ProtonMail Accused of Spying on Users and Assisting Law Enforcement

In mid-May, Stephan Walder, head of the Swiss Cybercrime Center and a prosecutor, gave a presentation at a security conference. Swiss attorney Martin Steiger live-tweeted the event. According to Steiger’s tweets, Walder directly stated that ProtonMail voluntarily assists authorities and monitors its users in near real-time, allegedly without requiring a federal court order.

Following the event, Steiger published a detailed blog post explaining how IT companies are expected to cooperate with authorities under Swiss law. While ProtonMail is an encrypted email service and the company cannot access the actual content of users’ emails, the developers do have access to metadata. Steiger, referencing practices of the U.S. National Security Agency, noted that metadata can also be extremely valuable to law enforcement and intelligence agencies.

Steiger emphasized that ProtonMail is based in Switzerland and uses this as a marketing advantage, citing strict Swiss privacy laws. However, in reality, the service is subject to local laws, and according to Walder, allegedly even voluntarily assists law enforcement.

After Steiger’s publication gained attention from the community and media, Walder contacted the attorney and claimed he was misquoted regarding ProtonMail. However, Steiger insists that he did not make a mistake.

The growing controversy prompted ProtonMail representatives to issue an official response. The company maintains that it complies with Swiss law, but not in violation of its own service rules. Moreover, information is only provided to law enforcement as part of criminal investigations and exclusively with a court order. The company also stressed that it does not engage in any form of proactive surveillance of its users. “The claim that we do this voluntarily is completely false,” the ProtonMail administration stated.

Martin Steiger remains confident in his position and believes that the company has not answered some of the questions he raised in his article. Furthermore, Steiger reports that ProtonMail representatives have threatened him with a defamation lawsuit.