Cambridge Analytica operated under ProtonMail – but this doesn’t make the secure email service inherently dangerous

Facebook continues to dominate the headlines following the weeks of turmoil that revealed how the social media company granted Cambridge Analytica with improper access to users’ data.

While the news of this mishandling of personal information caused those in privacy circles to shake their heads with ‘I told you so’, the influence that Cambridge Analytica potentially had on both the US Presidential election and Brexit vote has perhaps made the topic of data protection one that’s finally here to stay.

But as calls for regulation have begun to envelop Facebook and other tech conglomerates alike, another victim of the worldwide scandal has come to light: encrypted email service ProtonMail.

“Unfortunately, encryption has always been the easiest culprit to incorrectly point at,” Dr Andy Yen, co-founder and CEO of ProtonMail, told The Daily Swig.

Dr Yen’s comments came following a Channel 4 News investigation, which divulged how Cambridge Analytica was using the email service due to the lack of paper trail it offered.

ProtonMail is a Switzerland-based company that provides free secure emailing for public use.

Individuals can set up an account through its website and be guaranteed end-to-end encryption in any message that they send, whether through the website, Tor network, or iOS and Android apps.

Whereas other email services providers – like Gmail, for instance – can obtain access to a user’s emails, ProtonMail doesn’t hold the encryption keys used to send, receive, and store data, making it technically impossible for the company to decipher messages.

Any data that does end up residing on the company’s servers is also regulated under Switzerland’s stringent privacy laws.

These advantages in security, privacy, and anonymity, however, can unfortunately make ProtonMail the email provider of choice for those engaged in nefarious activities – especially as the service offers a function where emails can be automatically deleted without leaving a trace.

“Given that ProtonMail is one of the most secure email services in the world, it is not altogether surprising that Cambridge Analytica chose to use it,” said Dr Yen.

“However, it is important to note that tools like ProtonMail are also used by journalists, dissidents, doctors, lawyers, NGOs, and even regular people who rightfully won't want their data sold and resold without their consent through platforms like Facebook and Google.”

In the wake of catastrophe or tragedy it is easy to see the dark side of technology, with authorities demanding access to encryption keys that are technically impossible for them to access on a rolling basis.

Privacy is not the enemy of security

Unlike the messaging app Telegram – singled out by Theresa May as a “terrorist platform” – or WhatsApp – having refused to build a backdoor for the British government – ProtonMail has so far steered clear of similar pressures from Western nations.

That’s not the case when it comes to its use in other countries like China or Turkey, where the ProtonMail VPN is either intermittently blocked or the entire service completely shut down.

These levels of censorship and state suppression are typically condemned by Western counterparts, but following the Facebook revelations, ProtonMail was on the defensive again.

The company recently announced it had deployed significant efforts to “prevent the misuse” of its technology, and that whether Cambridge Analytica had been in any violation of its code of conduct would have to be determined by Swiss law.

“If your core business is building a massive surveillance system, the data will eventually be misused,” Dr Yen told The Daily Swig.

“Whether it is breached, hacked, misappropriated, or sold is irrelevant. These incidents are helping to raise public awareness about the importance of privacy and how data businesses like Facebook are a threat to democracy.”

Dr Yen believes that the Facebook incident showed public knowledge of privacy growing, but despite the growth in ProtonMail itself, he thinks privacy is still very much under attack. 

“Our biggest challenge is helping the world understand that privacy is not the enemy of security,” said Dr Yen. “Actually, privacy and security go hand in hand, because systems that are secure and good at protecting data are also inherently private.”