Correcting misconceptions about the White House’s use of encryption and Proton Mail

As a matter of policy, we never comment on individual accounts, so we will not confirm nor deny the authenticity of this account. And while we were hoping to not have to comment at all, after two days of silence, there are some misconceptions that we now feel are necessary to correct.

Don’t be a password idiot

First of all, just to get it out of the way, don’t be a password idiot. Do not write your password down on a piece of paper and then lose that piece of paper. Also, enable two-factor authentication. Without good password practices, no amount of encryption will keep your data secure. We highly recommend reading our email security guide. In other words, don’t be this guy:

A White House staffer wrote his encrypted email password on White House letterhead and then left it at a bus stop https://t.co/7cpgAuflMw pic.twitter.com/qJ1Xsqg0G7

— Sam Biddle (@samfbiddle) March 17, 2018

Wanting more security is not suspicious

It is incorrect to say that using Proton Mail implies you have “something to hide.” Proton Mail provides more security and privacy compared to Gmail or other email services, and security is desirable for practically anyone that uses the internet.

What makes Proton Mail more secure is that we use zero knowledge encryption and end-to-end encryption, which means that we do not have access to your emails, and an adversary which breaches our systems also cannot decrypt the emails stored on our servers. We cannot read your emails, we cannot share data with third parties, and we do not do business with advertisers who want your data. We comply fully with both Swiss and EU privacy regulations, including the upcoming GDPR legislation.

Encryption doesn’t prevent the creation of records

There is a broadly held misconception that encryption is being used to prevent the creation of government records. This is technologically incorrect. Encryption does not prevent the creation of records. If anything, it is an important tool for improving the security of records.

As it pertains to the Trump administration’s use of Proton Mail, the actual issue is whether or not non-governmental accounts are (allegedly) being used for government work. This is an entirely separate issue that has nothing to do with encryption, and it is a mistake to confuse the two.

It is also important to note that it is not illegal for government officials to possess private email accounts (Proton Mail or otherwise) for personal use, and the presumption should be innocent until proven guilty.

Encryption is not about hiding, it is about securing

Encryption by itself generally does not permit a government official to hide communications. Emails, encrypted or not, can be subject to subpoenas. The difference is that when it comes to encrypted emails, it is not possible to obtain them from the service provider, and instead the subpoena must be served to the individual or organization under investigation. This is the way that things should be, and is far better than the alternative (prohibiting the use of encryption), which would weaken security for everyone, treat all users as guilty until proven innocent, and leave data vulnerable to leaks and breaches.

Concluding Thoughts

Like all services, Proton Mail can be used both legally or illegally, but there is nothing out of the ordinary with possessing an account. Millions of people use Proton Mail, including journalists, activists, doctors, lawyers, businessmen, and people from all walks of life. Our technology is used to protect online freedom, keep societies democratic, and provide improved cybersecurity. While we may not always agree with all of our users, we are committed to keeping Proton Mail accessible to all who use it in a lawful manner.