French activist arrested for her IP: she was revealed by the encrypted mail service ProtonMail after a court order
ProtonMail is an encrypted email service that for years has boasted end-to-end privacy, security and encryption among other advantages. Things however can be complicated by a court order in between. A recent arrest of a French activist after his IP was revealed via ProtonMail shows the fine line between privacy and complying with the law.
ProtonMail, based in Switzerland, he was recently forced to reveal the IP address of one of his users. It happened after the Swiss authorities requested it by means of a legal order and impossible to appeal or reject. This incident has not caught on with ProtonMail users, although it is actually relatively common for ProtonMail and they have an explanation for it.
There is an important framework behind all this. The arrested French activist was linked to a series of protests in Paris during the summer of 2020 against the gentrification of the city. The activists occupied squares and buildings in Paris and apparently were organized using an email address registered with ProtonMail.
According to French media Paris Luttes, the French authorities tried to find out who was behind the email address. However, it is not possible directly since ProtonMail operates and has all its servers in Switzerland. Through Europol, an organization with which Switzerland also collaborates, they asked the Swiss authorities for the identity of the user related to said ProtonMail address and his IP.
The order subsequently issued by the Swiss Federal Department of Justice made ProtonMail comply with the law. So that, they revealed the IP address from which the email in question was operated. The order, in addition to not being able to be appealed, also prevented ProtonMail from notifying the user until the investigation was over.
User details yes, but no email access
After the controversy created, ProtonMail has published an official statement trying to clarify some aspects. In this statement they explain that they objectively comply with Swiss law, since that is where they operate as a company and it is the laws that they must abide by. They say that these types of orders are more common than it seems, in their transparency report they show how during the last years they have received thousands of orders.
That said, they clarify that it is one thing to reveal the identity of the user and quite another what they have in their emails or browsing through their VPN. Since the service is end-to-end encryption, it is practically impossible for ProtonMail (or any other entity) to read the emails. It is the same that happens with WhatsApp for example. In fact, they do not know the identity of the user as such, simply the data associated with him such as his IP, it is the job of the authorities to find out more.
Finally, they reflect that they strictly adhere to Swiss law and do not obey orders from other countries. Given the independence of Switzerland from Europe and other consortia, they should only be governed by what Switzerland requires. Another very different thing is that Switzerland requests the data on behalf of authorities in other countries, as has been the case with the French activist.
The moral of this is probably that The Internet is not as anonymous as it seems, as much as companies promise privacy in the end they abide by the rules of the country where they operate. For greater anonymity, you would have to go to decentralized networks such as Tor, although Europol has warned in the past that they are also capable of effectively tracking users there.
Via | TechCrunch
More information | ProtonMail