If @ProtonMail is incorporated in California, even though there may be other international incorporated pieces of the company, and that's where at least some of the employees are located, why do they think the server location of Switzerland matters?
To me the ProtonMail situation is different from some of their competitors, such as @Tutanota, where all of their employees and servers are located together in Germany.
If the FBI shows up in California with a subpoena or some other legitimate order to do something, what happens next?
The following is a quote from a lawyer that has not spent a lot of time researching ProntonMail's specific situation. I intend for the quote to be used to help get the discussion going and generate additional questions.
To me the ProtonMail situation is different from some of their competitors, such as @Tutanota, where all of their employees and servers are located together in Germany.
If the FBI shows up in California with a subpoena or some other legitimate order to do something, what happens next?
The following is a quote from a lawyer that has not spent a lot of time researching ProntonMail's specific situation. I intend for the quote to be used to help get the discussion going and generate additional questions.
This is an ambiguous question, it depends upon many different factors and what they mean by “being safe”. For example, it depends upon the country. Can the US go into another country and seize something – NO. Can they cooperate with the other government and have them seize it – YES. The US has mutual cooperation agreements with many countries for criminal behavior.
As for the data “being safe”. I don’t know what that means? Are they just worried about “loosing” the data or having the data used against them? Can the data be read by the US – Maybe? Is anything “safe” on the internet when SONY in the US can be hacked by North Korea on the other side of the world. If all the data is “off shore” then how does the company utilize it? This is a rhetorical question. They access it over the internet or some other dedicated connection. The data is obviously located in CA when they are reading it, because their machine is located in CA. In other words, the US government may not have to get to the server, there may be cached copies locally on hard drives or other devices.
Think about all the off shore gambling sites, child porn sites, and criminal sites (like silk roak) that the US is currently shutting down and prosecuting people under. For a quick overview of how the government is able to prosecute these types of cases:
Silk Road 'darknet' boss found guilty of running massive drug website
I realize this answer has not been very helpful, but I would need to understand what they are trying to protect and who they are trying to protect it from. Additionally, it may not matter whether the company is a US company. If they are a foreign entity, but are doing business in the US, the US government would have jurisdiction under long arm statutes.
Last edited: