IE like Crypto AG:
In 2020, it was revealed that the Swiss company, Crypto AG, which provided secure communications services to ~120 governments throughout the 20th century, was secretly ran by the CIA and West German Intelligence. The CIA and later NSA were able to read encrypted communications for many countries such as Saudi Arabia, Iran, Italy, Indonesia, Iraq, Libya, Jordan and South Korea.
No company is in a position to resist lawful orders from government (not good orders, lawful).
It’s why every company that sells security makes a big show about planning to leave some western country when they say they’re gonna do mass surveillance. It’s all they can do.
Email is not secure and cannot be made secure.
Do not ever send anything through email that you rely on being private.
I’m certainly not suggesting that email providers should resist lawful orders, but if Proton complies with 89% of requests while Tuta complies with 25%, it suggests a difference in methodology, no?
It could, of course, be the case that the Swiss are just much more skilled at sending lawful requests relative to the Germans, but that seems unlikely.