Impact of Swiss surveillance laws on secure email

Swiss surveillance law

In September of this year, the Swiss Parliament passed a new Swiss surveillance law, known as the Nachrichtendienstgesetz (NDG) in German and la Loi sur le renseignement (LRens) en française.

2017 Update – In the months since the law was first introduced, we have had repeated contact with the Swiss government and held a meeting at our office together with legal counsel and members of the PTSS. In our meetings, we discussed the practical challenges of implementing such a law, and helped to advise policy makers on the most sensible implementation.

We appreciate that the Swiss government has recognized the leading role that Proton Technologies AG plays in developing the cybersecurity tools of the future, along with the role that we play in the economic re-orientation of Geneva, and Switzerland as a whole towards the high tech sector, and sought a meeting with us to discuss how to ensure both security and privacy in the digital age.

As a participant in these discussions, we can confirm unequivocally that upon implementation, the provisions regarding data retention introduced by the BÜPF will exempt companies like ProtonMail and ProtonVPN which are not major telecommunications operators. This is in addition to the points in the article below, which still hold.

This did not come as a total surprise because the Swiss surveillance law has been debated for quite some time, and mirrors similar efforts which are ongoing in other countries such as Germany, France, the UK, and the US. Unfortunately, due to the tragic events in Paris, efforts to curtail privacy have attracted political support even though it is clear that banning encryption won’t prevent terrorism.

As the world’s largest secure email service, we are following the discussions in Switzerland closely and we have gone over law with legal experts to understand the implications for ProtonMail. The Swiss surveillance law is similar to the one which was recently approved in Germany. However, there are some differences. The Swiss version requires sign off by a judge and needs to go through two levels of judiciary for approval. The Swiss also don’t have a history of cooperating with the US, unlike German intelligence.

After careful analysis, we can conclude that the new Swiss surveillance law will not significantly impact the environment for secure email services in Switzerland, and in particular will not affect ProtonMail. There are a couple reasons for this.

First, the new law only allows Swiss intelligence to conduct more surveillance. Given Switzerland’s neutrality, Swiss intelligence is mostly concerned with domestic threats and does not have an interest in the data of the 95% of ProtonMail users who are not from Switzerland. While the new law might open the door for Swiss intelligence, it certainly doesn’t open it for the NSA or other foreign intelligence agencies.

Second, there is a distinction between handing over the data we already have (which is end-to-end encrypted), and being forced to actively hack users. The new laws could compel us to hand over data that we have, but they definitely CANNOT force companies to hack their users. Because ProtonMail’s encryption is done client side, any obligations for service providers to remove encryption wouldn’t apply because the encryption is applied by the end-user on their device, and not by ProtonMail. It is also not clear the clauses regarding encryption would even apply to us in the first place, because we don’t fall under the standard definition of communication service provider used in the law, which largely relates to ISPs.

Third, while it seems bad that these new laws can force ProtonMail to hand over encrypted user data, this doesn’t actually change anything. Any company (ProtonMail included), can already be asked to hand over user data provided there is a VALID Swiss court order. The new law doesn’t change this. What it does is provides Swiss intelligence another avenue to get data. Instead of having to bring a case through the courts first, they can now directly request through the judiciary. This of course applies only to Swiss intelligence, foreign intelligence agencies will still need to go through the courts.

Fourth, since ProtonMail emails are encrypted using PGP (which provides end-to-end encryption), any emails that we do hand over would be encrypted, and only the owner of the emails will have the ability to decrypt them. This means the new Swiss surveillance laws actually strengthen instead of weaken ProtonMail’s use case. If Swiss intelligence has easier access to confidential personal data under the new laws, it becomes even more important to encrypt this data, which is exactly what ProtonMail does.

For the non-Swiss ProtonMail users, it is safe to say that these laws have little to no impact. As for Swiss users, unfortunately the privacy environment in our country has gotten worse which increases the need for secure email services like ProtonMail. Even though the new Swiss surveillance law does not fundamentally harm ProtonMail’s usage case (it in fact arguably improves it), we are consistent in our stance of opposing government invasion of personal privacy. For this reason, we are supporting the referendum effort to overturn these laws, and we encourage all Swiss ProtonMail users to also study the laws and sign the referendum. More information about the referendum can be found in our blog post here.

