Home ProtonMail under fire for ‘sharing user data’ with Spanish police

ProtonMail under fire for ‘sharing user data’ with Spanish police

TL:DR

  • ProtonMail, known for its privacy features, allegedly handed over user details to authorities.
  • Requests were made under anti-terrorism laws.
  • ProtonMail stated that it complies with legal requests governed by Swiss law but does not comment on specific cases.

Encrypted email company ProtonMail has faced criticism again after handing over user details to the authorities. The Swiss firm markets itself based on its privacy features, allowing users to “take control” of their personal data.

According to Proton, its “end-to-end encryption and zero-access encryption ensure only you can see your emails,” and “not even Proton can view the content of your emails and attachments.” However, news service VilaWeb reports that the mailing service allegedly handed over an account’s recovery email address information to Spanish police concerning a suspect believed to be supporting the Catalan independence organization, Democratic Tsunami.

Apple was then allegedly able to provide information about the suspect’s recovery email address, name, home address, and phone number. Under national security claims, ProtonMail handed over the details of an account belonging to an individual using the pseudonym ‘Xuxo Rondinaire.’

This individual is suspected of being a member of Catalonia’s police force, also known as Mossos d’Esquadra, and allegedly used their insider knowledge to support the Democratic Tsunami movement.

The requests were made under anti-terrorism laws, though the primary activities of the Democratic Tsunami were protests and roadblocks, raising concerns about the proportionality and justification of such measures.

Social media users criticized the move, stating that it essentially renders encrypted messages pointless as one security expert said, “whatever we know about you that isn’t encrypted end-to-end is fair game.”

In 2021, ProtonMail came under scrutiny for complying with a legal request that resulted in the arrest of a French climate activist. Under Swiss law, ProtonMail was obligated to provide the individual’s IP address to Swiss authorities, who subsequently shared it with French police. ProtonMail’s compliance with these requests is governed by Swiss law, which requires cooperation with international legal demands when properly channeled through the Swiss court system.

Why did Proton Mail reportedly provide user data?

Speaking to the advocacy group Restore Privacy, the messaging company said: “We are aware of the Spanish terrorism case involving alleged threats to the King of Spain, but as a general rule we do not comment on specific cases.”

A spokesperson stated that the Proton had “minimal user information,” pointing out that data about the suspect was obtained from Apple. They added: “Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper OpSec, such as not adding your Apple account as an optional recovery method.

“Note, Proton does not require adding a recovery address as this information can in theory be turned over under Swiss court order, as terrorism is against the law in Switzerland.”

On its website, it states: “Under Swiss law, we’re required to cooperate with law enforcement agencies on criminal investigations within the framework of Swiss laws and privacy regulations.”

ReadWrite has reached out to Proton for comment.

Featured image: Canva / Proton

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Suswati Basu
Tech journalist

Suswati Basu is a multilingual, award-winning editor and the founder of the intersectional literature channel, How To Be Books. She was shortlisted for the Guardian Mary Stott Prize and longlisted for the Guardian International Development Journalism Award. With 18 years of experience in the media industry, Suswati has held significant roles such as head of audience and deputy editor for NationalWorld news, digital editor for Channel 4 News and ITV News. She has also contributed to the Guardian and received training at the BBC As an audience, trends, and SEO specialist, she has participated in panel events alongside Google. Her…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.