Privacy-focused Proton Mail handed protester data to police

Proton Mail is known for being the email service if you want secure and private communication. But it turns out that even Proton Mail's vaunted abilities have limits.

Investigators at the FBI were able to find one of the leaders of an Atlanta protest movement because of information passed to them by Swiss authorities from Proton Mail, according to 404 Media.

Proton Mail still has to adhere to Swiss law

Defend the Atlanta Forest (DTAF), also known as "Stop Cop City", is a protest movement based in Atlanta which opposes the Atlanta Public Safety Training Center. The movement has been accused of arson, vandalism and doxing, which members of the FBI were investigating. As part of their investigation, they wanted to know who was behind the "defendtheatlantaforest@protonmail.com" email address that is listed as the primary email address on the official DTAF Facebook page.

Thanks to Proton Mail, they were able to get that information, though it's fair to note that this was a somewhat convoluted process. In order to get the information, the FBI used a Mutual Legal Assistance Treaty, or MLAT, to ask the Swiss justice department to request the information from Proton Mail. As Proton is based in Switzerland, it had to give the requested information to the Swiss authorities, who then passed it on to the FBI.

"We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT," said Proton AG's head of communications, Edward Shone. "Proton only provides the limited information that we have when issued with a legally binding order from Swiss authorities, which can only happen after all Swiss legal checks are passed. This is an important distinction because Proton operates exclusively under Swiss law."

Because the Proton Mail account was paid for by credit card, Proton AG was able to provide the payment identifier, which could then be used to find the card's holder, leading to an arrest for alleged trespassing. However, 404 Media does not name the person in question as they do not seem to have been charged since.

It's a sad and cautionary tale for those who want to keep their data private on the internet. In this particular case, the information could be provided due to it meeting Swiss legal standards, but ultimately, it's the choice to use a credit card that created the issue. As Proton's statement mentions, it also accepts payment by cryptocurrency and cash, which could be better ways to keep your information private if you absolutely need to.