Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

ProtonMail forced to log user’s IP address after an order from Swiss authorities

September 8, 2021

Following the incident the corporate has up to date its web site and privateness coverage to make clear its authorized obligations to its userbase

ProtonMail a Swiss-based safe electronic mail supplier has been on the middle of some controversy after it was pressured to share the IP tackle of one among its shoppers, a local weather activist, with legislation enforcement businesses resulting from a legally binding request by the Swiss authorities.

In accordance with TechCrunch, which broke the story, the French legislation enforcement authorities had been in a position to purchase the IP tackle of a French activist that was utilizing ProtonMail’s companies, by sending a request to the Swiss police via Europol.

“On this case, Proton acquired a legally binding order from Swiss authorities which we’re obligated to adjust to. There was no risk to enchantment this specific request. As detailed in our transparency report, our published threat model, and likewise our privacy policy, beneath Swiss legislation, Proton might be pressured to gather info on accounts belonging to customers beneath Swiss felony investigation. That is clearly not executed by default, however provided that Proton will get a authorized order for a particular account,” stated Proton CEO Andy Yen in a blog post explaining the main points of the incident.

The revelation was met with criticism from the corporate’s person base, with one person with the deal with Etienne – Tek questioning what ProtonMail meant by its declare that it doesn’t hold any IP logs that might be related to nameless electronic mail accounts.

Tweet

Plainly the corporate has since eliminated the declare from its web site and amended its privateness coverage. Yen stated it might do as a lot in his weblog, saying that the e-mail supplier would replace its web site to be able to shed extra gentle on its authorized obligations in relation to felony prosecution instances and replace its privateness coverage to make clear its obligations beneath Swiss legislation.

Nonetheless, he did spotlight that ProtonMail’s encryption can’t be bypassed and that the corporate doesn’t give knowledge to overseas governments, and it solely complies with “legally binding orders from Swiss authorities”. The e-mail supplier additionally maintains that it doesn’t know the id of its customers resulting from its strict privateness measures.

Yen acknowledged that improvement is regarding, nevertheless he emphasised that the corporate does struggle for its customers, “Few folks know this (it’s in our transparency report), however we really fought over 700 instances in 2020 alone. Every time attainable, we are going to struggle requests, however it’s not at all times attainable.”

Posted in SecurityTags:
Write a comment