Feeds

back to article Deutsche Telekom launches 'NSA-busting' encrypted email service

Deutsche Telekom and United Internet have launched a super-secure German email service that they claim defeats the data-sniffing shenanigans of the likes of the NSA. The partners announced that they were starting an initiative for "secure email communication across Germany". "Germans are deeply unsettled by the latest reports …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Devil

Interesting

Does this mean that if everybody opens a mail account on a German email provider, and uses HTTPS to communicate with that provider, then everybody's mail will be private?

…Apart from the German government, that is…

4
0
Anonymous Coward

Re: Interesting

So you have doubts about HTTPS? No one else does.

Of course, the Titanic is unsinkable and the earth is flat, but HTTPS is secure.

2
5
Silver badge

Re: Interesting

Well apart from the German government and just about any other government that wants to get it.

Ohh... and did I mention that Deutsche Telekom actually had a "spying on journalists" scandal a few years ago... and that they have a current one in which they spy on many of their customers for "fraud detection" purposes?

6
0
Silver badge

Re: Interesting

HTTPS is pretty secure. theonly weakness would be if the government could send a secret order to force the certificate authorities to hand over the private keys and then order them not to tell anyone.

And what kind of free democratic nation would do that ?

6
0
Silver badge
Joke

Re: Interesting

"And what kind of free democratic nation would do that ?"

I don't think that word means what you think it means. As I understand it, "Democratic" - as in "The Democratic People's Republic of Korea" or "The German Democratic Republic" - means something like "a nation governed in such a way is to give its citizenry the illusion that they have a say in how the country is run." You seem to have misunderstood the "the illusion that they have" part in that definition. Also, "free" is the standard word used by dictators from Napoleon to Obama to describe the conditions in the countries they preside over.

So, in actual fact, pretty much every "free democratic " nation would indeed do what you say, in keeping with what they really are...

6
3
Silver badge

Re: Interesting

The german secret service has the standard "european" mandate.. Believe me that they can still read your mail if there's a need.

But at least there still needs to be a court order, or "reasonable suspicion" before they can get away with it.

1
0
Silver badge

Without seeing the technical details this is hard to judge.

<sarcasm>

However, given the in-depth development time of three-four weeks, I suspect it is chastity belt safe.

</sarcasm>

1
0
Anonymous Coward

> However, given the in-depth development time of three-four weeks

As I recall, United Internet have been offering a secure email service for years.

And as for the disadvantage of it being limited to participating providers, and disclosure being possible to authorised parties with the appropriate mandate under German law, that's fine insofar as I suspect this is more intended to be used as an industrial counter-espionage measure than by private citizens going about their normal business.

Aside from this, United Internet have always had pretty decent privacy clauses in their contracts. E.g., according to their T&C they will tell anyone without a valid court order to fuck off, and for those with a valid court order, you will be informed and given an opportunity to challenge it.

1
0
Silver badge
Thumb Up

Can they export *that* ?

If so, I for one would sign up in an instant. As indeed I suspect a lot of UK citizens with. And pay for it.

I wonder how Big Dave would spin that - a clear demonstration of people not trusting the uk.gov ?

0
0
Silver badge

Dave has huge export problems should he not engage and import this* and that**

I wonder how Big Dave would spin that - a clear demonstration of people not trusting the uk.gov ?

Dave, the pathetic politically incompetent puppet, will spin it with platitudinous reactionary comment to try and hide the evermore obvious truth and fact, that both he and they who support him and his ilk in both male and female phorms in the sham and scam that is supposed to be Parliamentary democracy, are nothing but expendable, easily replaceable pawns to a Knightly Round Table of Dervishes and Plethora of Mass Media Controllers and Alternate Reality Gamers, and in the Free Spirited Virtual Domain with Dominion and AIR&dD* Traffic Flight Control of CyberSpace, HyperRadioProActive IT Players of Great Means and Alien Memes ...... QuITe** Magic Genes

Just in case you are new here, and have been missing all of the fun in Registered developments .... *Advanced IntelAIgent Research and digital Development/**Quantum Internet Technologies

2
1
Silver badge

Re: Dave has huge export problems should he not engage and import this* and that**

someone must have put something in my tea because a lot of this actually made sense.

