Correcting misconceptions about the White House’s use of encryption and ProtonMail

Like many of you, we have seen the story this weekend where it was revealed that ProtonMail was being used by White House staff.

As a matter of policy, we never comment on individual accounts, so we will not confirm nor deny the authenticity of this account. And while we were hoping to not have to comment at all, after two days of silence, there are some misconceptions that we now feel are necessary to correct.

Don’t be a password idiot

First of all, just to get it out of the way, don’t be a password idiot. Do not write your password down on a piece of paper and then lose that piece of paper. Also, enable two factor authentication. Without good password practices, no amount of encryption will keep your data secure. We highly recommend reading our email security guide. In other words, don’t be this guy:

 

Wanting more security is not suspicious

It is incorrect to say that using ProtonMail implies you have “something to hide.” ProtonMail provides more security and privacy compared to Gmail or other email services, and security is desirable for practically anyone that uses the internet.

What makes ProtonMail more secure is that we use zero knowledge encryption and end-to-end encryption, which means that we do not have access to your emails, and an adversary which breaches our systems also cannot decrypt the emails stored on our servers. We cannot read your emails, we cannot share data with third parties, and we do not do business with advertisers who want your data. We comply fully with both Swiss and EU privacy regulations, including the upcoming GDPR legislation.

Encryption doesn’t prevent the creation of records

There is a broadly held misconception that encryption is being used to prevent the creation of government records. This is technologically incorrect. Encryption does not prevent the creation of records. If anything, it is an important tool for improving the security of records.

As it pertains to the Trump administration’s use of ProtonMail, the actual issue is whether or not non-governmental accounts are (allegedly) being used for government work. This is an entirely separate issue that has nothing to do with encryption, and it is a mistake to confuse the two.

It is also important to note that it is not illegal for government officials to possess private email accounts (ProtonMail or otherwise) for personal use, and the presumption should be innocent until proven guilty.

Encryption is not about hiding, it is about securing

Encryption by itself generally does not permit a government official to hide communications. Emails, encrypted or not, can be subject to subpoenas. The difference is that when it comes to encrypted emails, it is not possible to obtain them from the service provider, and instead the subpoena must be served to the individual or organization under investigation. This is the way that things should be, and is far better than the alternative (prohibiting the use of encryption), which would weaken security for everyone, treat all users as guilty until proven innocent, and leave data vulnerable to leaks and breaches.

Concluding Thoughts

Like all services, ProtonMail can be used both legally or illegally, but there is nothing out of the ordinary with possessing an account. Millions of people use ProtonMail, including journalists, activists, doctors, lawyers, businessmen, and people from all walks of life. Our technology is used to protect online freedom, keep societies democratic, and provide improved cybersecurity. While we may not always agree with all of our users, we are committed to keeping ProtonMail accessible to all who use it in a lawful manner.

Best Regards,
The ProtonMail Team

About the Author

Andy Yen

Andy is a founder of ProtonMail. He is a long time advocate of privacy rights and has spoken at TED, SXSW, and the Asian Investigative Journalism Conference about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about ProtonMail's mission.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

17 comments on “Correcting misconceptions about the White House’s use of encryption and ProtonMail

  • Great post! It won’t stop the conspiracy nuts but it certainly states your position and I think that important to address.
    A user that’s happy with your product.

    Reply
  • While we may not always agree with all of our users, we are committed to keeping ProtonMail accessible to all who use it in a lawful manner.

    … but he’s not sure the White House is using it legally.

    Reply
    • It’s not for him to decide if they are using it legally or not. That is for law enforcement and the legal system to address.

      Reply
  • Excellent post! I use the protonmail now more than Gmail or any other mail services.
    I just hope you don’t sell-up as soon as you get offered big money from the bigger players.

    Reply
  • When you are the Administration of the United States of America and the LAW REQUIRES you to PRESERVE ALL COMMUNICATIONS…
    Yea, it is different.

    Ordinary citizens aren’t held to the highest standards by LAW… THE ADMINISTRATION OF THE UNITED STATES OF AMERICA IS.