If you are interested in better protecting your email privacy, it is possible to get a ProtonMail account here: https://protonmail.com/invite

Best Regards,
The ProtonMail Team

About the Author

Andy Yen

Andy is the Co-Founder of ProtonMail. He is a long time advocate of privacy rights and has spoken at TED, SXSW, and the Asian Investigative Journalism Conference about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about ProtonMail's mission.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

43 comments on “Impact of Swiss surveillance laws on secure email

  • An interesting post, thank you. “Swiss neutrality” only means that this country does not engage in armed conflicts between other countries. The statement that the new law won’t open a door for NSA and other intelligence services seems naive considering the fact that information is “traded” amongst services. And in order to trade you need assets…

    Reply
    • Yes, but ProtonMail data is encrypted, so not really good for trading. This likely won’t impact ProtonMail because we are end-to-end encrypted. But services like bluewin, mykolab, and others will not be mined by the security services.

      Reply
  • Hello ProtonMail Team,

    I’m British, and I can empathise fully with the frustration you must be feeling considering the ludicrous state-spying laws my country is trying to pass*.

    Switzerland, to me, has always been a place of peace, security and, crucially, privacy, therefore it is disheartening to read this; as I admit, I didn’t hear about this particular change.

    Ultimately, though, as you point out, it shows the desparate need for, not only, ProtonMail, but properly implemented and strong End-to-end encryption (E2EE).

    All I can end with is to say keep fighting, there are those of us who dare to imagine the Orwellian world we are getting one passed law closer to everyday, in every country.

    Mr Blair would be astonished as to how far “democratic” countries push the meaning of the word, no matter what the “threat”.

    Sincerely,
    Mr. Nobody

    *https://en.m.wikipedia.org/wiki/Draft_Communications_Data_Bill

    Reply
  • So, let me get this right … No One from The U.S. or Inside of The U.S. is affected at all with these changes / updates? We’re still all protected and whatnot then like nothing’s changed for Us and what ProtonMail still stands for??

    Reply
    • That’s correct. Even Swiss users that use ProtonMail are not impacted because the user messages we store are all end-to-end encrypted. However, Swiss users that use non-ProtonMail accounts will be severely impacted because now Swiss intelligence can easily access their messages.

      Reply
  • You’re not being entirely honest. After all, there’s no mention of the fact that you do not encrypt metadata. So this does have a negative impact on us ProtonMail users.

    Just a few random things that are not end-to-end encrypted:
    – Information on who I exchange emails with (sender, receiver).
    – From where I send emails, and when I do so.
    – The subject line of the email (this often says a lot).

    I’m disappointed about the fact that you did not mention this.

    Reply
    • As we mentioned above, this information can already be lawfully requested by law enforcement with or without these new laws. Unfortunately on an email platform, it is not possible to end-to-end encrypt metadata because in order to send the email, its manadatory to know where it is going to be sent.

      Reply
      • > Unfortunately on an email platform, it is not possible to end-to-end encrypt metadata
        Morons.

        I know at least two email solutions that can encrypt metadata. pEp project. The Enigmabox.

        Reply
    • How long is the metadata held by ProtonMail after a message is successfully transmitted or received?
      Wouldn’t a policy of deleting metadata after a short time frame prevent after the fact fishing expeditions?

      Reply
  • Hi! Why not just enable users to keep private keys on their USBs/PCs like countermail.com does? This saves ProtonMail (and users 🙂 ) from much trouble.

    Reply
  • do you think the extraordinary rendition (black sites) program of the CIA was “legal” in any country? FYI: no. FYI: they can arm-twist the governments around the world to do anything, once it’s deemed important enough.

    Reply
  • Hello Protons,

    Just a question about incoming mail.

    When I’m not logged in and new mail comes in. How is this mail encrypted / secured until I login again ?

    Best regards,

    Reply
    • To encrypt your mail, we only need your public key which we have access to. But to decrypt, you will need the private key which we don’t have access to.

      Reply
    • I hope not! For me, e-mail is a DISCRETE application which should be alone and apart and separate, and not merely an excuse to add more and more NON-e-mail “apps” to the offering such as spreadsheet, documents, project management, diary management, chat, etc.

      This for me is where companies like Zoho have lost the plot. Having lured in personal (i.e. non-business) users with their admittedly rather good e-mail offering, they then try to do “everything” under the one big named umbrella.

      Please PLEASE never let Protonmail go down that route and please keep it as PURELY e-mail and NO other services! Let those who want chat and other such gew-gaws find a specific service or app for that; and seriously: aren’t there enough chat services already?

      Reply
  • If Switzerland collapses to such pressures, as happened in the banking sector, will Proton consider moving its business/servers to a more secure country?

    (I understand Iceland is good. Perhaps Singapore or Hong Kong could be other options?)

    Reply
    • Protonmail is right in saying that the situation is not comparable to other werstern countries even when the new law is approved. Swiss intelligence is not very powerful. They do not have the budget for a rigorous surveillance. Only 2-3 hundred people are working there and they have other more important tasks than to hunt down an email provider. The swiss public would not allow this (and they actually have the power to this). Comparing NSA or MI6 cababilities with Swiss cababilities is ridiculous.

