wordpress blog stats
Connect with us

Hi, what are you looking for?

ProtonMail caves and leads authorities to wanted climate activists in France

Social media users criticised the email service that has been widely advertised as private and secure.

By Aihik Sur and Aroon Deep

Switzerland-based ProtonMail, which claims to be the world’s largest secure email service, complied with a legal request from Europol through Swiss authorities to provide information about activists in France which led to their arrests. This was confirmed by ProtonMail’s founder Andy Yen. The development has sparked off a debate on social media platforms with many ProtonMail users criticising the email service provider for divulging the very details that it claims to safeguard against authorities.

Background: The activists who were arrested were involved with the green movement launched by activist Greta Thunberg and Youth For Climate, involving 130 local groups in France. The NGO has been organising, what it calls, environmental strikes. Recently, it has been protesting against evictions in Maison du Peuple in Nantes, where homeless and those in exile regularly take refuge, a press release by Youth For Climate said.

According to Secours Rouge, a charity founded in France in 1920, the recent arrests revolve around anti-establishment protests held in 2020 and this year.

“During the investigation, the police focused on the collective “Youth For Climate”. In particular, they were able to use photos published on Instagram, even if they were blurred because of the clothes. The police also noticed that the collective communicated via a protonmail email address. They therefore sent a requisition (via EUROPOL) to the Swiss company managing the messaging system in order to find out the identity of the creator of the address. Protonmail responded to this request by providing the IP address and the fingerprint of the browser used by the collective — Secours Rouge said in a post translated to English.

ProtonMail, like the encrypted messaging service Signal, is one of the few Internet services which advertises absolute privacy from both hackers and government agencies. However, in this case, ProtonMail caved to the authorities’ demands which led to the arrests of the activists.

Advertisement. Scroll to continue reading.

What does the police request say?

Onestla.tech shared a copy of the alleged police request made to ProtonMail. MediaNama has not been able to independently verify the contents of the request. We have reached out to ProtonMail for a response in regards to the issue, and this report will be updated when we receive a response.

We translated a copy of the request made by the Officier De Police Judiciaire and this is what it says —

  • French Police had given a request of requisition to Proton Mail. They received a reply on January 26, 2021, asking them to channel their request through Interpol or Europol.
  • The request was then sent to the Paris Police Prefecture tasked with international cooperation who then forwarded the request to Europol
  • Europol then “informed us that the email address was created (redacted). The IP address associated with the account is as follows (redacted)”
  • “The medium of access was a [redacted] device tied to the following number: [redacted]. This is the only data sent by Protonmail Technologies due to its privacy policy,” the note added.

Will continue to challenge unjustified government requests: ProtonMail founder

The police request and ProtonMail’s subsequent compliance in this regard drew a lot of criticism from Internet users.

Advertisement. Scroll to continue reading.

Responding to such criticisms, and thus confirming the allegations made, Andy Yen, the founder and CEO of Proton Mail said that it had to comply with Swiss criminal investigations and that it was legally forced to do so.

“In this particular case, the suspect unfortunately did break Swiss law, and there was simply no possibility to fight the decision made by the Swiss Federal Department of Justice,” Yen said while justifying the information disclosure. He also added that since the order came from the Swiss Federal Department of Justice, there was no scope of making an appeal.

However, Yen refuted criticisms that ProtonMail “was not fighting for users” and said, “Protecting the privacy of all users is important to us – we’re also activists at heart. To those that say we don’t fight for, it simply is not true. In 2020 alone, we fought over 700 cases.”

IT Rules mandate compliance to govt requests in India

India’s Information Technology (Intermediary Guidelines and Digital Ethics Code) Rules 2021, mandates social media intermediaries to:

  • Identify originator of a message: Social media companies with more than 5 million registered users in India to enable traceability of message originators on their platforms.
  • Proactively identify and take down content: This includes content moderation (through automated mechanisms) of posts that are defamatory, obscene, pornographic, paedophilic, invasive of privacy, insulting or harassing on gender, and other types.
  • Publish periodic compliance reports: These reports should be published every month and have details of complaints received, action taken, and “other relevant information”.
  • Disable content within 36 hours of government order: The Rules also ask intermediaries to provide information for verification of identity or assist any government agency for crime prevention and investigations no later than 72 hours of receiving a lawful order. They also have to preserve records of disabled content for 180 days, and so on.

It is important to note that when it comes to identifying the first originator of a message, which in parts is similar to what ProtonMail did for the European authorities, end-to-end encryption messaging platform WhatsApp has taken the Indian government to the court challenging the IT Rules. Signal, another end-t0-end encryption messaging platform, has not yet complied with the IT Rules.

Also read

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...


There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data


Existing consumer protection regulations are not sufficient to cover the extent of protection that a crypto-investor would require.


The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