[tony101]

I'm not sure there is a legal mechanism to force ProtonMail to add a backdoor...

> "Nearly every country in the world has laws governing lawful interception of electronic communications. In Switzerland, these regulations are set out in the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT) last revised in 2012. In the SPTT, the obligation to provide the technical means for lawful interception is imposed only on Internet access providers, so ProtonMail, as a mere Internet application provider, is completely exempt from the SPTT’s scope of application. This means that under Swiss law, ProtonMail cannot be compelled to backdoor our secure email system."

https://protonmail.com/blog/switzerland/

[benwilber0]

If a government really wanted access to a specific user's ProtonMail account, couldn't they get a court order from a domestic CA, say Verisign, to generate a fake certificate that they can use to MITM a browser session, and deliver key-stealing javascript to the user? I'm not sure what the state of certificate pinning is, but it seems that for the "uber security conscious users" they have instructions to check the SHA-1 fingerprints[0] manually. I feel like there are just an infinite number of technical ways a state actor with unbounded resources and legal access to basically every authority and pipe that operates the internet could MITM a service like this without compelling ProtonMail to do anything.

[0]https://protonmail.com/support/knowledge-base/protonmails-ss...

[geocar]

> If a government really wanted access to a specific user's ProtonMail account, couldn't they get a court order from a domestic CA

Why bother?

If they can MITM ProtonMail, they might as well use letsencrypt which just requires you control the domain name (for some definition of control).

> I'm not sure what the state of certificate pinning is,

    Public-Key-Pins-Report-Only: pin-sha256="Jh0ZSUYEc97HRYcwZIOkH2jKOUpmQhLO48MYd1s5pRM="; pin-sha256="2ZnCTNQBrKShr4c1olKfwNG53KiL6qoNcQi65YGRBn8="; pin-sha256="1D76xWwHug9p4iQWVBiDZF+e3UcxtPte/ig5pkYnmRU="; max-age=300; report-uri="https://protonmail.com/pkp-report"

Looks like they want to know about violations...

[tony101]

EV certificates must be submitted to CT logs, which means ProtonMail and the public will be able to detect the malicious certificate. If it's not a EV certificate, the browser user interface changes and a security-conscious user may notice. That said, if a powerful government is after a user specifically, it is just a matter of time and effort before the government gets in.

[pfg]

> If it's not a EV certificate, the browser user interface changes and a security-conscious user may notice.

This is often used as an argument by EV advocates, but it doesn't hold up under scrutiny. An attacker with access to a non-EV certificate can selectively intercept only connections for subresources of the targeted site (i.e. JavaScript). The "main" connection would still use the EV certificate and thus show the browser indicator. This attack was first made public in 2008[1] and has been further refined in later work[2].

HPKP and the Expect-CT header provide some viable mitigations for this. That said, it seems unlikely to me that a nation-state adversary would choose to attack at the Web PKI level in this scenario. Compromising ProtonMail or the user's device would probably cheaper and less likely to be detected.

[1]: http://w2spconf.com/2008/papers/s2p1.pdf

[2]: https://www.blackhat.com/presentations/bh-usa-09/SOTIROV/BHU...

[chmars]

ProtonMail has never painted an accurate picture of the surveillance requirements in Switzerland – and laws have been and are changing too.

Switzerland is not an island of privacy with regard to state surveillance – and with regard to private data privacy, it basically mirrors the European Union’s standard. According to Snowden documents, Swiss intelligence and security services are close partners with the NSA and other foreign services.

[ryanisnan]

> ProtonMail has never painted an accurate picture of the surveillance requirements in Switzerland – and laws have been and are changing too.

Do you think that's partly because, like most countries, the truth is... obfuscated.

[pmoriarty]

IANAL, but that just seems to say that under that particular law (SPTT), Internet access providers have to provide the technical means for lawful interception. It does not say that no other entity has to provide the technical means for lawful interception.

In other words, the law does not say that ProtonMail is exempt for having to provide lawful interception. They might still have to do so, based on some other law.

Further, it's quite conceivable that unlawful means (such as blackmail, threats, or bribery) could be used to coerce ProtonMail. That's not to mention perfectly lawful means of enticing them -- like appealing to their patriotism, willingness to help in a critical investigation, or demonstrating some credible threat.