3
0
Silver badge

Re: Dave has huge export problems should he not engage and import this* and that**

Don't underestimate the both real and virtual possibility, and therefore eventual inevitable probability available to all who can/would think deeper both vertically and laterally, that you are become much smarter than of late and do not accept as true all the tales you be told and programmed with for the reality of others with an exclusive self-centred power control agenda, James 51, which you may discover is essentially and exclusively catastrophically predicated on the flow control, to Aspiring Sources Conspiring with Informed Intelligence Services, of flash fiat currency/QE cash transfers/magic paper trails to partnering Ponzi participants,

Further development in the field and in Quantum Communication delivers NEUKlearer HyperRadioProActive IT Assets which be more than just a tad dangerous and extremely explosive to both seek to ignore and deny and destroy.

However, .... it should be said and particularly well noted and accepted, and is shared as a fit and proper fair warning to all that would mull on doing negative individual harm for leading personalised rather than collective AIdDVenturer and ARGonaut advantage, that Intelligence and IntelAIgent Persons of Interest Exploring and Exploiting/MetaDataMining and Core Fuel Enriching the Virtual Team Terrain with Stealthy Active Provision of Cyber Command and Control Systems are not without Absolute Key Protection and IMPeccable Security Arrangements, which suffer not the sad actions nor tolerate the mad thoughts of Fooled Intelligent Beings/Status Quo Systems Rogue and Renegade Bots.

2
0
STZ

Re: Can they export *that* ?

--- and pay for it ?

You can sign up to web.de or gmx for free...

0
0
Anonymous Coward

No system, no process, no security is ever 100% unassailable. Assume that at some point, someone not on the access list will see your content.

1
2
Bronze badge
Holmes

Yes. And your point is?

0
0
Silver badge
Black Helicopters

I dont know how long this service is going to last

A) Deutsche Telekom has a majority stake in T-Mobile in the U.S. So they have tens of billions in assets to protect, plus the need to participate in further spectrum auctions and other permitting actions. I would guess they have similar investments in other NATO countries.

B) Germany is a major NATO ally, and has admitted to working with the NSA even recently. Plus they probablyhave similar relationships with gchq and other western SigInt agencies.

C) Germany has been a planning and logistics center for al Qaeda in the past. For example, Mohammed Atta and his 9/11 cell did their planning and prep in Hamburg before moving to the

U.S.

So I expect that it won't be long until someone has a conversation with Deutsche Telekom along the lines of "We don't care what you promise your customers, but we need a back door into your secure email service"

7
1
Silver badge
Black Helicopters

Nail hit on the head

DT will have to obey each and every NSA request otherwise T-Mobile will find life very hard in the USA.

Also, the NSA will argue the fact the T-Mobile is a virtual DT subsiduary and thus the whole of DT is subject to US Laws.

IMHO, the only safe secure email provider is one that has absolutely NO and I mean NO connections to any entity in the USA. Got a US shareholder? Tough, OBEY or be EXTERMINATED (by fair means or foul) and woe betide any exec of the company trying to visit the US.

{hhhhmmmm sounds like Daleks....}

I heard the sounds of a Chinook as I type this reply

5
3

Re: I dont know how long this service is going to last

@Marketing Hack Guess who owns about a third of Deutsche Telekom AG? The German federal government.

2
0
Anonymous Coward

Re: I dont know how long this service is going to last

> Deutsche Telekom has a majority stake in T-Mobile in the U.S.

They're actually different companies, but aside from that yes, this is an ongoing concern both with EU and US companies, especially in light of the new data protection directives in the cooking in the EU. Major business concern with huge ramifications. If you care to read the Financial Times or other serious (so WSJ does not count) business publication, it's been in the news at least once a week lately.

1
0
xyz
Coat

Re: Nail hit on the head

>>IMHO, the only safe secure email provider is one that has absolutely NO and I mean NO connections to any entity in the USA.

Oh you mean Apple! (tax avoidance joke! I'll get me....)

4
0
Silver badge

Totally secure

Deutsche Telekom has no links whatsoever with the German government.

Which has no links whatsoever with the US Government.

