Here is a rundown of the situation as explained by Brennan Novak, one of the three people behind the project:
Saturday August 31st I woke to two emails from PayPal. The first notified me they had cancelled the debit card associated with my sole proprietor business account, the second was informing me they placed a block on my account barring me from withdrawing or sending any money out of my PayPal account. I figured my account must have tripped an automatic security limit the night before. I logged into their website to see what actions I needed to do in order to remove the block on my account.
Afer 4 phone calls, the last of which I spoke to a supervisor, the understanding I have come to is, unless Mailpile provides PayPal with a detailed budgetary breakdown of how we plan to use the donations from our crowd funding campaign they will not release the block on my account for 1 year until we have shipped a 1.0 version of our product. A final email communication from PayPal reaffirmed us of their stance by stating:
"Please provide an itemized budget and your development goal dates for your project"
This puts us in an incredibly uncomfortable position as we do not feel that it's remotely in their jurisdiction to ask for a detailed budget of our business, any more than it is within our right to ask for theirs.
Bjarni Rúnar Einarsson, the original creator of the web-client, notified the project's backers and the public that they don't know when they will be able to get access to this money, but that they are working with the Software Freedom Law Center in New York on trying to legally force PayPal to unblock the account.
"We understand this turn of events may make some of you angry with PayPal (we are a bit frustrated ourselves), but we would like to request that nobody cancel their payments or take any action aside from speaking out," he wrote. "Ironically, their justification for withholding the cash is concern about charge-backs. So please, don't give them any ammunition on that front by requesting refunds. It's a weird, complicated situation, but we are confident we will prevail in the end."
In the meantime, he assures that the funds they receiving directly through IndieGoGo are enough to keep the project running and make MailPile happen.
UPDATE: 7:15 PM CET, September 5, 2013.
"We have reached out to MailPile and the limitation has been lifted," reads a statement Help Net Security has just received from PayPal.
"Supporting crowd funding campaigns is an exciting new part of our business. We are working closely with industry-leaders like IndieGoGo and adapting our processes and policies to better serve the innovative companies that are relying on PayPal and crowd funding campaigns to grow their businesses. We never want to get in the way of innovation, but as a global payments company we must ensure the payments flowing through our system around the world are in compliance with laws and regulations. We understand that the way in which we are complying to these rules can be frustrating in some cases and we've made significant changes in North America to adapt to the unique needs of crowd funding campaigns. We are currently working to roll these improvements out around the world."
The move has been confirmed by MailPile on its Twitter feed. "It seems that @PayPal is removing the hold on our money. Some of our backers have wrote to PayPal clarifying their support, thanks :)," they wrote, adding that $640 (2 donations) have bee placed on hold for suspicion, and that the remaining $44.6K seems to have been released.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.