It feels like Proton are being intentionally misleading in their statements.
-
@malwaretech The thing that gets me is - is the company being requested by the MLAT allowed to challenge their local government on the legality of the request?
Like how Apple famously refused to make a program to automatically decrypt their iPhones to federal, state, or municipal authorities to be able to decrypt a terrorist's phone, and as I recall, that actually went to court on that?
Could Proton not do the same with the request made of them?
@AT1ST @malwaretech does Proton have Apple money?
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
Not sure that Proton’s 100% true statement - that they only respond to requests from the Swiss authorities - is “intentionally misleading”. As you have outlined, it is literally the truth.
We’re all aware that international treaties exist. But, as you also outline, they are subject to domestic law. And that isn’t a given - breaking US tax law is unlikely to have any impact on Swiss authorities, who would likely deny requests for assistance before it ever reaches Proton.
I don’t like Proton much as a company - they do too many things, for one. I don’t use them (any more). But I don’t think your attempt to deliberately stir up FUD about them is warranted here.
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech I think they should be more upfront about what they're selling. They sell security. They don't really sell anonymity. People think Proton is "I create an account and everything I do is anonymous." It isn't, Proton never said it was, but people make assumptions.
But let's not pretend that any other similar service (Tuta, etc.) wouldn't do the same thing.
-
@malwaretech well you convinced me, time to give all my data to an Indonesian bulletproof hoster
@silhouette @malwaretech I hear there's a good one in the island of Kinakuta
-
Not sure that Proton’s 100% true statement - that they only respond to requests from the Swiss authorities - is “intentionally misleading”. As you have outlined, it is literally the truth.
We’re all aware that international treaties exist. But, as you also outline, they are subject to domestic law. And that isn’t a given - breaking US tax law is unlikely to have any impact on Swiss authorities, who would likely deny requests for assistance before it ever reaches Proton.
I don’t like Proton much as a company - they do too many things, for one. I don’t use them (any more). But I don’t think your attempt to deliberately stir up FUD about them is warranted here.
@malwaretech As for keeping your privacy…
Mullvad sells (tamper-proof) paper vouchers on Amazon.
I buy one with my credit card. Amazon ships it to me. They know I bought a Mullvad subscription, and my address and credit card. But they don’t know which Mullvad account it relates to.
Mullvad knows they shipped a bunch of paper vouchers to Amazon. They know this voucher came from there. But they don’t know who I am - they have none of my details other than the voucher information.
This seems a simple method of firewalling the purchase information from the service to which it relates. Given Proton’s size, and its professed security credentials, it’s curious why they don’t do similar.
-
Not sure that Proton’s 100% true statement - that they only respond to requests from the Swiss authorities - is “intentionally misleading”. As you have outlined, it is literally the truth.
We’re all aware that international treaties exist. But, as you also outline, they are subject to domestic law. And that isn’t a given - breaking US tax law is unlikely to have any impact on Swiss authorities, who would likely deny requests for assistance before it ever reaches Proton.
I don’t like Proton much as a company - they do too many things, for one. I don’t use them (any more). But I don’t think your attempt to deliberately stir up FUD about them is warranted here.
@james Each sentence of your comment is increasingly dumber than the last. "We’re all aware that international treaties exist" yeah, your average internet user definitely understands international legal assistance processes.
There's nothing "FUD" about my statement. It contains only facts which enable users to better inform their decisions.
"breaking US tax law is unlikely to have any impact on Swiss authorities" Is an extremely funny statement given it was the US who forced Switzerland to roll back some of it's bank secrecy laws so the US could go after tax evaders.
If you're gonna accuse me of spreading FUD, at least put in a modicum of effort.
-
@malwaretech The thing that gets me is - is the company being requested by the MLAT allowed to challenge their local government on the legality of the request?
Like how Apple famously refused to make a program to automatically decrypt their iPhones to federal, state, or municipal authorities to be able to decrypt a terrorist's phone, and as I recall, that actually went to court on that?
Could Proton not do the same with the request made of them?
@AT1ST No, Apple just outright refused and has enough money to tie most of the federal government lawyers up in court for the rest of their careers
-
@AT1ST @malwaretech does Proton have Apple money?
@can @malwaretech Do they *need* Apple money to challenge the Swedish legal system? Justice should not just be for the rich; the Swedish government should have a vested interest in their own companies being able to challenge an MLAT request so it is not just a "Did they cross their 'i's and dot their 't's?" system of justice.