Which is, after all, not really connected with the NSA - that's just a rogue agency operating outside the law.

So it's totally secure.

6
2
Silver badge

Re: Totally secure

>Deutsche Telekom has no links whatsoever with the German government.

Other than having to obey any (secret) laws the German govt decides. And being a large company it has to plat nicely with any little "special requests" if it wants any govt contracts and doesn't want to be auditted into bankruptcy

>Which has no links whatsoever with the US Government.

Other than being USA's 2nd special little friend.

Possibly rising to 1st now that all the enemies are out of aircraft range of the UK or Canada

1
0
Bronze badge
Happy

Re: Totally secure

I think you need to bring your irony detection unit in for servicing...

0
0
Black Helicopters

BND

Strange that no one has mentioned them yet.

They ɞɧɚɊ ɇȅȜȠↈʝʬ ʘʚ ʧↈᴟ ᴥᴖᴌᵵᵷ ᵯḧṽẚ ỻỺỽₐⅫ ↀↈ ⱱⱴⱦ along.

3
0
Silver badge

German broadcaster Deutsche Welle reports (in English) that email traffic sent via the new system will “be encrypted while in transit between the sender and receiver”. Access to third parties “is to be granted only in compliance with German law”.

So in other words it's not really encrypted end-to-end. Or maybe there's a second key that people are just supposed to trust will not be used for mass surveillance. Either way it seems like alot of effort for nothing.

2
1
Anonymous Coward

"Access to third parties “is to be granted only in compliance with German law”"

Ahhh! The Canute defence.

0
0

It's just a guess, but ...

I think they're talking about mandatory TLS sessions between SMTP servers. An easy thing to do for a lot of protection, if you're of the view that US-style seizures and gag orders doesn't happen to one in one's own country. Also beneficial to the privacy agenda (and, if necessary, the "Responsible" assistance of local law enforcement).

And it's about time really. If only DNSSEC were deployed, we could start publishing keys there, and get much more reception towards the idea of mandatory server-to-server TLS that could be set up by anyone, with the only caveat being trust of ICANN and the registries who are, presumably, too big to fail.

Cheers,

Sabahattin

1
0
Anonymous Coward

Does it actually matter if it's 100% reliable or not?

Does it actually matter if it's 100% reliable or not?

The point is, by signing up with one of these providers, you're taking a stand, making a gesture, whatever.

It may well be a futile gesture, but it's relatively easy and relatively low cost.

It may even encourage similarly minded providers in other countries (AAISP and Zen, are you receiving me? Paresh ex Metronet ex DoD (no not that one), where are you when we need ewe? And the rest.).

The Man already knows what you're up to, so what's to lose?

6
0
Silver badge

You can easily do that yourself

It's just SSL on SMTP, if you set up your own mailserver it probably already does this by default. The real question is, why didn't they do that all along?

3
0
Anonymous Coward

Re: You can easily do that yourself

"SSL on SMTP ... You can easily do that yourself "

Some folk might be able to. A lot more won't (or won't want to).

"why didn't they do that all along?"

Dumb clients? (interpret that however you like)

0
0

Be realistic if you dont want the NSA to be able to view your mail you probably need to do the following :-

Not use SSL - US companies control most of the root CAs.

Not use US manufactured equipment and software - Think about that for a while, how many equipment manufacturers of chipsets and CPUs are there. How many BIOS chip designers are there world wide? How many server companies with no US links? Take it to the next step find an OS that's not made by a US company. Bar compiling linux from source I cant think of many. Then look at networks no cisco or juniper or any of the other US companies that manufacture(Huwaei so you can be snooped on by the Chinese instead).

Next consider encryption, I've no proof that the US can crack 256bit AES or triple DES quickly however the same department thats tasked with signals intelligence suggests to US companies publicly that they use AES-256 wouldn't you be a little bit suspicious? That doesnt count other parts of your encryption software is there problems with keys not being secure enough?

Ultimately I think it comes down to the most important thing though, do I think the NSA is bothering to read my comms? Nope, I'm just a normal bloke who lives in the UK. I've got no links to anyone interesting. Given that I am literally one of 5+ billion people if the relevant apparatus wasn't properly targeted it would be a monumental waste of time and resources.

