Sunday , October 24 2021

Swiss law is to blame

ProtonMail under fire for IP logging French environmental activist

Over the last couple of days, the news of the email service ProtonMail giving up an activist’s IP addresshas been a big topic of conversation for the international security community.

All reports indicate that the French police arrested the climate activist fighting against gentrification. However, ProtonMail is not under obligation to provide any details to the French authorities. So how did they get the IP address details?

https://thenextweb.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jshttps://platform.twitter.com/widgets.js

As TechCrunch noted, ProtonMail is obliged to comply with Swiss law, as they’re based out of Geneva. To get information about the activist, the French police sent a request to the Swiss authorities through Europol. The company’s CEO, Andy Yen, clarified on Twitter that the company only co-ordinated with the Swiss authorities — not French police or Europol.

https://platform.twitter.com/widgets.js

Switzerland’s law requires tech companies to notify the person whose data is being requested by the government. However, Yen didn’t specify if ProtonMail followed through in this case, and told TechCrunch that he can’t comment on this because of “for privacy and legal reasons.” 

In the ongoing case, ProtonMail delayed the notification by up to eight moths and kept logging IP address and other details of the activist in question. The firm could’ve been under the legal obligation to not disclose these details.

The company can provide metadata information about the account, including IP address, email address, and recipient emails — but can’t share email content because of end-to-end encryption protection.

Over the years, the country’s government has had increasing amount of data requests sent to the email service. In 2020, it sent 3,572 such requests — more than double of 1,465 requests it sent in 2019.

Governments requests for user data is a common practice across the world, but ProtonMail markets itself as privacy-first email service. The company only does IP logging in “extreme criminal cases,” and that sounds far fetched for an environmental activist.

It also provides anonymous email service through its Tor-based service, but it is facing criticism for not specifying that clearly on its website. In response, Yen said that the company will promote this option more prominently.

The CEO tweeted that it’s deplorable that the law is being used in this way to force information out of companies, but it doesn’t have any option but to comply with it. While some users might be questioning the company’s commitment to privacy, Yen’s vocal response might restore some faith in the service.

You can read about the whole incident in detail on TechCrunch.

This Article was first published on thenextweb.com

About IT News Ug

Check Also

IBM commits high-scale inference platform ModelMesh to open source

Data, data everywhere and not a drop to drink

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.