If you’ve been out of the loop of the Facebook/privacy/Cambridge Analytica scandal that has ruled headlines over the past week, there’s a small yet incredibly important detail you may have missed.
Cambridge Analytica — the data analytics firm that came under fire this weekend for maliciously collecting information on 50 million Facebook users — reportedly used a self-destructing, encrypted email service called ProtonMail to cover its tracks, covering up correspondence between the company and third parties, according to a Channel 4 News investigation published Wednesday. The firm set emails to self-delete after two hours and urged clients to use the service as well, per footage captured of former CEO Alexander Nix talking to a journalist posing as a would-be client.
“I’d like you to set up a ProtonMail account, please,” Nix said, “because these are, now it’s getting quite sensitive.”
“We set our ProtonMail emails with a self-destruct timer,” he continued. “So you send them, and after they’ve been read, two hours later they disappear.”
It’s a particularly small note in an otherwise huge story, yet it has major implications.
But how exactly does ProtonMail work? What exactly does self-destructing email mean? Here are all your ProtonMail questions, answered.
So how does ProtonMail work?
Just like any normal email service. Go to their website, sign up for an account, and you’re in. Their free service has some restrictions, though. You only get 500 MB of storage and can only send 150 messages per day. If you upgrade to the Plus plan for (4.00 € or ~ $4.91 per month), you get 5 GB of storage, 1,000 sent messages per day, and a slew of other perks. (The site also offers “Visionary” and “Business” pricing options.)
Once you’re set up, you use it just like you would Gmail or Yahoo. Hit the compose tab in the top left corner, and you’ll see a screen like this.
The important part here is the hourglass icon in the bottom left corner of the new message menu. That’s where you can set the expiration time of the email, for whatever number of weeks, days, or hours you’d like. One thing to note is that the timer starts after the email is sent, not once it’s opened. And also, this only works for ProtonMail to ProtonMail messages. So if you’re sending messages to a Gmail account, they won’t be deleted.
There is a way, however, that you can send emails to non-ProtonMail users and still encrypt them. Just hit the lock icon to the right of the hourglass. It’ll ask you to create a password for the message. This password is what the recipient would enter in opening the message, and it should be communicated to the recipient outside of the email since, clearly, they won’t be able to open it sans password. Using that in combination with the timing/self-destruct feature will ensure that the content of the email won’t live on any external server (i.e. Google) and would be deleted once ProtonMail erases it.
All of this sounds a tad bit shady, no? Which brings us to the next question: How does ProtonMail get away with it? The answer is its email servers, which are based in Switzerland.
Say, what? ProtonMail has email servers in Switzerland?
Yes, it’s something the company touts loudly on its website. On its homepage, it says, “ProtonMail is incorporated in Switzerland and all our servers are located in Switzerland. This means all user data is protected by strict Swiss privacy laws.”
ProtonMail purports to be so secure that no one but you can access your email. They even make it explicit that ProtonMail couldn’t read your messages if it wanted to. The company says that since all of the data is stored outside the realm of “intrusive” U.S. laws, only encrypted messages could be handed over.
In its words:
Zero-access encryption means that even if a complaint is brought in a Swiss court that meet the high requirements for data disclosure, only encrypted emails could be handed over. As a Swiss company, ProtonMail cannot be forced to hand over data in cases of US or EU civil litigation. Thus, even if you don’t care about privacy, ProtonMail is still the ideal choice for businesses, journalists, activists, and individuals who are worried about the overreach of US government agencies or courts.
That’s a bold claim. Is it true?
Prior evidence says otherwise. As pointed out by WIRED in 2015, a federal judge forced Lavabit — once a secure email company that claimed an encryption so great administrators couldn’t read emails — to turn encryption keys over to the government in 2014. A similar outcome occurred all the way back in 2007, when Hushmail, which touted similar “not even we can see your emails” levels of security, turned 12 CDs worth of emails from three accounts over to the government. So while ProtonMail claims it has Pentagon-like security, that may not actually be the case.
Per that same WIRED report:
That’s because Switzerland has a mutual legal assistance treaty relationship with the United States. These treaties require foreign governments to hand over to a requesting government any information legally available to their local authorities. That means that Switzerland would have to give the US access to any data that it could itself access.
Wow, all of this is wild. It sounds kinda like something ‘Mr. Robot’ would use, lol.
Doesn’t it? In fact, if you’re a fan of USA Network’s smash-hit hacker drama, Mr. Robot, the same concept is used prominently in both the first and third seasons of the show. Elliot Alderson, the show’s main character, a talented hacker with an unstable grip on reality, uses self-destructing emails and encryption in his quest to topple the global economy. Seems foreboding, no?
UPDATE: March 22, 2018, 8:50 a.m. EDT — ProtonMail CEO Andy Yen reached out to Mashable with a statement to clarify how its technology is different from Lavabit and Hushmail. “We actually do not possess the encryption keys of our users. The reason we can’t hand over the emails of our users is not actually due to Swiss law, but because without access to the encryption keys, we cannot actually decrypt any of the messages stored on ProtonMail.”