Proton Mail Handed the FBI Payment Data That Identified an Anonymous Protester—Swiss Privacy Law Didn't Stop It

Proton Mail markets itself on a single promise: your email is your business. The company is headquartered in Switzerland, governed by Swiss privacy law, and uses end to end encryption that even Proton itself cannot read. For journalists, activists, and privacy conscious users, these assurances form the foundation of trust.

An FBI affidavit obtained by 404 Media reveals the limits of that promise. Proton Mail provided payment data through a Swiss legal process that helped the FBI identify an anonymous user linked to the Defend the Atlanta Forest movement, also known as Stop Cop City.

What Happened

The investigation centered on a Proton Mail account associated with the Defend the Atlanta Forest group, which organized protests against the construction of a police training facility in Atlanta. Federal authorities were investigating allegations of arson, vandalism, and doxxing connected to the movement.

The FBI could not read the encrypted email content. But it did not need to. Through a Mutual Legal Assistance Treaty request, the bureau asked Swiss authorities to compel Proton Mail to hand over payment data associated with the account. Proton complied with what it described as a binding Swiss judicial order.

Payment data, unlike email content, is not protected by end to end encryption. It includes billing names, credit card details, or cryptocurrency transaction records, any of which can connect a pseudonymous email account to a real identity. In this case, the data was enough for the FBI to identify the person behind the account.

What Encryption Does and Does Not Protect

This case exposes a gap that most users do not consider. End to end encryption protects the content of messages. It does not protect metadata, IP addresses (unless using Tor), or payment information. These categories of data fall outside the encryption envelope and are subject to legal process in whatever jurisdiction the provider operates.

This is not a failure of Proton's encryption. The encryption worked exactly as designed. The message content remained unreadable. But the operational security of an anonymous account depends on more than encryption. It depends on every data point associated with the account, including how it was paid for.

Proton Mail offers free accounts that require no payment information. Users who created accounts with cryptocurrency through privacy coins rather than credit cards would have left a much smaller trail. But many users, understandably, assume that "encrypted email" means "completely private email," and that assumption is wrong.

The MLAT Process

Mutual Legal Assistance Treaties are agreements between countries to cooperate in criminal investigations. When the FBI cannot directly compel a Swiss company to hand over data, it routes the request through diplomatic channels. The Swiss government evaluates the request under its own legal standards and, if it approves, issues a binding order to the company.

Proton has maintained that it only complies with Swiss court orders and cannot be compelled by foreign governments directly. This is technically true. But the MLAT process effectively gives foreign law enforcement a legal pathway to Swiss data, provided the request meets Swiss judicial standards.

This is not the first time Proton has complied with such requests. The company's transparency report shows it has processed thousands of data requests from Swiss authorities, many originating from foreign governments through the MLAT process.

The Broader Context

The Stop Cop City case has broader implications. More than 60 people connected to the protests have faced charges, many of which were subsequently dropped. The use of federal surveillance tools against domestic protest movements raises questions about proportionality and the chilling effect on First Amendment activities.

For journalists and activists who depend on encrypted communications, the lesson is operational, not technical. Encryption protects message content. It does not protect against metadata analysis, payment trail forensics, or legal processes that target non content data.

Privacy tools are not magic shields. They are components in a broader operational security strategy. An encrypted email account paid for with a personal credit card provides far less anonymity than the same account created for free over a VPN. Understanding what each tool protects, and what it does not, is the difference between privacy and a false sense of security. The same principle applies to Apple's privacy features: court records show that Apple's Hide My Email disclosed a user's real identity to the FBI when served with a warrant, including records for 134 anonymous aliases.