Encrypted email service 'Tutanota' has been forced by authorities to introduce email monitoring function

Tutanota, an email service that has been operating in Germany since 2011, keeps user privacy secure by end-to-end encryption of emails between users by default. However, German police officials are demanding the ability to monitor Tutanota's mailboxes, and a district court ruling has reportedly forced them to introduce an email monitoring feature.

Gericht zwingt Mailprovider Tutanota zu Überwachungsfunktion | heise online

Tutanota muss Überwachungsfunktion erneut einbauen --DER SPIEGEL

Encryption of data and communications is important for protecting user privacy, but it is annoying to law enforcement agencies conducting criminal investigations. Law enforcement agencies have repeatedly asked to encrypt communications and unlock devices, as the suspect's communications and data may be encrypted and important evidence may not be available.

In the investigation of the San Bernardino shooting incident that occurred in December 2015, investigative authorities who want to investigate the contents of the iPhone used by the criminal requested Apple to unlock the terminal. In response, Apple rejected the request, claiming that 'cancellation without legal grounds would infringe on the privacy of users,' and finally reported that the FBI invested about 100 million yen and succeeded in canceling. Has been done.

Apple rejects government request to 'make a backdoor that can circumvent iPhone encryption' --GIGAZINE

by Erickson Alves

Law enforcement agencies and tech companies are enthusiastically discussing not only device locks, but also the obligation to decrypt communications. In 2015, Apple CEO Tim Cook accused it of being dangerous to have a backdoor following a bill in the United Kingdom that would require service providers to have access to decryption. did.

The dangers of the UK anti-encryption bill that Apple opposes-GIGAZINE

by Marco Paköeningrat

In December 2018, a bill called the ' Anti-Encryption Law ' was passed in Australia, requiring IT companies to provide access to encrypted communications at the request of the government.

Microsoft President warns Australia's anti-encryption law that 'companies can no longer store data securely'-GIGAZINE

by Web Summit

In addition, in the United States, in June 2020, a bill was submitted that obliged law enforcement agencies to 'help law enforcement agencies to decrypt encrypted data,' and governments seeking access to encrypted communications in each country. The demand is increasing. Meanwhile, tech companies are resisting creating substantive backdoors for the government, Apple said: 'Backdoors make all devices vulnerable, national security, and our customers. It can threaten data security. There is no'backdoor just for justice'. '

A bill is submitted to force companies to 'decrypt' --GIGAZINE

Meanwhile, Tutanota, which provides end-to-end encrypted e-mail services, is also required by law enforcement agencies to introduce a function that can monitor the contents of e-mails. With end-to-end encryption, only the user has the key to decrypt, so neither the Internet service provider nor Tutanota, the service administrator, can see the contents of the email.

However, based on a ruling in the District Court of Itzeho in June 2019, Tutanota has implemented the ability to monitor email content when there is a valid court order. Then, in the same month the European Court of Justice has ruled, 'the e-mail services such as Gmail is not a telecommunications service defined under EU law, the same can not be regulated in a way,' was the judgment in response to, Tutanota has removed the monitoring function.

However, a district court in Cologne in August 2020 ruled that Tutanota is a 'contributor' of telecommunications services and must comply with the decryption required by law enforcement agencies. A Tutanota spokeswoman has accused the ruling of being 'ridiculous' because it didn't explain what the telecommunications service Tutanota would contribute to.

Tutanota seems to be working on implementing the monitoring function by the end of December 2020 in response to this ruling, but it is also preparing to appeal to the German Supreme Court at the same time. Ulf Buermeyer, a former judge in the Berlin District Court, also accused the ruling of being unconvincing and said it was doubtful that it would be valid under EU law.

in Web Service,   Security, Posted by log1h_ik