Cambridge Analytica Used ProtonMail To Hide Email Paper Trails

Cambridge Analytica faces more accusations following a third expose by Channel 4 News, which filmed recently-suspended CEO, Alexander Nix, discussing the company’s role in the 2016 US Presidential election. 

The report also featured the CEO talking about how the company used a “secure, secret email system” to cover up correspondence between the company and third parties. 

The email system, ProtonMail, is a Swiss company that provides encrypted email services not accessible by anyone other than the mail sender and the mail recipient. 

According to the company’s website: “Data is encrypted on the client side using an encryption key that [we] do not have access to. This means [we] don't have the technical ability to decrypt [your] messages, and as a result, [we] are unable to hand your data over to third parties.” Furthermore, ProtonMail’s website said: “All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO), which offers some of the strongest privacy protection in the world for both individuals and corporations. 

“As ProtonMail is outside of US and EU jurisdiction, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.”

In the recent report aired by UK Channel 4 News, CA’s Nix explained to the undercover reporter, posing as a political consultant, how the company covers its tracks: “I’d like you to set up a ProtonMail account please because now these are getting quite sensitive.”

When asked whether the consultant should hand over the ProtonMail account, Nix replied: “Well, nobody knows we have it… and secondly, we set out ProtonMail emails with a self-destruct timer. So you send them, and after they’ve been read, two hours later they disappear. “So then there’s no evidence, there’s no paper trail, there’s nothing.”  

Comparing itself to SnapChat, ProtonMail says that communication with non-ProtonMail users can be secure, saying that encrypted messages can be sent to Gmail, Yahoo, Outlook, and others. 

The company stopped publishing its transparency reports in February 2017 – the latest update showed that only five user data access requests were granted out of 54. 

ProtonMail responded to Infosecurity's request for comment with the following statement:

"The real story is that the mass collection of data is dangerous. As was clearly demonstrated by Facebook, if your core business is building a massive surveillance system, the data will eventually be misused. Whether it is breached, hacked, misappropriated, or sold is irrelevant.
"Given that ProtonMail is one of the most secure email services in the world, it is not altogether surprising that Cambridge Analytica chose to use ProtonMail. 

“However, it is important to note that ProtonMail users also include journalists, dissidents, doctors, lawyers, NGOs, and even regular people who rightfully won't want their data sold and resold without their consent through platforms like Facebook and Google.

"While we may not always agree with the people who use ProtonMail, we must nevertheless continue to protect their privacy rights, because the essence of democracy is respecting the rights of even the people we disagree with. 
“However, as a society, we must act against the mass collection of data perpetrated by big tech companies because that does pose a threat to democracy. When it comes to protecting against bulk data collection though, encryption is not the problem, but actually part of the solution."

A spokesperson also confirmed that: "ProtonMail has a sizeable anti-abuse team within the company that works 24 hours a day, seven days a week to prevent abuse of our platform, so we are making constant efforts to prevent the misuse of our technology. 

As to whether CA's usage of ProtonMail was lawful, we would need a Swiss court to weigh in on the matter before we can express an opinion about it."

Infosecurity

You Might Also Read: 

Millions Of Facebook Profiles Were ‘Harvested’  In US Election Breach:

The Cambridge Analytica Row Shows Politics Are Moving In A Disturbing Direction:

 

« Julian Assange Has Internet Connection Cut
Death by Robot »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Zymr

Zymr

Zymr specialize in cloud computing solutions including Cloud Security, Cloud Mobility, Cloud Apps, Cloud Infrastructure and Cloud Orchestration.

Telspace Africa

Telspace Africa

Telspace Africa provide the highest level of IT security solutions including advisory, penetration testing, vulnerability assessments, red teaming, social engineering and training.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

Securitybulls

Securitybulls

Securitybulls is an information security firm offering an encyclopedic penetration testing & IT security assessment service for your organization.

Aiuken Cybersecurity

Aiuken Cybersecurity

Aiuken is an international IT Security company, focused on communications and IT technologies, specialised in Security and Cloud Services solutions with high added value.

La Fosse Associates

La Fosse Associates

The InfoSec Recruitment team at La Fosse Associates specialises in placing Information Security & Risk professionals on a permanent and contract basis.

Secure IT Disposals

Secure IT Disposals

Secure IT Disposals specialise in professional Computer Recycling, Computer Disposals, Computer Destruction, Data Erasure and end-of-lifecycle solutions.

Winterhawk

Winterhawk

Winterhawk is a specialist and leading global Cyber, ESG, GRC, Risk & Identity consulting practice.

NTT Group

NTT Group

NTT offers agile, scalable technology services to bring it all together seamlessly, securely, and sustainably. We help you adopt a holistic security approach across your network, clouds, applications.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

Airiam

Airiam

Airiam provides cybersecurity, managed IT, consulting, incident response, and digital transformation services so you can focus on what matters most.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

Hartman Executive Advisors

Hartman Executive Advisors

Hartman Executive Advisors is an unbiased IT and cyber advisory firm uniquely designed to help mid-market executives maximize their IT investments.

Tech Data

Tech Data

Tech Data, a TD Synnex company, is a leading global distributor and solutions aggregator for the IT ecosystem.

M7 Services

M7 Services

M7 Services are a comprehensive Managed Services Provider (MSP) with a focus on delivering cutting-edge information technology solutions and unparalleled customer service.