1
4
Bronze badge
Holmes

Wouldn't you rather be spied on by the chinese? At least the Chinese government has no interest in sharing with your government, what political views you have and what protest you'd like to attend / organize etc.

0
0
Anonymous Coward

Re: Wouldn't you rather be spied on by the chinese?

Most of the governments/states under discussion here will simply do whatever they consider expedient - if the chinese state thought it could gain advantage in a trade involving data (eg) siphoned from Huwaei products it would do so. And in any case, who says that such data isn't going to be stolen and/or leak?

So no, I would not "rather be spied on" by the Chinese. I'd rather be spied on by nobody, seeing as that very little that I do should amuse and/or interest even the most bored spy or policeman.

0
0
Silver badge

It's unlikely to be secure

Unless the web server integrates with client side encryption such as an open sourced browser plugin using GPG (for example), it CANNOT be secure. You have to trust the server to encrypt your email and not peek at it, to use a secure form of transmission and a secure form of storage.

Basically none of these things are possible. While it's possible that hosting email in Germany makes it harder for US security to lay their mitts on it, it doesn't mean German security can't lay their mitts on it. And who knows, if you're suspected of being a paedo, or a terrorist or having links to either then Germany may well cooperate or share intelligence with the US any way.

The only way proper secure webmail will happen is if an aforementioned plugin appears and webmail supports it, or vastly better if Mozilla / Microsoft / Google / Apple et al knock their collective heads together and produce some secure extensions for HTML. For example, if there was a secure text area HTML element which was a black box to the web mail client it could encipher or decipher content without telling the webmail JS what that content was.

1
2

Re: It's unlikely to be secure

Or, perhaps, if HTML were upgraded a bit to support client-side key generation, enrolment and export in a sensible fashion, we might have S/MIME for the masses. That has to be a hell of a lot better than the nothing we have today; at least as good (bad) as the TLS sessions used on the web.

0
0
Silver badge

Re: It's unlikely to be secure

I think PGP would be better to be honest. The major problem with S/MIME which caused it to die a death is its very hard to create a key - production keys have to be signed by a CA and that usually costs money and *always* involves hassle since it expires and there is a rigmarole associated with obtaining or renewing one.

It would be largely academic which crypto was used if it was blackboxed though. When you composed an email the recipients list would be fed into the secure text area and how they were used to encrypt the message would be left to the implementation. Could be PGP, could be something else. As long as it was standard across all browsers.

As an aside I often wonder if the web would be secure by default if a PGP style web of trust had been used instead. i.e. a random website could roll a key, and instantly enjoy encrypted traffic. But if they wished they could have their keys signed by their suppliers, notaries, business associations, CAs etc to establish higher trust.

0
0
Anonymous Coward

Re: It's unlikely to be secure

As an aside I often wonder if the web would be secure by default if a PGP style web of trust had been used instead. i.e. a random website could roll a key, and instantly enjoy encrypted traffic. But if they wished they could have their keys signed by their suppliers, notaries, business associations, CAs etc to establish higher trust.

It would be better done lower down in the stack, dynamic session/encryption keys created between systems as part of the SYN-SYN-ACK handshake... except of course that wouldn't work for stateless connections....

What we need is a new stack, a new protocol, which dynmically exchanges keys on every connection, each connection/session using a unique key... it'd add overhead to communications processing though... oh and not controlled by Americans.

That would fix encryption in flight, then you need to address the storage protocols, so everything stored is encrypted when stored, with a key which is only ever held in volitile memory, entered by the user when they require data access. That still doesn't stop law enforcement (at least in the UK) where they can compel encryption key disclosure with the threat of jail time... There is no easy way to beat that.

0
0
Silver badge
Happy

Re: It's unlikely to be secure

> What we need is a new stack, a new protocol, which dynmically exchanges keys on every connection, each connection/session using a unique key.

Do you mean IPSEC?

1
0
Anonymous Coward

Re: It's unlikely to be secure

Do you mean IPSEC?

Yeah kind of, but as the standard operating mode of the stack...

