You need to understand a few things. In order to keep email service usable, Proton need to fight any malicious activity. If they didn’t do it, ProtonMail would be quickly blacklisted by other mail providers as it will be interpreted as source of spam. At the same time, they have very limited capabilities to verify this activity by themselves as they cannot read contents of their user’s emails (it is encrypted) and they keep limited logs.
As an article states, here is what happened:
Proton’s official account replied the following day, stating that Proton had been “alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled. Our team is now reviewing these cases individually to determine if any can be restored.” Proton then stated that they “stand with journalists” but “cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.”
While Proton does have an obligation to stop spread of SPAM mail, this incident is a bit different. Let’s see -
Proton was not approached by other Email providers (Gmail/Outlook) about suspected email SPAM campaign originating from their network.
This matter is NOT even related to SPAM mails.
krCERT - a Govt agency approached Proton and asked them to disable the account.
Proton simply complied to that without verification.
Appeal made by Owner of that email id was rejected.
Subsequently follow ups were also ghosted.
Until the tweet from the journalist went viral, Proton was not in mood to reinstate the account.
Note that while Proton Mail (server) is E2E encrypted, but once email exits their network it no longer remains as such. So, whoever (other email provider or incident reporter) reported the incident, should have a copy of unencrypted email to prove abuse of Proton Mail service.
Given that proton now reinstated the account, that proves Proton initially froze that account based on “Trust me, Bro” proof only from krCERT.
In ideal world, any service provider should require a court order to comply with Govt request to remain unbiased in such situation.
You need to understand a few things. In order to keep email service usable, Proton need to fight any malicious activity. If they didn’t do it, ProtonMail would be quickly blacklisted by other mail providers as it will be interpreted as source of spam. At the same time, they have very limited capabilities to verify this activity by themselves as they cannot read contents of their user’s emails (it is encrypted) and they keep limited logs.
As an article states, here is what happened:
While Proton does have an obligation to stop spread of SPAM mail, this incident is a bit different. Let’s see -
Note that while Proton Mail (server) is E2E encrypted, but once email exits their network it no longer remains as such. So, whoever (other email provider or incident reporter) reported the incident, should have a copy of unencrypted email to prove abuse of Proton Mail service.
Given that proton now reinstated the account, that proves Proton initially froze that account based on “Trust me, Bro” proof only from krCERT.
In ideal world, any service provider should require a court order to comply with Govt request to remain unbiased in such situation.