Encrypted services Apple, Proton and Wire helped Spanish police identify activist

As part of an investigation into people involved in the independence movement in Catalonia, Spanish police obtained information from encrypted services Wire and Proton, which helped authorities identify a pseudonymous activist, according to court documents obtained by TechCrunch .

Earlier this year, Spanish police Guardia Civil sent legal requests through Swiss police to Wire and Proton, both based in Switzerland. The Guardia Civil has requested any identifying information relating to the accounts on the respective platforms of the two companies. Wire responded by providing the email address used to register the Wire account, which was a Protonmail address. Proton responded by providing the recovery email for that Protonmail account, which was an iCloud email address, according to the documents.

In the request, which cited “organized crime” and “terrorism” as the nature of the investigation, the Spanish police wrote that they wanted to “find out who were the perpetrators of the facts that occurred during the street riots in Catalonia in 2019”.

Once the Guardia Civil obtained the iCloud email address, documents show it requested information from Apple, which in turn provided a full name, two home addresses and a linked Gmail account.

TechCrunch is not revealing the alleged full name of the activist, as it is unclear whether this person is actually behind these activities, nor whether they have committed crimes.

Apple did not respond to a request for comment.

Encrypted online services generally aim to reduce the amount of user data they can access by encrypting it with keys that only the user has, thereby preventing companies from transmitting user data subject to a court order. Instead, police exploit companies to obtain their metadata, such as identifiable user information, including email addresses.

Spokespeople for Wire and Proton confirmed to TechCrunch that they had received legal requests from Swiss police and had complied with them.

“Following a formally correct request from Swiss authorities, Wire provided basic information about a user’s account. Wire is not able to see or disclose the content of data transmitted through its service,” Wire spokesperson Hauke ​​Gierow told TechCrunch in an email.

Proton spokesperson Edward Shone told TechCrunch that “Proton has minimal user information, as illustrated by the fact that in this case it was data obtained from Apple that would have been used to identify the terrorism suspect. »

“Proton does not require a recovery address, but in this case the terrorist suspect added one on his own. We cannot encrypt this data because we need to be able to send an email to this address if the terrorist suspect wishes to initiate the recovery process,” the Proton spokesperson said in the email. “This information can in theory be requested by Swiss authorities in cases of terrorism, and this decision is usually made by the Federal Office of Justice. Proton provides privacy by default and not anonymity by default, as anonymity requires certain user actions to ensure proper operational security, such as not adding your Apple account as an optional recovery method, which appears to have been made by the alleged terrorist suspect.

Neither the Guardia Civil nor the Spanish court where the case is being investigated responded to TechCrunch’s requests for comment. A spokesperson for the Swiss federal police said it was “not authorized to share details about possible ongoing investigations and the exchange of information with our partners.”

The legal requests sent to Wire, Proton and Apple are linked to a case in which Spanish authorities believe that a pseudonymous member of the Catalan independence movement Tsunami Democratic helped the group plan certain actions or protests around the time when King Felipe VI was planning to visit the area in 2020.

“Explain what you want to do and I will tell you if it is worth it or if you will waste time like at Camp Nou,” the activist, known as Xuxu Rondinaire, told another activist during a conversation on Wire, included in court documents.

According to Spanish authorities, Xuxu Rondinaire was referring to a botched protest, involving drones, that was scheduled to take place during the 2019 soccer match between FC Barcelona, ​​whose stadium is called Camp Nou, and Real Madrid.

According to court documents, during these discussions on Wire, Xuxu Rondinaire “explained in detail” several elements of the potential security protocols of “a public figure,” clearly referring to King Felipe VI.

The case of Xuxu Rodinaire has already been reported by the Spanish and Catalan media.

Catalan newspaper El National reported on April 23 that Spanish authorities believed Xuxu Rondinaire to be an officer of the Catalan police force Mossos d’Esquadra.

A spokesperson for Mossos d’Esquadra told TechCrunch that it had no information on the case and referred questions to the Guardia Civil and the relevant Spanish court.

TechCrunch contacted Xuxu Rondinaire via Wire, via his Protonmail email address and his iCloud email address, but received no response. We also contacted a cell phone number listed in court documents as being linked to the home address where Xuxu Rondinaire allegedly resides, which was provided by Apple to Spanish police.

When TechCrunch contacted the cellphone number and asked if the user behind it was the person whose full name was identified in court documents, the person responded “no” and added that they would report the post as spam.