The root issue has been known since 2001. It is not correct to call Efail a new vulnerability in PGP and S/MIME. The correct response to the efail vulnerability is not to stop encrypting, but to use clients that are using secure implementations of PGP. Any service that uses our library is also safe as long the default settings aren't changed. The real vulnerability is implementation errors in various PGP clients. ProtonMail is safe against the efail PGP vulnerability. Full details about what we can provide can be found in our privacy policy: In the event that a court order does get approved, we are also quite limited in what we can provide given our policy of collecting as little user information as possible, and using zero access encryption for all emails stored on our servers. In all cases, our legal team also reviews all requests and will also fight certain requests that we believe may be improper. This means that in the example that you bring up with a journalists or activist, it is rather difficult to get a Swiss court to consider such a person to be a criminal.
In Switzerland, we have intentionally picked a jurisdiction where we believe there is a strong cultural and institutional respect for privacy, which extends both to the laws and the behavior of the courts and law enforcement. This is the reason why the choice of Switzerland matters. Almost all countries require companies to assist in some manner in criminal investigations, and Switzerland is no exception. Essentially, unless you are located on a ship 100 km offshore, you will have to fall under the jurisdiction of some country and must follow the laws of that country.
0 kommentar(er)
