Thirteen schools in the city of Chennai received hoax bomb threats via mails sent using Proton’s services on February 8
An order has been passed by the IT ministry on the basis of Tamil Nadu's Police Cyber Crime Wing request to block the service
The Swiss company hasn't responded to the police's request to share IP addresses, mobile numbers, and other backend information to ascertain where the hoax bomb threats came in from
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
The IT ministry has reportedly decided to issue an order blocking end-to-end encrypted email service ProtonMail at the request of the Tamil Nadu police over a hoax bomb threat sent to at least 13 private schools in Chennai last week.
As per Hindustan Times’ report, the decision to block ProtonMail was taken at a meeting of the 69A blocking committee on Wednesday (February 14).
Under Section 69A of the IT Act, the designated officer, on approval by the IT Secretary and at the recommendation of the 69A blocking committee, can issue orders to any intermediary or a government agency to block any content for national security, public order and allied reasons.
The police initiated a process to seek information about the users who sent the emails but faced a roadblock.
“They were least responsive… We were unable to get IP address, mobile number — other backend information of the email address because it is end-to-end encrypted. We are unable to trace them also,” Moneycontrol reported, quoting D Ashok Kumar, the superintendent of police-1 who is also the state’s nodal officer for blocking orders under IT Act, 2000.
The final order to block the website has not yet been sent to the Department of Telecommunications but the MeitY has flagged the issue.
In an emailed response to HT, Proton acknowledged that it had received notice from MeitY about “a possible block”. “We are currently working to resolve this situation and are investigating how we can best work together with the Indian authorities to do so,” the company’s spokesperson said.
This isn’t the first instance of dispute between the Swiss company and the government. In 2022, Proton removed its physical servers from India in response to the country’s “regressive new surveillance law”.
The company’s India exit was triggered by a set of directives mandating that VPNs, along with Virtual Private Server (VPS) providers, cloud service providers and such other entities, collect and store various user data like names, IP addresses, email addresses, and more for up to five years issued by the Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology (MeitY).
It had condemned the directives in 2022. Late last year, it also labelled the new Telecommunications Bill a grave threat to democracy and the internet.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.