Who Owns Your Data? PayPal Freezes Startup's Account: Questions Purpose, Legality

Your money, your data? Not so fast. The fact that you created something ostensibly legal then contracted and paid for whatever services you needed or wanted to optimize potential success does not guarantee that others won't believe - with equal fervor - that they have the right to disrupt and potentially assume control of what you thought was yours.

The situation arose when ProtonMail, an encryption startup founded by MIT, Harvard and CERN scientists attempting to circumvent NSA and NSA-like intrusions raised money on a crowd-funding site called indiegogo. The problem was that PayPal, where the indiegogo loot was stored, decided that it had some issues with the company's purpose and froze ProtonMail's account - along with the cash (sounds very physical for a totally intangible transaction). A media uproar ensued and within a day the account was unfrozen, PayPal claiming a technical glitch, though ProtonMail suggests it was the media uproar that forced PayPal's hand.

The story raises three troubling questions:
Why is PayPal so afraid of the US government that it would freeze a client account in anticipation that something might be wrong?
Even if their suspicions were rational, what right do they have to freeze a contractually secure account anyway?
And who owns the funds raised for you when placed in an account for which your service provider has paid?

It sounds as if PayPal was strongly advised by calmer and more legally knowledgable heads to rethink its objections, but the larger issue is the degree to which, in an increasingly intangible age, those rights and liberties are protected in every way, shape or form. JL

David Meyer reports in GigaOm:

Strong encryption is at least theoretically subject to export controls in the U.S., but it’s certainly not illegal to use it there, and it doesn’t require government approval either. The same applies most places,

About 6 weeks ago my colleague Barb Darrow covered a new secure email startup called ProtonMail, which was set up by a bunch of MIT, Harvard and CERN researchers who are annoyed with the NSA’s intrusive ways.
The team’s Indiegogo crowdfunding campaign has done pretty well in the last 2 weeks, thus far raising $283,675 off a $100,000 goal. But Geneva-headquartered ProtonMail, which is keen to rent servers and get the product out of beta, hit a snag on Monday when it discovered PayPal had frozen its account.
Restrictions on the account were lifted on Tuesday, with ProtonMail crediting the reversal to media coverage, but PayPal said the account had only been frozen in the first place due to a technical problem. However, when ProtonMail was trying to find out why the block had been put in place, a PayPal representative apparently asked whether the startup had sought government approval for offering encrypted services.
The payments firm said in a statement:

PayPal recently made changes to the way it handled accounts of people who were using crowdfunding sites to support their ideas. In response to customer feedback we established a streamlined process to specifically support crowdfunding campaigns. This process involves engaging crowdfunding campaign owners early on to clearly understand their campaign goals and help them ensure their campaigns are compliant with our policies and government regulations.
In the case of ProtonMail, a technical problem this week resulted in PayPal applying restrictions to the account. We have contacted ProtonMail today to solve this and can confirm that ProtonMail is able to receive or send funds through PayPal again. We are sorry for any inconvenience caused.

ProtonMail had received no warning before its account was frozen, and it took the best part of a day for the startup to get any response from PayPal. Prior to PayPal’s statement, it seemed a story to file under either “PayPal being annoying because of its historically over-cautious take on crowdfunding” (which it promised to fix) or “PayPal being annoying because of its politics” (see also: the cutting-off of Wikileaks’ funds).
In a blog post on Monday, the ProtonMail team began by erring towards the former explanation:

Like many others, we have all heard the PayPal horror stories, but didn’t actually think it would happen to us on our campaign since PayPal promised, very recently, to improve their policies. Unfortunately, it seems those were hollow promises as ProtonMail is now the latest in a long string of crowdfunding campaigns to be hit with account freezes.

However, this may be more complicated than that. ProtonMail went on to ask why it was being singled out, then dropped this weird detail:

When we pressed the PayPal representative on the phone for further details, he questioned whether ProtonMail is legal and if we have government approval to encrypt emails. We are not sure which government PayPal is referring to, but even the 4th Amendment of the U.S. constitution guarantees: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures….”

Strong encryption is at least theoretically subject to export controls in the U.S., but it’s certainly not illegal to use it there, and it doesn’t require government approval either. The same applies most places, though of course law enforcement powers of ordering decryption are another matter.