Around the end of May 2019, a scandal erupted around Protonmail, the encrypted email service, associated with the CERN laboratory, and based in Switzerland. I keep running into this sensational item on social media and am weary of debunking it over and over. So, here’s a blog post about it.
This tempest in a teapot stems from a misleading tweet made by a Swiss lawyer, Martin Steiger, where he states that Protonmail “voluntarily offers assistance for real-time surveillance.” This came from a statement he heard in a meeting. The tweet made it sound like Protonmail offers surveillance to anyone who asks, or even offers it unasked for, so everyone freaked out.
What’s the truth? It’s actually pretty boring. All Swiss-based providers of Internet services are required by law to assist law enforcement when ordered to do so by a court of law. This is the same in virtually every country.
What was said and meant in the meeting that Mr. Steiger attended was that Protonmail cooperates with law enforcement when ordered to do so by a court without fighting the court order. The word “voluntarily” meant that Protonmail complies with Swiss law without objecting.
In the case of Protonmail, cooperating means IP logging, which is all Protonmail can do. The system is designed so they cannot decrypt the contents of emails.
Everything clear now?