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
Thing is that these requests must still comply with Swiss law and can be challenged in Swiss courts. Which IS more restrictive on these matters than US law.
-
@malwaretech The thing that gets me is - is the company being requested by the MLAT allowed to challenge their local government on the legality of the request?
Like how Apple famously refused to make a program to automatically decrypt their iPhones to federal, state, or municipal authorities to be able to decrypt a terrorist's phone, and as I recall, that actually went to court on that?
Could Proton not do the same with the request made of them?
Absolutely.
Also, no such things as gag orders are known (yet…) on this continent. -
R relay@relay.an.exchange shared this topic
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech that's not misleading it's actual thruth. Italia the Switz authoroties that are collaborating with the foreign authorities under the MLAT.
-
@can @malwaretech Do they *need* Apple money to challenge the Swedish legal system? Justice should not just be for the rich; the Swedish government should have a vested interest in their own companies being able to challenge an MLAT request so it is not just a "Did they cross their 'i's and dot their 't's?" system of justice.
@AT1ST Swiss. Not Swedish. Cuckoo clocks, not IKEA. *facepalm @can @malwaretech
-
@AT1ST No, Apple just outright refused and has enough money to tie most of the federal government lawyers up in court for the rest of their careers
@malwaretech So they're skirting the government request *entirely* on money and lack of compliance?
I am not saying that ProtonMail has to *win* their case, but it does feel like ProtonMail is just folding right out of the gate.
Like how it has been pointed out that a Filibuster where you have to keep debating an issue in the House or the Senate to block it became suddenly a "If you threaten to filibuster it, then I guess we don't bother testing that you *can* filibuster this law - it's just dead.".
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech I don't see how dragging Proton through the mud helps privacy overall.
The user paid for their email address with their credit card then posted it as a group contact on facebook.
On Facebook.
Going at Proton means they might lose business. Them losing business is not in the interests of smart US citizens who don't plaster their email address on a Meta platform after they pay for it with a credit card.
c'mon.
The user holds the majority of responsibility in this case, imho.
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
TODAY'S LESSON:
Paying for Proton's services actually makes it easier for the Feds to find you. -
@AT1ST Swiss. Not Swedish. Cuckoo clocks, not IKEA. *facepalm @can @malwaretech
@stefan_hessbrueggen @can @malwaretech Okay, that's a fair point.
My answer then goes to both the Swiss *and* the Swedish governments.
On the other hand, that makes the monetary issue seem less of a concern - aren't they infamous for having a *lot, of money?
-
@malwaretech Oh, you’re someone who responds to feedback by giving personal insults.
That’s a shame.
-
@silhouette @malwaretech
I wonder if ocean floor datacenters could take advantage of laws on international waters@kallisti @silhouette @malwaretech depends how much cement they're encased in, i'd wager
-
@malwaretech The MLAT request may originate from a country other than Switzerland, but it is still brought to Proton from the Swiss authorities in accordance to Swiss law, which makes it a legal request from Swiss authorities. Proton is not misleading in this.
@RandamuMaki @malwaretech I have similar thoughts. I don’t see how this is misleading.
Now if we found out the request was flawed and that Proton could/should have contested it but didn’t then by all means they should get big heapings of criticisms. But so far at least that doesn’t seem to be the case here.
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech
> It feels like Proton are being intentionally misleading in their statements [...] so are happy to spread half-truths.Yes, misleading sentence. I can not even ascribe this to ignorance, as MLATs are mentioned below it. It does not matter *who* is requesting the data on customer. Across whole EU targeted business deals with *local* law enforcement presenting the warrant. You do know no details. All you see is a valid warrant what data to hand over. No crime-story on it.
Then get back to the MLATs: in most there are "imminent threat" speed lanes, up to the point you have to act on law officer order, you can file a complaint later. Likely a case here.
> So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied.
This seems very intentionally worded to give the impression that the company can decide. It can not.
> misleading statements to make it sounds like they don't cooperate with law enforcement
I have not been mislead. Could be I have read their site before signig up.
> customers aren't familiar with how legal process actually works
PS. Any data of non-citizen kept on US soil is handed on a whim of US authorities. FISA warrant kicks-in only if a US citizen appears to the party.
