ProtonMail Is in the News for Complying With Law Enforcement

~5 min read | Published on 2021-09-08, tagged General-News using 1170 words.

ProtonMail’s cooperation with law enforcement resulted in the arrest of an activist in France.
ProtonMail, as a company in Switzerland, abides by Swiss laws, including court orders that result in arrest. This is, of course, not something ProtonMail keeps secret or obfuscates. The company appears relatively transparent about the way it handles requests from law enforcement agencies. The company states that it only complies with two types of court orders: orders from Swiss authorities and foreign requests validated by Swiss authorities.
In practice, as revealed in the company’s transparency report, the company seemingly complies with law enforcement requests without a court order in certain cases. One high-profile example is the case involving the fictitious “Black Death Group” and the Instagram model Chloe Ayling. ProtonMail provided police with information on the defendant before receiving a court order. Their stated rationale is “the fact that the first 48 hours are the most critical in kidnapping cases.”
Notably, though, ProtonMail regularly fights requests from law enforcement. In some cases, ProtonMail rejects requests from foreign law enforcement even after approval from a Swiss court. The company claimed it fought more than 700 requests in 2020.
This recent incident seems largely insignificant as it follows the company’s protocol for complying with law enforcement requests. Law enforcement agencies in France wanted the I.P. address of a French ProtonMail user. According to RT, the investigation targetted people illegally occupying flats and other properties in Paris (activism).
French police, with help from Europol, requested the I.P. address of a user of ProtonMail in France. A Swiss court approved the request and ordered ProtonMail to comply with the request. ProtonMail logged the I.P. address of the user and provided the I.P. address to law enforcement in France. French police arrested the suspect after receiving the information from ProtonMail.
ProtonMail rightfully encouraged users to access their accounts through Tor. They also pointed out that there is a limit to what kind of assistance they can provide to law enforcement. Encrypted content such as emails, attachments, and files remain encrypted and useless to law enforcement.
The company’s blog post (hyperlinks expanded to reveal destination by this author):
Important clarifications regarding arrest of climate activist

We would like to provide important clarifications regarding the case of the climate activist who was recently arrested by French police on criminal charges. We are also deeply concerned about this case and deplore that the legal tools for serious crimes are being used in this way. In the interest of transparency, we would like to provide additional context.

In this case, Proton received a legally binding order from Swiss authorities which we are obligated to comply with. There was no possibility to appeal this particular request.

As detailed in our transparency report (, our published threat model (, and also our privacy policy ( under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account.

We would like to provide the following clarifications:
Under no circumstances can our encryption be bypassed, meaning emails, attachments, calendars, files, etc. cannot be compromised by legal orders.*
ProtonMail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities.*
Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)*
Transparency with our user community is extremely important to us. Since 2015, we have published a transparency report publicizing how we handle Swiss law enforcement requests:*
Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding. More information can be found here*
Under current Swiss law, email and VPN are treated differently, and ProtonVPN cannot be compelled to log user data.*
Due to Proton’s strict privacy, we do not know the identity of our users, and at no point were we aware that the targeted users were climate activists. We only know that the order for data from the Swiss government came through channels typically reserved for serious crimes.*
There was no legal possibility to resist or fight this particular request.[/list]
What we are changing

We will be making updates to our website to better clarify ProtonMail’s obligations in cases of criminal prosecution and we apologize if this was not clear. As a Swiss company, we must follow Swiss laws. We will also clarify that the use of our onion site (details below) is highly recommended for users with heightened privacy needs. Finally, we will also be updating our privacy policy to make clearer our legal obligations under Swiss law.

What does this mean for activists using ProtonMail?

