How do you deal with unfriendly governments like the one in Turkey, which banned ProtonMail earlier this year?
The answer is gonna be a bit surprising, is actually through negotiation. We’re not gonna be empowered to change governments. We’re not gonna be conducting regime change or anything like that. You can’t fight that battle. That’s not something that you can actually do. The way you fight that battle against governments is actually through education. And this is about educating governments, policy makers, law enforcement to understand what actually is ProtonMail. It’s not a safe haven for criminals to hide. Obviously not, because we’re going after them ourselves and getting them arrested. It is a tool for security, and this is an argument that actually more and more governments are receptive to. Because they realize that cyber attacks and cyber crime is on the rise. And while ProtonMail does provide very good privacy, what it’s actually providing is exceptional security because end-to-end encryption means that we can be breached ourselves and not release user emails.
If you talk to governments about data leaks, email breaches, and other things that are going on, we find that that message is better and better received now. When we talk to law enforcements, it’s no longer a question of, “Oh, we want to shut down ProtonMail.” It’s more that they understand where we’re coming from because they’re fighting the same cyber crimes and the same data breaches that we’re defending against. Attitudes have really changed, but a lot of that is just due to increasing efforts on educating government and law enforcement to let them understand that, actually, we’re not making your job more difficult. In fact, we’re making your job easier by preventing a lot of these data breaches from happening in the first place.
How does ProtonMail go after criminal who uses its service?
We adhere always to law. Unless you’re based, let’s say, 50 kilometers off-shore in the ocean somewhere, you must adhere to the laws. And we adhere to Swiss law. Swiss law was chosen because it has strong protection for privacy, and there’s a deep tradition of privacy and security here in Switzerland, and this extends to government and law enforcement, also. But when we have a criminal case, usually the Swiss police will come to us and say, “We have a case maybe in the US, and these are the facts.” And from that, it gets passed to actually a Swiss prosecutor and also a judge, who will review the case and decide whether or not this is a legitimate case. If it’s, for example, the Russian government going after dissidents, the Swiss court’s not gonna approve that. But if it’s a real criminal case, it will be approved. And then this request is then passed to us.
When we do get a request from law enforcement, in fact, we do comply to the full extent that is possible, given the encryption. So we have no way to, for example, decrypt a message and give them the contents. But other information that we might have, for example, when the user last logged in, is the account still active, and these other details, we do provide to police. Because at the end of the day, we all have the same goal as them, which is to make sure that criminals don’t use ProtonMail.