Encrypted services Apple, Proton and Wire helped Spanish police identify activist

Encrypted services Apple, Proton and Wire helped Spanish police identify activist

Students protest in Barcelona, Spain, on 17 October 2019 demanding the Freedom of jailed separatist leaders. Thousands of students have taken to the streets to publish their outrage with the ruling of the Superior Court towards the independence leaders. (NurPhoto / Contributor/Getty Images)

Image Credits: NurPhoto / Contributor / Getty Images

As part of an investigation into people involved in the pro-independence movement in Catalonia, the Spanish police obtained information from the encrypted services Wire and Proton, which helped the authorities identify a pseudonymous activist, according to court documents obtained by TechCrunch.

Earlier this year, the Spanish police Guardia Civil sent legal requests through Swiss police to Wire and Proton, which are both based in Switzerland. The Guardia Civil requested any identifying information related to accounts on the two companies’ respective platforms. Wire responded providing the email address used to register the Wire account, which was a Protonmail address. Proton responded providing the recovery email for that Protonmail account, which was an iCloud email address, according to the documents.

In the request, which listed “organised crime” and “terrorism” as the nature of the investigation, Spanish police wrote that it wanted to “find out who were the perpetrators of the facts taking place in the street riots in Catalonia in 2019.”

Once the Guardia Civil obtained the iCloud email address, the documents show that it requested information from Apple, which in turn provided a full name, two home addresses and a linked Gmail account.

TechCrunch is not revealing the alleged full name of the activist, given that it is unclear if that person is really behind these activities, nor that they have committed any crimes.

Apple did not respond to a request for comment.

Encrypted online services typically aim to reduce the amount of user data they can access by encrypting it with keys that only the user has, effectively preventing the companies from handing over user data subject to a court order. Police instead tap companies for their metadata, such as identifiable information about the user, including email addresses.

Spokespeople from Wire and Proton confirmed to TechCrunch that they received legal requests from the Swiss police, and that they complied with the requests.

“Upon a formally correct request by the Swiss authorities, Wire provided basic account information about a user. Wire is not able to see or disclose the content of any data transmitted over its service,” Wire spokesperson Hauke Gierow told TechCrunch in an email.

Proton spokesperson Edward Shone told TechCrunch that, “Proton has minimal user information, as illustrated by the fact that in this case it was data obtained from Apple that was allegedly used to identify the terrorism suspect.”

“Proton does not require a recovery address, but in this case the terror suspect added one on their own. We cannot encrypt this data as we need to be able to send an email to that address if the terror suspect wishes to initiate the recovery process,” said Proton’s spokesperson in the email. “This information can in theory be requested by Swiss authorities in cases of terrorism, and this determination is generally made by the Swiss Federal Office of Justice. Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper [operational security] such as not adding your Apple account as an optional recovery method, which it appears was done by the alleged terror suspect.”

Neither the Guardia Civil, nor the Spanish court where the case is being investigated, responded to TechCrunch’s requests for comment. A spokesperson for the Swiss Federal Police said that it is “not allowed to share any details about possible ongoing investigations and information exchange with our partners.”

The legal requests sent to Wire, Proton and Apple are related to a case where Spanish authorities believe that a pseudonymous member of the Catalan pro-independence movement Tsunami Democratic was helping the group plan some kind of actions or demonstrations at the time when King Felipe VI was planning to visit the region in 2020.

“Explain what you want to do and I will tell you whether it’s worth it or you will waste time like at the Camp Nou,” the activist, who goes by Xuxu Rondinaire, told another activist in a chat on Wire, which is included in the court documents.

According to the Spanish authorities, Xuxu Rondinaire was referring to a botched protest involving drones that was supposed to happen during the 2019 soccer game between F.C. Barcelona, whose stadium is called Camp Nou, and Real Madrid.

According to the court documents, in those Wire chats, Xuxu Rondinaire “explained in detail” several elements of the potential security protocols of “a public figure,” clearly referring to King Felipe VI.

The case of Xuxu Rodinaire was previously reported by Spanish and Catalan media.

Catalan newspaper El Nacional reported on April 23 that the Spanish authorities believe Xuxu Rondinaire is an officer of the Catalan police Mossos d’Esquadra.

A spokesperson for Mossos d’Esquadra told TechCrunch that it has no information about the case and referred questions to the Guardia Civil and the relevant Spanish court.

TechCrunch reached out to Xuxu Rondinaire via Wire, via their Protonmail email address and their iCloud email address, but received no response. We also reached out to a cell phone number listed in the court documents as being linked to the home address where Xuxu Rondinaire allegedly lives, which was provided by Apple to the Spanish police.

When TechCrunch reached out to the cell phone number and asked whether the user behind it was the person with the full name identified in the court documents, the person responded “no,” and added they would report the message as spam.

admin

Leave a Reply

Your email address will not be published. Required fields are marked *