Update on the question of voluntary real-time surveillance

Updated on September 12, 2019.

As the blog post referenced by this post has been removed, this post no longer serves a purpose so we have removed it.

To remove any doubt, we confirm that ProtonMail has not and does not engage in voluntary real-time surveillance on behalf of law enforcement. We also confirm that ProtonMail cannot be used for any purposes that are illegal under Swiss law. Not only is this against our terms and conditions, we are also obligated by law to assist police investigations in criminal cases. Additional details can be found in our transparency report:

https://protonmail.com/blog/transparency-report/

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.

About the Author

Proton Team

We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. Ensuring online privacy and security are core values for the ProtonMail team, and we strive daily to protect your rights online.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

15 comments on “Update on the question of voluntary real-time surveillance

  • Seems to me, if you connect with TOR via the onion site, then end-to-end encryption means that the Swiss government can have whatever information you hold, and be welcome to it.

    Reply
    • That is not correct. End-to-end encryption means that we can never hand over the message contents of end-to-end encrypted emails.

      Reply
  • “We only do so when ordered by a Swiss court or prosecutor” in thus posting conflicts with many parts of https://protonmail.com/blog/transparency-report/ , which refer to complying with “requests” from police. PM examines the requests and decides if it will comply. But these are “requests”, not “court orders”. If police “request” something and PM decides to comply, is that not “voluntary” ?

    Reply
    • This is a misunderstanding of the terminology. A request is a term used to refer to court orders, orders from Swiss prosecutors, or orders from the government agency responsible for coordinating between law enforcement and service providers. Whenever we use the term requests, we are referring to something that is legally binding but includes more than just court orders, as orders can also come from prosecutors or the department of justice. In other words, there is no such thing as a voluntary request, all requests are by definition obligatory to follow.

      Reply
  • ProtonMail-

    Thanks for this clarification. You do important work for activists, journalists and citizens.

    If you work for a government and you know of illegal surveillance activities, it is your duty to report those activities. Please leak those activities using TOR or other anonymizing methods.

    Mike Rogers of the NSA correctly reported illegal spying on a U.S. presidential candidate. You should do the same. We will ALL be better off when illegal surveillance is ended. Follow the good example of your superiors who report these issues. Thank you!

    Reply
  • In other words, ProtonMail’s security is about the same as that of any other email service provider.

    Please remind me again what is the leg-up that ProtonMail has over Outlook, Yahoo, AOL, or Gmail? Just asking for a friend…

    Reply
  • It should be clear to us which meta data you can communicate by court order:

    – IP (
    But if we use the hiden service, I have trouble seeing what you’re going to give).

    – To & From

    – Subject (It is not encrypted between 2 users of protonmail)?

    – Date

    And indeed the lawyer asked a very relevant question.

    Unencrypted content from third-party services (Gmail, Outlook etc.) can be given unencrypted as part of real-time monitoring?

    Reply
    • The term real-time surveillance is misleading and is a carry-over from the days of telephone line wiretapping. As it applies to Internet companies, there are two types of obligation towards law enforcement in Switzerland (and basically every other country for that matter).

      Existing data – this is the sharing of data that a company already possesses, which would be the items in our privacy policy.

      Future data – this is the data that a company can be asked to log for law enforcement purposes. In our case, this is primarily the email access IP logs.

      Our encryption and data collection policies mean we have very little information, to begin with. The information that we can share, is described in detail within our privacy policy.

      Reply
  • Hello,

    I am a paying user of the Visionary Plan.
    I think you lack transparency about the meta information you keep.

    The OpenWhisperSystem Foundation is much clearer on this subject.

    Example of what they transmit to the courts:

    https://signal.org/bigbrother/

    Example of what they do to avoid knowing who is communicating with whom:

    https://signal.org/blog/sealed-sender/

    Because if you can tap your users in real time;
    Do you provide clear data from third party services (such as Gmail / Outlook etc)?

    You do a great job, it’s normal that you comply with the law.

    But you must be totally transparent on the subject and tell us clearly what you are likely to communicate.

    For example, you provide a hiden service (which is great by the way), so you are not able to communicate the IPs of the users using it.

    So you keep in clear between proton users:

    – The subjects
    – Sending time
    – To
    – From From

    And about emails going to other services:

    – The Subjects
    – Sending time
    – The body of the message
    – To
    – From From

    So you are likely to communicate the above elements?

    Reply
    • Hi Jason! We are sorry you feel that way. We always try to answer our user’s questions in a timely manner.

      Reply
  • “Mia N, June 5, 2019 at 10:37 AM

    This is a misunderstanding of the terminology. A request is a term used to refer to court orders, orders from Swiss prosecutors, or orders from the government agency responsible for coordinating between law enforcement and service providers. Whenever we use the term requests, we are referring to something that is legally binding but includes more than just court orders, as orders can also come from prosecutors or the department of justice. In other words, there is no such thing as a voluntary request, all requests are by definition obligatory to follow.”

    This “misunderstanding” of words has caused world wars. Not sure of CN but in US request from “prosecutor” is NOT the same as request from “court / judge warrant / order”. In US a prosecutor is nothing more than an attorney for the state vs attorney for defendant. Neither has more or less power than the other. Courts are courts. Prosecutors are prosecutors. PM should not be complying / cooperating with prosecutors anymore than they should be with the attorney of the accused party.

    Reply
  • Unfortunately, too much evasive answers from PM regarding objective questions in the above comments.

    It’s time to look for another mail service provider.

    Reply