Is ProtonMail's legal jurisdiction really Switzerland?

Discussion in 'ProtonMail' started by popowich, Aug 24, 2015.

  1. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    If @ProtonMail is incorporated in California, even though there may be other international incorporated pieces of the company, and that's where at least some of the employees are located, why do they think the server location of Switzerland matters?

    ProtonMail Jurisdiction.jpg

    To me the ProtonMail situation is different from some of their competitors, such as @Tutanota, where all of their employees and servers are located together in Germany.

    If the FBI shows up in California with a subpoena or some other legitimate order to do something, what happens next?

    The following is a quote from a lawyer that has not spent a lot of time researching ProntonMail's specific situation. I intend for the quote to be used to help get the discussion going and generate additional questions.

     


    Last edited: Aug 24, 2015
  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    Apparently a company in California has the same name as ProtonMail.

    The image in the above post is not the ProtonMail service with servers in Switzerland.

    This is the detail for their company - Registre du Commerce du Canton de Genève

    ProtonMail Corporation Comment.jpg

    That takes the issue of an incorporation within the U.S. off the table as far as I can tell, but still leaves me with the questions about at least one office and employees within the United States.
     

    Last edited: Aug 27, 2015
  3. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    I'm curious, if/when ProtonMail receives an order about an account, will they fight it, turn over encrypted data, build in an interception mechanism on a per account basis, something else?

    The following is additional comment from a lawyer and not my own:

    Now that we know the country is Switzerland, I can tell you that this is an extremely complicated answer and would take many hours of research to give you an answer that was somewhat confident. The reason that this is so complicated is because the US can subpoena evidence (records and data) from Swiss companies and businesses. Here is a good article on Swiss data storage. It says right in the article that data in Switzerland is still subpoenable - Practical Law

    “They constantly claim that's some sort of magic shield for user privacy.” - They are likely referring the Swiss Laws on Data Protection and Ordinance. The primary laws and regulations governing data protection in Switzerland are the Swiss Federal Data Protection Act (DPA), the Swiss Federal Data Protection Ordinance (DPO), the Swiss Federal Ordinance on Data Protection Certification (DPCO) and Guidelines of the Federal Data Protection and Information Commissioner on the minimum requirements for a data protection management system (DPMS-Guidelines). The latest revisions of the DPA and the DPO as well as the DPCO entered into force on January 1, 2008. The DPMS-Guidelines entered into force on September 1, 2008.

    However, I do not know whether the data is subpoenable. The US and Switzerland have a Mutual Legal Assistance Treaty (MLATs) for Mutual Assistance in Criminal Matters, but whether that will cover the current situation at hand, I do not know.

    For example, Switzerland has some very restrictive non-disclosure laws when it comes to banking. So much so, that if you comply with the subpoena, you are violating Swiss Law and can be arrested for giving the US the information. It is a very Catch-22 situation. I do not know if the Swiss laws applies to non banking data. However, the US has had various success in obtaining records from the Swiss government when it comes to criminal activity in banking. There are no longer the “it is in a Swiss bank account” safety like back in the 70’s. That was when many mobs were hiding their illegal gains from the US government. Eventually, the Swiss government subpoenaed the records and turned them over to the US.

    Remember, just because the Swiss laws (magic shield) exists, that does not necessarily mean that the data cannot be obtained through one of the US/Swiss treaties.

    “If the FBI knocks on the door in San Francisco and wants access to an account (even if it's an encrypted thing and not easily readable, assuming it really is secure), a backdoor, whatever, with the proper subpoena, what happens next?” – Data that is not located in the US will need to have a subpoena served in compliance with the MLAT Treaty. I do not know what the requirements are for the MLAT with Switzerland are.

    In summation, if you have data that is either illegal (like child porn) or the data is evidence of criminal activity, there is no guarantee that the US government will not be able to get the data from Switzerland. If it does not have to do with a criminal activity, and you just have Intellectual Property stored on Swiss servers, than it is much more unlikely the US government would have any “legal” recourse to obtain the data. The North Korean’s had the ability to get to SONY’s data, not legally, but they were still able to get the data. If you believe that the US government always operates within the law, then so be it.

    Some additional resources are:

    Practical Law

    dataprotection.ch - Walder Wyss Ltd.

    US and Switzerland do have a Mutual Legal Assistance Treaty (MLATs)

    Treaties and Agreements

    http://www.rhf.admin.ch/etc/medialib/data/rhf/recht.Par.0010.File.tmp/sr0-351-933-6-e.pdf

    History of evidence relations with Switzerland:

    http://digitalcommons.wcl.american.edu/cgi/viewcontent.cgi?article=1636&context=auilr

    The Swiss-American Chamber of Commerce plays a vital and active role in assisting Swiss companies in the United States and U.S. companies in Switzerland to expand their business. The Swiss-American Chamber of Commerce is a not-for-profit organization.

    Business in Switzerland|AmCham Switzerland

    Bloomberg BNA (Bureau of National Affairs), is a leading source of legal, tax, regulatory, and business information for professionals and produces a World Data Protection Report

    World Data Protection Report | Bloomberg BNA

    BNA Search | Bloomberg BNA

    http://www.haynesboone.com/~/media/files/attorney publications/world data protection report u s district court treats french blocking statute differently grosdidier 42415.ashx


    https://www.amcham.ch/publications/downloads/2009/obtaining_evidence_in_switzerland.pdf

    Obtaining Evidence in Switzerland - The Dilemma and the Stumbling Blocks of Art. 271 and Art. 273 Swiss Penal Code

    The Association of Certified Financial Crime Specialists (ACFCS)

    ACFCS | MLATs are powerful weapons in financial crime combat, even for private sector
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...
Similar Threads - ProtonMail's legal jurisdiction
  1. cangrejero
    Replies:
    2
    Views:
    2,905