to assist law enforcement in criminal cases, and the law requires us to enable IP logging in criminal cases.” Hence, the company isn’t offering its services on a voluntary basis.
ProtonMail has also claimed that they offer end-to-end encryption and therefore, they cannot share unencrypted messages of its users to a court of law no matter how much is it pressurized through court orders.
According to ProtonMail, its T&Cs prohibit users from using this service for carrying out illegal activities, which is why when such infringements occur the company is obligated to help the police. But, this only happens when the company receives an order from some prosecutor or a Swiss court.
“ProtonMail does not voluntarily offer assistance. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in all criminal cases. Furthermore, end-to-end encryption means we cannot be forced by a court to provide message contents,” the company’s spokesperson told TheRegister.
Mr. Steiger, on the other hand, wrote in his blog post that the real concern is about the metadata and the way real-time surveillance can be performed using the services of ProtonMail.
So far, ProtonMail has denied the claims made by Mr. Steiger but the lawyer stands by his claims and even said that using only the metadata the authorities can learn a lot about an individual’s personal life.
ProtonMail has denied Martin Steiger’s claim. In its response, the company said that “Martin Steiger’s claim is factually incorrect, and Mr. Steiger is also aware that this claim is false. Not only have we informed him multiple times that his claim is false, but the alleged source of his story, a Swiss public prosecutor, has also refuted these claims (this is hidden at the bottom of Mr. Steiger’s article).”
ProtonMail’s response post is available here.