[TheRecord] ProtonMail forced to collect an activist’s IP address in police investigation

Switzerland-based email provider ProtonMail said it was forced to log the IP address of one of its customers after it received a legally binding order from the Swiss government that it couldn’t legally appeal or decline.

The incident, which came to light over the weekend, has caused some unrest among the company’s users as ProtonMail had boasted numerous times in its public marketing campaigns about its no-log policies.

However, in a Reddit comment on Sunday and in a blog post published earlier today, ProtonMail said it was cornered by Swiss authorities earlier this year.

Case related to anti-gentrification protests in France

The incident is a complex one and is related to a series of anti-gentrification protests that took place in Paris in the summer and fall of 2020 when a group of activists named Youth for Climate forcibly occupied a series of squares and buildings in the Paris district of Place Sainte Marthe, in order to protest companies buying real estate and hiking up rent prices up to four times for local residents.

The group apparently used a ProtonMail email address to organize their protests (jmm[redacted]@protonmail.com), a detail that came to the attention of the real estate companies and French police, which was called in to evacuate the group and investigate its members.

Last week, the website Paris Luttes (Paris Struggles) revealed that French police worked through Europol to contact the Swiss government and asked for help in obtaining details about the email address owner’s identity.

ProtonMail said it couldn’t fight the legal order

“In this case, Proton received a legally binding order from the Swiss Federal Department of Justice which we are obligated to comply with,” a ProtonMail spokesperson wrote on Reddit over the weekend.

The order effectively forced the company to log the IP address used by the French activist to log into their ProtonMail inbox.

“There was no legal possibility to resist or fight this particular request,” ProtonMail CEO Andy Yen said earlier today.

“Under Swiss law, it is also obligatory for the suspect to be notified that their data was requested, which is not the case in most countries,” he added.

However, the ProtonMail CEO said that an accompanying gag order also prevented the company from disclosing this incident to the user while the investigation was underway.

On the other hand, Yen also highlighted that despite the fact that they were forced to comply with Swiss law, the Swiss legal system is far more robust than the legal systems of other countries.

“The Swiss legal system, while not perfect, does provide a number of checks and balances, and it’s worth noting that even in this case, approval from 3 authorities in 2 countries was required, and that’s a fairly high bar which prevents most (but obviously not all) abuse of the system. […] Finally, Switzerland generally will not assist prosecutions from countries without fair justice systems,” the ProtonMail CEO added.

Yen said ProtonMail encryption was not bypassed in the investigation.

He also said that email and VPN services are treated differently in Switzerland, and authorities can’t use the same legally binding order to force the company to log the details of its VPN product.

Either way, the entire incident left a bad taste for most of the company’s users.

With several ransomware gangs having abused ProtonMail addresses to ransom victims for more than half a decade, most users are upset that Swiss authorities decided to help an investigation related to a climate activist rather than one related to a ransomware group.

Hol’ up…

So France police manages to get ProtonMail to release information about /climate activists/?

Good thing they don’t take ransomware that seriously, I guess 🤷‍♀️

— E (@nemesis09) September 6, 2021

The post ProtonMail forced to collect an activist’s IP address in police investigation appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] Windows 10 July security updates break printing on some systems

Microsoft says customers may experience printing and scanning issues on devices using smart card (PIV) authentication after installing July 2021 Windows 10 security updates on a domain controller (DC). […] Source: Read More (BleepingComputer)

Read More

[ZDNet] Emotet, once the world’s most dangerous malware, is back

All posts, ZDNet

The Emotet botnet has returned and is being installed onto Windows machines that are already infected with TrickBot, warn security researchers. Source: Read More (Latest topics for ZDNet in Security)

Read More

[TheRecord] Apple patches iOS and macOS zero-day exploited in the wild

Apple has released security updates today to patch a new zero-day vulnerability that Google’s security team said it’s been exploited in the wild to compromise user devices. Tracked as CVE-2021-30869, the vulnerability resides in XNU, the kernel component that ships with modern Apple systems. According to Shane Huntley, head of the Google Threat Analysis Group, the XNU […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.