      Reply
  • I have a question: who’s considered as “Swiss user”? Somebody who has an Swiss IP at the moment of logging on, or located in Switzerland or someone with an @protonmail.ch address? It’s not so clear to me.
    What if a user use your services through TOR (in and outside of Switzerland)? Or it is sufficient to have an @protonmail.com and we aren’t anymore “Swiss user”?

    Thanks in advance!

    Reply
  • Mission: To provide neurologists with outstanding peer-reviewed articles, editorials, and reviews to enhance patient care, education, clinical research, and professionalism.

    Reply
  • I really don’t think it is their job to regulate the internet.

    Please advise if you see this going on in every country ,
    as we will then be totally screwed.

    S

    wolfg

    Reply
  • While I agree with the overarching conclusion of the article (bad news for privacy in Switzerland and reinforcement of Protonmail’s use case), there are comments that merit rebuttal.

    First, the historically held believe that Switzerland does not cooperate with other countries does no longer hold after they were coerced into lifting bank secrecy for the US tax authorities: http://www.usatoday.com/story/news/world/2014/01/22/swiss-banking-secrecy/4390231/

    Second, “Swiss neutrality” is a myth. Switzerland does take part when required. You say, that based on “Swiss neutrality”, the Swiss intelligence doesn’t care about non-Swiss affairs. Well, in internet there is hardly a local affair anymore and intelligence services routinely cooperate between each other, exchanging assets, as pointed by another comment. Please, provide verifiable references of the statement that Swiss intelligence abides by “Swiss neutrality” principles.

    Reply
  • Thank you for your service to the human spirit. I am not rich but I do have an upgraded account and will donate more as I can. I was a victim of 2014 yahoo attack, and although I am too poor for them to really do too much to me, I was a victim of scams and spoofs for 2 years before yahoo admitted it. It happened when ATT decided to use the yahoo servers and all my email and financial, password info etc. was taken from the account. The unfortunate conclusion is that they were able to get away with this for 2 years until Yahoo sent me an official notice, I was unable to file a police report which enabled to lock my credit and info from being besieged by enemy forces up until quite recently.
    I really do appreciate this feeling of security. Thank you!

    Reply
  • The problem is who needs the key we can just fish it of the person as they are using it!
    This system is no longer safe and you are not protecting our emails.

    Man in the middle or even system watch can access as you see it, don’t be a fool think our of the box.

    Opera and now win 10 plus extras all pose a major security risk and you all suck it up like sheep…

    Mos.

    Reply
  • Having just deleted my yahoo accounts in disgust,I find myself here reading more doom and gloom concerning our ability to comunicate wihtout state interference.The DDOS attack which lasted 5 days must be just a taste of what is to come,So my question is,Should PM be faced with a continued attacks will this service survive?
    PS.you can keep the 10 bucks i donated.

    Reply
      • Do you have any idea or suspicions about who it is that has been mounting the ongoing DDoS attack on you. One could guess, but picking between the “evils” these days is effectively an all-encompassing exercise.

        Reply
  • UK CAN COMPEL USERS TO HAND OVER THE KEYS TO DECRYPT???

    Is it the case that in the UK the police/security services have the power to demand that you hand over your passwords used to encrypt?

    I think this may be the case. In which case protonmail is less useful to those living in the UK than in other countries.

    Reply
    • We don’t know how UK law works, but ProtonMail cannot be compelled to hand over keys. We can’t answer whether or not it is possible to force individual users to comply as we don’t fully understand UK laws.

      Reply
    • Yes, since October 2007 it has been UK law that police or courts can compel you to hand over decryption keys. If you refuse, you will be jailed. Part 3, Section 49 of the Regulation of Investigatory Powers Act (RIPA), with up to five years in jail as a penalty.

      Reply
  • DO THEY KNOW WHAT PROTONMAIL ACCOUNTS WE HAVE?

    Do the police/security services know what protonmail accounts we have? For example if I had an account called ‘ffsdd435435@protonmail.ch’ would they know that I have that account? Can they obtain it from my browsing history? Can I stop them from knowing this by using Tor or does protonmail not work with Tor?

    Many thanks

    Reply
  • Hi there,

    Thanks for informing users about this! As for the new Swiss Law, i personally feel like I have lost my trust in protonmail. I used this service because it didn’t keep any logs at atall, and it had by far the best crypto, I had seen in various email services. Since the new law, now does require Protonmail to keep logs, I feel this key aspect for me to use this service has now gone. I imagine this aspect for other users will also be important…

    Reply
    • If you read the update, you will see that we are not obligated to log under the new law as it does not apply to us.

      Reply