I've lost count of the number of times I've been told that software such as ProtonMail, or Signal, or Telegram, are protected from "snooping", and that anything posted there is private and won't be revealed to anyone, even law enforcement.
On May 10, Stephan Walder, a public prosecutor and head of the Cybercrime Competence Center in Switzerland’s Canton of Zurich, had a presentation on cybercrime at an event. Martin Steiger, a Swiss lawyer who had been live-tweeting from the event, claims Walder incidentally mentioned ProtonMail as a service provider that voluntarily offers assistance to law enforcement for real-time surveillance, without requiring an order from a federal court.
Steiger has published a blog post on ProtonMail’s alleged practices — the blog post is available in both German and English — and summarized the obligations of such service providers for cooperating with authorities under Swiss laws.
While ProtonMail provides end-to-end encryption, which prevents the company from reading the actual content of emails, it does have access to metadata. Citing the U.S. National Security Agency (NSA), Steiger pointed out that metadata can be highly valuable to law enforcement and intelligence agencies.
Steiger has highlighted that while ProtonMail uses the fact that it’s based in Switzerland as a marketing advantage, citing strict Swiss privacy laws, the company is actually subject to local surveillance laws, and while it’s not subject to more extensive surveillance obligations, it does voluntarily help law enforcement surveillance operations, based on what Walder allegedly said.
Steiger has pointed to ProtonMail’s transparency report, where the company mentions one case where it conducted real-time surveillance of a user at the request of authorities.
“Every user of ProtonMail (or ProtonVPN) must decide for himself whether the email service is trustworthy,” Steiger said. “The difference between advertising and reality at least speaks against too much trust for ProtonMail.”
There's more at the link.
ProtonMail has (of course) denied the allegations. (What else would one expect?) However, I believe them. I don't think the Swiss authorities would allow ProtonMail to continue operating unless it cooperated with their security needs and concerns. I don't think any national government would do so. They're too paranoid, too obsessed with being able to gain access to whatever information they decide they need - and to hell with individual privacy, legislated or otherwise. While ProtonMail may claim that they have no access to the contents of our e-mails, I'm willing to bet a large sum of money that more than one government has figured out back-door ways to examine those contents anytime they wish. That's the way they operate.
The same goes double for US government security agencies, of course. They're not just paranoid, they're manic. As Sundance has pointed out several times, the "national security state" (what he calls the Fourth Branch of Government) is the true "Deep State", and they won't tolerate anything that impedes their snooping.
Former Obama era intelligence officials, those who helped construct, organize and assemble the public-private partnership between intelligence data networks and supported social media companies, have written a letter to congress warning that any effort to break up Big Tech (Twitter, Facebook, Instagram, Google, Microsoft, etc.) would be catastrophic for the national security system they have created.
Citing the information control mechanisms they assembled, vis-a-vis the ability of social media networks to control and approve what is available for the public to read and review, the intelligence officials declare that any effort to break up the private side of the intel/tech partnership will only result in less ability of the intelligence apparatus to control public opinion.
They willfully admit that open and uncensored information is adverse to the interests of the intelligence state and therefore too dangerous to permit. They specifically argue, if the modern system created by the partnership between the U.S. government and Big Tech is not retained, the national security of the United States is compromised.
. . .
Twitter, Facebook, Instagram, YouTube and even Google itself, are financially and operationally dependent on the scale of the data processing system that is run by the U.S. government. The capacity of each of the big social media companies to exist, operate and be financially viable, is dependent on the backbone of interconnected data networking, and massive data processing.
The scale of simultaneous user data-processing is not financially viable without the U.S government subsidizing it. That’s the free coffee that cannot be duplicated in the private sector by any competing social media company. That’s the cost and scale system behind the partnership that permits Big Tech to operate. Ultimately, this is what the intelligence apparatus needs to keep hidden from the American (and global) public.
. . .
Essentially, the U.S. government is in control of our social media networking.
Again, more at the link.
There is no privacy on the Internet. Period. That's the way it is. Big Brother is watching us, and won't permit or tolerate any attempt by anybody to get around that. If you don't believe that, try encoding or encrypting the text in a normal e-mail sent via any service you wish, and see whether it gets through or not. I've heard more than a few reports, from people who've tried it, that the recipients didn't receive it, or it arrived "garbled" and unreadable, or that a critical attachment was missing. Same goes for images you send. Steganography is well-known, and there are filters that specifically examine images to see whether anything about them suggests that it's being used. If those filters are tripped, you can bet your bottom dollar that your image will be copied and sent to people and agencies with no sense of humor at all, and you'll come under some pretty intensive scrutiny.
Every single electron or pixel that goes from our computers to others, or arrives on our computers, has been and is being scanned multiple times as it passes through various intermediate servers. We have no electronic privacy whatsoever, whether we like it or not. If you want to keep something private, talk about it or communicate through non-electronic media: and even then, unless your communication is hand-carried from source to destination, don't assume it'll remain private. Why else do you think the US Postal Service copies the address of every single item of post it handles, and keeps that information on hand? There's no good operational reason to do so, except to snoop on what people are sending to whom.
Our government and its security services operate in a permanent persecution complex fueled by distrust and paranoia. Any attempt to avoid or evade their scrutiny is, from their perspective, anomalous and therefore suspicious conduct. That's the bottom line. The only solution I can see comes, again, from Sundance:
The United States federal police force, the FBI, is politically weaponized against American citizens.
The United States intelligence community is politically weaponized against American citizens.
The United States justice department, the DOJ, is politically weaponized against American citizens.
We need to take down the four pillars that support the Fourth Branch of Government. The Office of the Director of National Intelligence (DNI), the Dept of Homeland Security (DHS), the Dept of Justice National Security Division (DOJ-NSD), and the Foreign Intelligence Surveillance Court (FISC), all need to be dissolved.
After those four pillars are removed, the Patriot Act needs to be abolished and the FBI placed under the jurisdiction of the U.S. Marshals service.