Digital ID

ProtonMail denies that it spies on users for government agencies

The popular privacy-focused email service ProtonMail has been accused of offering voluntarily real-time surveillance assistance to law enforcement.

The popular privacy-focused email service ProtonMail made the headlines because it has been accused of supporting real-time surveillance carried out by law enforcement.

On May 10, while Stephan Walder, a public prosecutor and head of the Cybercrime Competence Center in Switzerland’s Canton of Zurich, was giving a presentation at an event when the Swiss lawyer Martin Steiger live-tweeted from the event that Walder incidentally mentioned ProtonMail as a service provider that voluntarily offers support to law enforcement.

Steiger said that ProtonMail offers voluntary support for real-time surveillance without requiring an order from a federal court.

“Email service provider ProtonMail, based in Switzerland, offers assistance for real-time surveillance: Voluntarily!” reads the post published by Stieger.

Steiger pointed out the company provided metadata and so-called secondary data that could be used by law enforcement and intelligence agencies for surveillance purposes.

“Metadata or secondary data that is available must be provided. On the other hand, ProtonMail, as a provider of derived communication services, has in principle no obligation for real-time surveillance. Art. 26 para. 4 SPTA provides such obligation only for providers of telecommunications services such as Swisscom or UPC.” continues the post.

“There is currently no evidence that ProtonMail is a provider of derived communications services with more extensive surveillance obligations. ProtonMail would therefore not have to voluntarily provide assistance for real-time surveillance.”

Steiger pointed out that ProtonMail the company is subject to Swiss local surveillance laws, but it’s not subject to more extensive surveillance obligations.

According to the transparency report published by the company, ProtonMail could conduct real-time surveillance for the authorities and it also mentions a current case:

“In April 2019, at the request of the Swiss judiciary in a case of clear criminal conduct, we enabled IP logging against a specific user account which is engaged in illegal activities which contravene Swiss law. Pursuant to Swiss law, the user in question will also be notified and afforded the opportunity to defend against this in court before the data can be used in criminal proceedings.“s.

Walder said that Steiger has misunderstood his speech, but the lawyer believes that the situation is exactly the one he described in the post.

ProtonMail denied Steiger’s claims and published a post to clarify that it only supports authorities when presented by an order from a Swiss court or prosecutor.

ProtonMail does not voluntarily offer assistance as alleged. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in all criminal cases. Furthermore, ProtonMail’s end-to-end encryption means we cannot be forced by a court to provide unencrypted message contents.” reads the blog post.

ProtonMail cannot be used for any purposes that are illegal under Swiss law. Not only is this against our terms and conditions, we are also obligated by law to assist police investigations in criminal cases. However, the claim that we do this voluntarily is entirely false.”

According to ProtonMail, Steiger’s interpretation of the law is different from the one taken by the Swiss authorities.

The company clarified that it does not agree with the interpretation taken by some branches of the Swiss government. Therefore, we have asked the Swiss Federal Administrative Tribunal to rule on the appropriate interpretation of the law, and we will appeal to the Swiss Supreme Court if necessary.

ProtonMail threatens to take legal action for defamation pursuant to art. 174 of the Swiss Criminal Code.


If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – privacy, surveillance)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

39 mins ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

15 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

21 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.