ProtonMail slams French tactics following backlash on climate activist case

"It is inappropriate for the French authorities to have used measures designed for serious criminal offences to pursue this investigation," a ProtonMail spokesperson told EURACTIV France, referring to the procedure conducted via Europol. [Protonmail]

Encrypted email service ProtonMail has come under fire after it gave the IP address of a climate activist to the Swiss judiciary at the request of the French police. The company said it had no other choice and criticised France’s tactics to obtain the information. EURACTIV France reports.

ProtonMail, known for its commitment to confidentiality, could well see its reputation damaged after it was reported by Paris-luttes.info that it had disclosed the address of a Youth for Climate activist. The information was originally requested by the French police via the EU crime-fighting agency, Europol.

Commission seeks to calm fears over Europol's decryption platform

The European Commission has issued assurances to MEPs that Europol’s new decryption platform will not be used to abuse data protection standards and will maintain closely guarded access rights over the data retrieved.

The activist is believed to have taken part in a series of sit-ins in the Place Sainte Marthe area of Paris to fight the area’s gentrification.

ProtonMail has said that they were unaware that the people targeted were activists. Following a public backlash, Proton CEO and founder Andy Yen explained the situation in a blog post.

“In this case, Proton received a legally binding order from the Swiss authorities which we are obligated to comply with. There was no possibility to appeal this particular request,” he wrote. The Swiss approved 195 similar requests for information in 2020 compared to 13 in 2017.

“Under no circumstances can our encryption be bypassed, meaning emails, attachments, calendars, files, etc. cannot be compromised by legal orders,” he wrote, adding that his company never provides information to foreign governments directly and only responds to Swiss authorities, or to requests approved by them.

“It was inappropriate for the French authorities to have used measures designed for serious criminal offences to pursue this inquiry,” a ProtonMail spokesperson told EURACTIV France, referring to the procedure conducted via Europol. “We also believe that Swiss authorities should have done more diligence before approving the request,” he added.

“We will continue to campaign against these laws and abuses, and we will continue to challenge unjustified government demands wherever possible,” the company said.

While ProtonMail is trying to downplay the case, touting the legal standards guaranteed by Swiss law, it is nevertheless urging its users to use the Tor browser to access the service, making it more difficult to identify the IP address.

The case is causing a stir because it illustrates the difference between privacy and anonymity – a nuance not always well explained by technology companies offering services that rely on data confidentiality.

ProtonMail provides encrypted mailing services, which ensures the communication can only be accessed by the senders and recipients of the message. The time, location, and IP addresses form the communication’s metadata, which is not covered by encryption.

“A useful reminder: despite marketing promises, no messaging service offers full insurance against abusive surveillance,” tweeted Olivier Tesquet, a journalist and digital and surveillance specialist.

Pegasus shows no backdoor will be used only by good guys, Proton CEO say

Commenting on a recent cyber-surveillance scandal, a tech leader said encryption has made mass operations impossible and its integrity should be maintained at all costs, but he also pointed to Big Tech’s data collection practices as a major source of privacy vulnerabilities.

[Edited by Luca Bertuzzi and Benjamin Fox]

Subscribe to our newsletters

Subscribe