Frequently Asked Question
How do you handle court orders? What information can you provide them with? Transparency Report?
Last Updated 8 months ago
Countermail will not accept an order from any organization or investigative agency that is outside Sweden. If we get a valid court order from the Swedish police and a Swedish prosecutor we can only provide them with meta-data*, at maximum.
If the swedish police have a prosecutor's decision, our lawyer will check the evidence for every case individually.
That could end up that we may have to close down the specific account which the prosecutor decided that the police have sufficient evidence on, and that our lawyer has verified the facts.
There are some special cases
There are a few cases that we can act on before any police decision is even made, for these special cases it's enough if we get some evidence from our servers error log or mail queue (usually the queue grows when someone is sending mass-emails), we will then try to verify it by ourself, but generally we will only take action if the swedish police & prosecutor, and their decision on a specific account. Every account is handled individually. Below are the special cases, where we can do our own quick investigation to protect our server.
-Spammers, spam email, people that use our service to send out spam, if often easy to spot and verify them, we will then close the account directly, this includes Mass-emails used for Marketing or Sales-letters
-Phishing emails, these are also pretty easy to spot and to verify, we have our own method for this. These accounts will be closed as soon as possible.
-Ransomware communication, if people are using our service to communicate between the victims and the hackers/attackers. We will close down the Ransomware account as soon as we have verified this, this is also pretty easy to verify, because the Ransomware hackers usually leaves multiple emails as their main communication method. And the victim may also give us enough evidence.
What information can we give out if they have a valid legal request?
We do not log IP-addresses, so we can not provide IP-addresses for any of our email accounts.
We do not store account passwords. Since we are using end-to-end encryption, the encryption/decryption process will be done locally on the users computer, not on our server, so there is no need for us to store passwords.
The private PGP keys are stored anonymously, this means that we are unable to determine which private key belongs to a specific user. There are very few providers who store the private key both encrypted & anonymously. This means that we can't give out any private key even if someone forced us. You can read the details here.
The payment information for premium accounts is stored for 14 days.
* The following data is not encrypted (in stored emails): Header-fields like From, To, Subject, Date, and Folder names. The reason for this is that the SMTP & IMAP protocols can not handle encrypted headers or foldernames
Keywords: government goverment authorities legal law jurisdiction Transparency Report Sweden Swedish police