Proton threatens to quit Switzerland over new surveillance law

Original Article ↗ Hacker News Discussion ↗

Status of the Swiss surveillance proposal

  • Several commenters note the revision Proton objects to reportedly failed early in the Swiss consultation (“Vernehmlassung”) with broad opposition and “had no chance.”
  • Others argue that, even if dead now, it shows the government’s willingness to consider mass surveillance, which changes long‑term risk calculations for privacy services.
  • Swiss direct democracy is highlighted: unpopular laws can be forced to a referendum via signatures, which many see as a strong defense against overreach—but not foolproof.

Where could Proton move?

  • Skepticism that Proton can find a clearly “better” jurisdiction:
    • EU states formally reject some types of blanket logging, but multiple examples (Denmark, Belgium, others) are cited as de‑facto mass surveillance via legal workarounds or non‑compliance with court rulings.
    • Nordic countries (Norway, Sweden) are mentioned as technically attractive but politically risky due to recurring data‑retention proposals.
  • Tax havens / microstates (Liechtenstein, Seychelles, Panama) are mentioned but criticized for governance issues or practical constraints (servers still located elsewhere).

Law, constitutions, and recurring surveillance pushes

  • Users discuss why “bad” surveillance laws keep reappearing:
    • Legislatures cannot bind future lawmakers; only constitutions or similar higher‑order rules can.
    • Even constitutional protections can be amended, reinterpreted, or ignored under political pressure.
  • Long subthread compares systems (Switzerland, US, EU, Australia, Netherlands) on how hard it is to amend constitutions and how effective they really are at stopping authoritarian drift.
  • Some argue frequent amendments and citizen votes keep systems responsive; others see that as weakening long‑term civil‑liberty guarantees.

Technical and provider‑specific angles

  • Strong view that any mandated logging instantly destroys a “privacy” service’s credibility, regardless of jurisdiction; better to design systems where compliance is technically impossible (no data to retain).
  • Mullvad is contrasted with Proton:
    • Claim that Mullvad doesn’t have traffic logs but must keep some account/payment records under Swedish law.
    • Proton’s transparency reports show they do hand over some email‑related data under court order; defenders note this is about mail, not VPN, and constrained by their architecture.
  • Email itself is criticized as a poor medium for strong privacy when only one side (e.g., Proton) is protected and most peers use Gmail/Outlook.

Reactions to Proton’s threat

  • Supportive voices: say Proton built real non‑retention engineering around “Swiss privacy,” so if Swiss law undermines that, leaving is the only non‑theatrical option.
  • Skeptical voices: call the move performative marketing, especially since the proposal already failed.
  • A few customers say they will hold Proton to the CEO’s promise and cancel if the company stays under weakened laws.