We understand your concerns and we stand with you – we are activists, too. There are a couple things we want to share.
Proton does fight for users

Unlike other providers, we do fight on behalf of our users. Few people know this (it’s in our transparency report), but we actually fought over 700 cases in 2020 alone. Whenever possible, we will fight requests, but it is not always possible.
Use Tor for anonymous access

There is a difference between security/privacy, and anonymity. As we wrote in our public threat model ( (published back in 2014), “The Internet is generally not anonymous, and if you are breaking Swiss law, a law-abiding company such as ProtonMail can be legally compelled to log your IP address.” This cannot be changed due to how the internet works. However, we understand this is concerning for individuals with certain threat models, which is why since 2017, we also provide an onion site ( for anonymous access (we are one of the only email providers that supports this).
There are worse laws than Swiss law

No matter what service you use, unless it is based 15 miles offshore in international waters, the company will have to comply with the law. The Swiss legal system, while not perfect, does provide a number of checks and balances, and it’s worth noting that even in this case, approval from 3 authorities in 2 countries was required, and that’s a fairly high bar which prevents most (but obviously not all) abuse of the system. Under Swiss law, it is also obligatory for the suspect to be notified that their data was requested, which is not the case in most countries. Finally, Switzerland generally will not assist prosecutions from countries without fair justice systems.

What should we do?

We need to help the youth activists, but ProtonMail cannot do that by breaking the law and ignoring court orders. We are on your side, and our shared fight is with the authorities and the unjust laws we have been campaigning against for years. The prosecution in this particular case was very aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used).

We will continue to campaign against such laws and abuses, and we will continue to challenge unjustified government requests whenever possible.

Comments (24)


try their onion it has required javascript forever

The Purpose of L2021-09-18

The purpose of life is to keep it real, but to thy own self be true


why require JS? surely people as intelligent as the ones operating proton know that it is a security risk. if they truly cared about privacy, they would make a non-JS option. Then theres that whole thing about requiring a phone number or a non-cryptocurrency payment.... hmmmm....


JS is required to do client-side encryption of emails sent to other Protonmail users. I agree it's sketchy to claim you are a private service and make it so hard to pay privately.


Main login page also does 3+ types of fingerprinting. Audio, canvas, and webgl + more.


lol its like wickr. people are really dumb

A slap2021-09-09

What’re u supposed to use if not Wickr ?


you can just use signal. better than wickr in every way


What do u mean it’s like Wickr? What’s wrong with Wickr? And if u can’t use these what can u use?


Wickr is a a CIA honeypot, c'mon people. Closed source encrypted chat application headquartered in the USA. Major contracts with US military. They can fuck right off


open source on github but hasn't been audited to confirm they are running the same source


So how do u u buy and sell shit mr big shot... bc this honey pot has been going on for 7 years with not one person going down via Wickr


As far as I'm aware only way people have gone down through wickr was because of google android backdoors, just install graphite os you fucktards source on github any real information is of course appreciated but dont throw bs like this in here to confuse niggas

AWSi somewherent2021-09-10

The fuck you talking about, simple people have VPN3 and leak their IPs across every frame, in every router, across the entire God damn world… and they don’t get caught like Corona. III

AWSi somewherent2021-09-10

The fuck you talking about, simple people have VPN3 and leak their IPs across every frame, in every router, across the entire God damn world… and they don’t get caught like Corona. III


the answer is not proton or wickr. try signal and tutanota


Signal is the best atm


Signal requires a phone number.


security depends in the weakest component or step. Fake security or anonymous services such as proton and tg often involve phone number or inaccessibility without IP in some cases


Sketchy af that proton or tuta dont take crypto for payments. how can you even claim privacy service and refuse to take crypto??? sessions messenger is good, signal code base, improvements, no damn phone #!!!!, and ip masking


Nobody listened to me. Drugbuyersguide is actively co operating with law enforcement and protonmail is the same. do not trust . And their Tor site runs javascript. Fc protonmail


Ya ya proton still works pretty good, just like those eBay shops dogg? The world is not what we sometimes expect it to be. Peace to those who seek it


Protonmail's 'tor site' fucking redirects to the clear web link and requires JS. people on the protonmail subreddit suck off the corp like their life depends on it, completely refusing to acknowledge how PM advertised anonymity and no logging ips and shit, and then removed it from their site when it turns out thats what theyve been doing the whole time. protonmail is full of shit


What should i use instead of protonmail and tutanota ?