ProtonBlog

Correcting misconceptions about the White House’s use of encryption and Proton Mail

As a matter of policy, we never comment on individual accounts, so we will not confirm nor deny the authenticity of this account. And while we were hoping to not have to comment at all, after two days of silence, there are some misconceptions(new window) that we now feel are necessary to correct.

Don’t be a password idiot

First of all, just to get it out of the way, don’t be a password idiot. Do not write your password down on a piece of paper and then lose that piece of paper. Also, enable two-factor authentication. Without good password practices, no amount of encryption will keep your data secure. We highly recommend reading our email security guide. In other words, don’t be this guy:

A White House staffer wrote his encrypted email password on White House letterhead and then left it at a bus stop https://t.co/7cpgAuflMw(new window) pic.twitter.com/qJ1Xsqg0G7(new window)

— Sam Biddle (@samfbiddle) March 17, 2018(new window)

Wanting more security is not suspicious

It is incorrect to say that using Proton Mail implies you have “something to hide.” Proton Mail provides more security and privacy compared to Gmail or other email services, and security is desirable for practically anyone that uses the internet.

What makes Proton Mail more secure is that we use zero knowledge encryption and end-to-end encryption, which means that we do not have access to your emails, and an adversary which breaches our systems also cannot decrypt the emails stored on our servers. We cannot read your emails, we cannot share data with third parties, and we do not do business with advertisers who want your data. We comply fully with both Swiss and EU privacy regulations, including the upcoming GDPR legislation.

Encryption doesn’t prevent the creation of records

There is a broadly held misconception that encryption is being used to prevent the creation of government records. This is technologically incorrect. Encryption does not prevent the creation of records. If anything, it is an important tool for improving the security of records.

As it pertains to the Trump administration’s use of Proton Mail, the actual issue is whether or not non-governmental accounts are (allegedly) being used for government work. This is an entirely separate issue that has nothing to do with encryption, and it is a mistake to confuse the two.

It is also important to note that it is not illegal for government officials to possess private email accounts (Proton Mail or otherwise) for personal use, and the presumption should be innocent until proven guilty.

Encryption is not about hiding, it is about securing

Encryption by itself generally does not permit a government official to hide communications. Emails, encrypted or not, can be subject to subpoenas. The difference is that when it comes to encrypted emails, it is not possible to obtain them from the service provider, and instead the subpoena must be served to the individual or organization under investigation. This is the way that things should be, and is far better than the alternative (prohibiting the use of encryption), which would weaken security for everyone, treat all users as guilty until proven innocent, and leave data vulnerable to leaks and breaches.

Concluding thoughts

Like all services, Proton Mail can be used both legally or illegally, but there is nothing out of the ordinary with possessing an account. Millions of people use Proton Mail, including journalists, activists, doctors, lawyers, businessmen, and people from all walks of life. Our technology is used to protect online freedom, keep societies democratic(new window), and provide improved cybersecurity. While we may not always agree with all of our users, we are committed to keeping Proton Mail accessible to all who use it in a lawful manner.

Protect your privacy with Proton
Create a free account

Related articles

If you’re comparing different password managers or researching password security, you’ll quickly run into terms like hashing and salting. While these terms might sound like steps you take to make breakfast potatoes, they’re actually processes that ar
People often choose to remove their personal information from the internet due to privacy and security concerns. For example, oversharing on social media can expose you to phishing attacks, identity theft, and cyberstalking. Plus, your data is highl
It’s been roughly three months since the European Union’s Digital Markets Act (DMA), which aims to restore competition and fairness to the internet, came into effect for Big Tech monopolies. Since then, Google has done precisely nothing to comply wit
Today we’re announcing enhancements to our business plans, further enriching our commitment to delivering the best privacy experience for businesses. These upgrades will help us continue expanding our feature suite for organizations, while giving mor
Proton Pass brings secure and private password management to all devices
Today, we’re excited to announce the launch of the Proton Pass macOS app and the Proton Pass Linux app. One of the most popular requests from the Proton community was a standalone desktop app, which is now available on every major platform — Windows,
When you use the internet at home, connected to everything from fitness equipment to game consoles, smartphones, and laptops, marketing companies could be watching you with a tiny piece of surveillance tech you might not even know about. We’re talki