Proton, the Geneva-based encrypted email provider founded 11 years ago by three scientist who met at CERN, will freeze its investments in Switzerland, its chief executive Andy Yen told Le Temps on Wed
Legal requests, which they were legally obligated to comply with. Every single country in the world will have some avenue to require data to be released to authorities.
That’s why strong privacy at every layer is so important. E2EE, for instance, means Proton cannot turn over any data that was transferred to and from customers. Private payments mean the company can’t turn over data on who is paying for accounts. DoH means the company can’t turn over data on what sites customers visited. Etc…
you mean, move after getting the request? that won’t rid them of the obligation to serve the request, laws can be enforced internationally. and if they were to move to a small island or something, a big question if they have any capable servers and network bandwidth, and whether that small country try to extort the company to their benefit that just moved there
I’m not inherently trying to defend Proton here, but the question to ask here is – did they have a choice? I’m asking seriously, and not rhetorically. Did they willingly hand over the data, or were they legally required to, by Swiss law?
Which is what they’re doing, but the bigger point is that you can’t say you’re going to move while all of this (subpoenas, etc) are happening. Before, sure. After, sure. During? Nope.
Switzerland has strong privacy laws, but there are still situations where they legally have to comply. Of course, Proton also collects very little data and keeps things end to end encrypted, so even if they have to provide data, it’s not much.
iirc proton has complied with requests to identify users before too.
Legal requests, which they were legally obligated to comply with. Every single country in the world will have some avenue to require data to be released to authorities.
That’s why strong privacy at every layer is so important. E2EE, for instance, means Proton cannot turn over any data that was transferred to and from customers. Private payments mean the company can’t turn over data on who is paying for accounts. DoH means the company can’t turn over data on what sites customers visited. Etc…
do you think any company in any country can refuse to do that?
no, i think they can move
you mean, move after getting the request? that won’t rid them of the obligation to serve the request, laws can be enforced internationally. and if they were to move to a small island or something, a big question if they have any capable servers and network bandwidth, and whether that small country try to extort the company to their benefit that just moved there
Move where?
I’m not inherently trying to defend Proton here, but the question to ask here is – did they have a choice? I’m asking seriously, and not rhetorically. Did they willingly hand over the data, or were they legally required to, by Swiss law?
they can always move
Two points here…
Which is what they’re doing, but the bigger point is that you can’t say you’re going to move while all of this (subpoenas, etc) are happening. Before, sure. After, sure. During? Nope.
Switzerland has strong privacy laws, but there are still situations where they legally have to comply. Of course, Proton also collects very little data and keeps things end to end encrypted, so even if they have to provide data, it’s not much.