“We cannot access message contents because we don’t have the keys, and we cannot geolocate our users, as end-to-end encryption is part of our privacy model,” Raphael Auphan, the COO of Proton, told Infosecurity at Infosecurity Europe in 2026.
Raphael Auphan on Proton’s cryptographic limits
Auphan framed the company’s central constraint plainly: Proton’s end-to-end encryption means it lacks the cryptographic keys to read message contents, and its privacy model prevents geolocation of users. Those limits, he said, are fundamental to the trust that defines the Switzerland-based, privacy-focused provider. They also create an operational reality in which content-level surveillance or forced decryption is not possible.
Machine‑learning and anti‑abuse at Proton
Faced with those technical boundaries, Proton invests in account-level and behavioral defenses. Auphan described a dedicated anti‑abuse team that builds machine‑learning models to spot suspicious account-creation patterns and other signals of misuse. The systems are tuned to identify bot‑driven clusters, automated mass sign‑ups and other early indicators so that malicious actors can be stopped before they use Proton accounts to run operations.
How takedown requests are routed through Swiss federal authorities and Interpol
Proton does not treat all requests the same. While it cannot produce encrypted message contents, the company can close accounts, provide available metadata and hand that information to vetted law‑enforcement partners — but only when Swiss law and strict verification steps are followed. Auphan said Proton receives a “significant amount” of takedown and information requests from around the world. To be accepted, those submissions should be routed through Interpol or the Swiss federal police so Swiss authorities can validate them; only after that vetting will Proton act.
Privacy trade‑offs, false positives, and investigators
Auphan acknowledged the trade‑offs that follow from relying on behavioral signals. Anti‑abuse systems that monitor account creation or activity raise privacy questions and the risk of false positives. He also said that denying access to content, even when lawful access is impossible, can frustrate investigators. Proton’s stated aim is to balance those concerns: the company will act on verified, legitimate requests rooted in “true suspicion of malicious, or even criminal, activity,” and will not remove an account at the behest of a political adversary — “We would not take down the account of an individual for an political opponent,” Auphan said.
What this means for Swiss federal authorities, law enforcement, end users, and cybercriminals
- Swiss federal authorities: Serve as the legal gatekeeper — Proton requires that requests be channelled through them or Interpol for validation before it will provide metadata or close accounts.
- Law enforcement internationally: Must follow lawful processes and expect a verification step; Proton will comply with vetted requests but stresses legitimacy and true suspicion as prerequisites.
- End users: Benefit from preserved end‑to‑end encryption and non‑geolocation guarantees, yet may face account closure or metadata disclosure if accounts are flagged and a vetted, legitimate request is made.
- Cybercriminals: Face behavioral detection aimed at bot clusters and mass sign‑ups designed to disrupt abuse before an account is operational, according to Proton’s anti‑abuse strategy.
Proton’s posture is a study in constrained trade‑offs: cryptography that protects message content also constrains remediation options, pushing the company toward behavioral defenses and a process that routes legal requests through Swiss authorities and Interpol for validation. As Auphan put it plainly, “We have no interest in allowing malicious actors to use our platform.” The practical test ahead, grounded in the company’s own admission that it receives a “significant amount” of requests worldwide, is whether that routed, verification‑first process will scale without eroding either privacy guarantees or the speed of legitimate investigations.