0
0
Anonymous Coward

Deutsche Telekom launches 'NSA-busting' encrypted email service

... IN NAME ONLY! Give me a break .There's so much underlying interest in capturing our personal data from advertisers to spying agencies to governments. All in the interest of efficiency of course, and all with weasel clauses, double speak and outright lies.

Does anyone remember when George W stated he never used email or electronic means for decision note taking. What he as dumb as he looked or very astute? I for one am feeling a need to return to pen and paper for ultra-private matters and local business dealings where its possible.....

2
1

EU wide please

What we need is something spanning Europe. Surely theres a demand for this now, if not for personal use for the masses then there are a lot of companies out there interested.

I think at this point the current protocols used for communication are obviously insecure almost as if by design. Whomever comes up with a secure easy method for communication stands to make an awful lot of money. All the recent NSA press attention will hopefully spur someone and we may see something fit for 21st century use.

1
0
Bronze badge

Re: EU wide please

It's useless. The proposed German system would also turn over the unencrypted data to the authorities. This may mean the NSA would not snoop on you (or have to work harder at it, i.e. by asking the German government nicely), but our own "democratic" governments would still be able to do so...

I'll get my coat with the GPG man page printout now...

0
0
Anonymous Coward

This will be about

Germany protecting its commercial interests from NSA and GCHQ snooping. Can't say I blame them.

2
0
Gold badge

On the contrary...

"DT will have to obey each and every NSA request otherwise T-Mobile will find life very hard in the USA."

On the contrary, reportedly T-Mobile (due to being part-owned by Duetsche Telekom) and Verizon Wireless (part owned by Vodafone) were exempt from certain of the NSA's illegal spying programs that AT&T Wireless and Sprint gleefully participated in, because they (the NSA) figured DT and Vodafone would feel free to leak about these illegal programs (and indeed, under European privacy laws may have been compelled to reveal their knowledge of them). AT&T and Sprint on the other hand stayed mute.

3
0
Silver badge
Black Helicopters

Re: On the contrary...

Only now that the cat is out of the bag, the NSA may be less concerned about leaks of something that is already leaked!

(I'm not paranoid, just ahead of my time!)

0
0
Anonymous Coward

That should work

...for about a day before it's circumvented.

0
0
Silver badge

Encryption alone is not enough

No matter how effectively a message is encrypted, it can be intercepted and saved indefinitely in its encrypted form and then decoded at leisure. And with the computing power available to the three-letter agencies "at leisure" isn't very long at all in the scheme of things.

Better security would be achieved by breaking the encrypted file into pieces and routing each piece separately through a different random path each time, interspersed with rubbish pieces to further obfuscate the real ones. This way, no one system can capture the entire message and piece it back together. The internet is already set up to operate on this basic principle; all that's needed is software to ensure that no two packets go by the same route.

The weak point in this system would of course be the sender's and receiver's ISPs; of necessity, both ISPs would have every piece pass through them. A possible workaround would be an open network of interconnected wireless routers, linked between neighbouring homes and offices. This way, part of my message could go through my ISP, part through my neighbour's ISP, part through the guy down the road's ISP. The recipient could receive the message the same way. This way, even if all of us were on the same ISP (as in some areas where one big company has a monopoly), the ISP sees packets from multiple customers and has no way to tie any group of packets back together into a single file.

At present, this is conjecture, as in my area people aren't yet amenable to interconnecting their wireless routers, but I've heard of districts where this is being done already, and as governments and companies continue to encroach on our freedoms, I'm sure people will in time come to see the necessity of doing this.

0
0
Bronze badge

So.... Instead of the NSA, and or your GCHQ getting all the juicy info. It all simply just goes straight to the BND (i.e. the Bundesnachrichtendienst), then... Well that's ok then!!

1
0
Bronze badge

As we are not US citizens...

and have been told quite rightly we are not included in their constitution(for what that's worth these days), then at least by using European services we can.

1. Financial give a little poke in the eye to the US

2. At least have a legal framework of some description that we are covered by and some is better than none

1
1

Germany also gathers foreign intelligence via the BND (Bundesnachrichtendienst). Wouldn't surprise me remotely if they do domestic work as well.

0
0

Page:

This topic is closed for new posts.