    So, que bono? I mean, LAWS MATTER… And your excuse of the apparent ABUSE OF THE RULE OF LAW IN AMERICA is striking.

    Again, WHAT DOES PROTONMAIL HAVE TO GAIN DEFENDING THE ILLEGAL USE OF THEIR SOFTWARE?

    Reply
    • We are not defending anyone. We cannot know what our users do with their private accounts as we do not have access to their data. But given that ProtonMail is one of the most secure email services in the world, it is not altogether surprising that governments chose to use ProtonMail. However, we do know that we are also the go to email for journalists, dissidents, activists, doctors, lawyers, and millions of others around the world. In a functioning democracy, you can’t only protect the privacy rights of those you agree with. We must also defend the rights of those we disagree with.

      Reply
    • ProtonMail can’t act as law enforcement or any branch of the legal system. It would go against their principles to dictate who can and cannot have an account simply because someone in administration MIGHT decide to use their personal ProtonMail account instead of their official one for official business.

      Further, they don’t have access to user emails, so they would be unable to determine if a user is using the service inappropriately anyway.

      Stop blaming ProtonMail for the potential nefarious intents of users. Instead your attentions and energy are best spent demanding that the law step in to investigate.

      Reply
  • “The world is my country, all mankind my brethren and to do good is my religion.” Thomas Paine

    Love my privacy and love PROTONMAIL

    Reply
  • If there is nothing to hide, then ProtonMail will happily turn over all the emails to the special investigations team.
    Unless, of course, ProtonMail is happy to help criminals collude with foreign interests, like Russia, and overthrow governments.

    Reply
    • All emails are stored encrypted on our servers and we do not have the means to decrypt them. Regarding turning data over, ProtonMail is incorporated in Switzerland, meaning that any data reziding on our servers is regulated under Swiss privacy laws. As a result, we are only permitted to work with Swiss law enforcement on criminal investigations, and only after a court order is approved by a Swiss court. All requests therefore must first go through the Swiss judiciary, even if they originate from overseas.

      Reply
      • I would assume that the record retention is still being done, until it is proven that it is not.
        The current administration is attempting to prevent unauthorized surveillance and leaks, which have been definitively used against them during the campaign and since by individuals and agencies both inside and outside the government. There is a reason we now have an ‘unmasking’ scandal, a Hillary email scandal and why google met with the former President so often. Interference by Russia in our internal affairs is much more likely to be in the field of (successfully) turning Americans against each other with divisive hot-button issues that distract us from defending our liberties, our way of life and our citizens.

        Reply
    • ProtonMail cannot turn over data that they don’t have access to. The privacy safeguards that ProtonMail was developed with are the same for civilians and any other person who decides to use the service. Further, they are based in Switzerland so they are subject to Swiss laws, and not American laws.

      As an American who distrusts the current administration, I am flabbergasted by the inflammatory and nonsensical comments from people who are just as concerned about collusion as I am. Certainly we all know these things about ProtonMail already? Assuming these truths are why we use the service in the first place.

      These truths don’t change just because government officials we distrust are using the same services we privacy-conscious persons are.

      Reply
  • well using 2FA on protonmail. is a pain.
    i would use it if it could remember my device. like most 2FAs can.
    but having to get the code every time no thanks.. as i see it you make the security too deficult. to be practical.

    Reply
  • Thank you for your efforts. My son is an electrical engineer and has been telling me for years to get a new email because I do not put anything of substance on the net because it is not safe. I am American and cannot tell how much it costs to upgrade the account to a plus account. Please help.

    Reply
    • Hello! You can see all the prices here: https://protonmail.com/pricing

      To upgrade to a ProtonMail Plus it will cost you $5/month or $48/year. Simply navigate to your Account -> Settings -> Dashboard -> Click: Upgrade to Plus below the Plus column, and then choose your preferred payment method.

      Reply
  • Always a pleasure to encounter a person who understands the topic and tells it straight.
    My admiration and thanks to Andy Yen.

    Reply