ProtonMail and the user data transfer to the USA

[German]The Swiss-based ProtonMail e-mail service offers end-to-end encryption of mails before they are sent to ProtonMail's server. ProtonMail is operated by Proton Technologies AG, which is based in Plan-les-Ouates (Canton Geneva). Its servers are located in two locations in Switzerland, outside EU and US jurisdiction. As a result, ProtonMail is (supposedly) considered a "secure email service and haven of privacy." 


Advertising

But anyone who maintains a mailbox there shouldn't be so sure that their data won't end up in the US. I came across an interesting fact the other day via the following tweet from Jens Kubieziel. 

ProtonMail

The Tweet says: ProtonMail, which claims to be a "secure email service from Switzerland," provides user data to security authorities. The tweet links to Mastodon, where the following (translated) statement can then be found:

ProtonMail, which claims to be a "secure email service from Switzerland," provides user data to security authorities. User data also goes to law enforcement agencies in the U.S., as a recent case shows.

The Mastodon post then links to this article (German), written by attorney Martin Steiger. Steiger came across this issue via a current criminal case in the US. In the USA, criminal proceedings are underway against a defendant who, among other things, sent threats against the well-known US immunologist Anthony Fauci by mail that went through ProtonMail. In a series of emails, the sender threatened, among other things, to kill Fauci and his family.

The U.S. submitted a request for mutual legal assistance to Switzerland, as a result of which the user's data was transferred to law enforcement authorities there. The defendant maintained several accounts at ProtonMail at once. The defendant had switched to ProtonMail because he believed he was protected by Swiss data protection law and end-to-end encryption. Nevertheless, the sender could be identified in the interaction of data from ProtonMail as well as other online services.


Advertising

The article, written in German, make it clear that ProtonMail has to cooperate for legal reasons with Swiss security authorities. Whereas there was a case in 2019 where ProtonMail offered itself to transfer data. So anyone who has an email account with ProtonMail is not automatically protected from data leakage and law enforcement. Even if mail content is encrypted, meta-data still accrues that goes to law enforcement agencies, as attorney Martin Steiger reveals in his article


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

One Response to ProtonMail and the user data transfer to the USA

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).