Does Proton Mail encrypt email subjects?
All Proton Mail data at rest and in transit is encrypted. However, subject lines in Proton Mail are not end-to-end encrypted, which means if served with a valid Swiss court order, we do have the ability to turn over the subjects of your messages. Your message content and attachments, however, are end-to-end encrypted. See this article for a description of what Proton Mail data is encrypted(nouvelle fenêtre).
Subject lines in Proton Mail messages are not end-to-end encrypted to remain compliant with standards and ensure interoperability. Proton Mail adheres to the OpenPGP standard, which largely respects the SMTP protocol. In PGP, the subject line is part of the header packet, which is not end-to-end encrypted.
Given that PGP does not end to end encrypt subject lines, why does Proton Mail use the OpenPGP standard?
The reason is interoperability. By adhering to OpenPGP, we enable not just end-to-end encrypted messaging with other Proton Mail users, but compatibility with any PGP user worldwide. This means anybody, regardless of what email provider they use, can send end-to-end encrypted messages to Proton Mail users.
The importance of this cannot be overstated. This also allows us to integrate with other services: with OpenPGP, Proton Mail isn’t just a standalone encrypted email service, we become part of an entire encrypted ecosystem.
This may change in the future as encryption technology evolves, and there are currently proposals being discussed about incorporating encrypted subject lines in OpenPGP standards.
What can I do to protect the subject lines of my email communications?
Even though Proton Mail subject lines are not end-to end encrypted, it is exceptionally difficult for a third party to get access to them. Access would require breaching Swiss data privacy laws and getting a court order that is approved by a Swiss judge(nouvelle fenêtre).
You can also use generic subject lines that disclose minimal information about the message contents.