Encryption is the only thing that forces law enforcement to use warrants, without it it's just a wild wild west of privacy abuse. I do hope we see more services crop up, and new methods for people to encrypt email outside of specific services, maybe better plugins for Thunderbird or something, hell I'd easily pay for such a plugin if someone else can communicate back and forth with me through it and it is encrypted. Maybe even some sort of forward secrecy involved in the system.
It's not necessary for the Thunderbird team to do it, there are paid plugins for Thunderbird. I'd happily pay for a decent plugin if it is developed properly.
We generally accept that warrants are a reasonable solution when it comes to the state entering private property without permission for law enforcement purposes.
This also seems like a reasonable solution for encryption. The state here is not making or trying to make encryption illegal; and it is open about the fact that court authorisation is required to enforce a backdoor.
The reason that breaks down is that a backdoor to achieve this isn’t for that one case, it’s for everyone on the service (or easily made to be). It’s like getting permission to break every lock from a particular manufacturer, rather than permission to enter one particular home.
I know in this particular case they’ve said it’s for a singular mailbox. I’m curious how they achieve it.
This is the same as the TSA lock in newly made luggage. In order for Americans to have their luggage inspected, the Europeans have to have a backdoor into their luggage.
Fortunately in Europe you can add a layer of security on top of that by adding new locks.
I mean when you think about it in the grand scheme of things luggage isn't secure anyway, you can just cut through the fabric and other materials if you're so inclined to steal someones belongings from their luggage.
You can also just push a pen through the zipper to open it without leaving any evidence. Simply run both locked-together sliders back over the zipper to close it.
This sounds more like the analogy breaking down than illustrating a meaningful difference in scenarios. The police already /can/ break a lock from just about any manufacturer. They just break the door down and enter regardless of the phenomenal quality of the lock itself.
> We generally accept that warrants are a reasonable solution
"We" accept nothing. The state can't execute warrants to get at what's inside people's minds. Computers are extensions of people's minds and I expect them to be equally inviolable.
Also, even if it does have lawful access to the system, the state is not entitled to finding usable evidence.
> it is open about the fact that court authorisation is required to enforce a backdoor
There mere possibility of a court-mandated backdoor means the entire system is already compromised and it's impossible to trust it.
If you want your opinion to be taken seriously or be seen as credible, you should probably back it up of justify in some way, rather than just stating it as if it is a fact. The thing is, I agree with you but I understand that it is not the general opinion of most people. I think it is important to explain and justify the very significant shift in thinking about what is “the mind”.
> You misrepresented what I said by removing the conditional part of the sentence - that's a misquote.
That wasn't my intention. I just didn't want to reproduce the whole post in my reply.
> So then you should trust literally no software or hardware.
I give free software the benefit of the doubt. I don't trust hardware. It sucks that hardware costs billions to manufacture. Centralized resources are easily targeted by governments. Maybe someday we'll have 3D printing technology that makes it possible for hackers to create their own chips at home.
> Tutanota will Beschwerde gegen den Beschluss einlegen, diese hat jedoch keine aufschiebende Wirkung
Tutanota wants to appeal in court against this, but is forced to comply (right now).
> "Tutanota sieht sich nun gezwungen, bis Jahresende eine Funktion zu programmieren...dieses Postfach zu überwachen."
Tutanota sees no other possibility than to program a function (until the end of the year) that can monitor this inbox.
and that nothing else will change for the other users
> "Für die anderen Nutzer soll sich dadurch nichts ändern, ihre Mails sollen weiter standardmäßig verschlüsselt werden"
For other users nothing changes.
> "betrifft die Überwachungsmaßnahme nur die neu eingehenden unverschlüsselten E-Mails"
Only the new mails will be stored unencrypted. Already encrypted mails can't be unencrypted and it's only for this inbox.
> Für die anderen Nutzer soll sich dadurch nichts ändern, ihre Mails sollen weiter standardmäßig verschlüsselt werden. Gleichwohl sieht Tutanota eine einmalige Umgehung der Verschlüsselung als Datenschutz- und Sicherheitsrisiko für letztlich alle Kunden an.
For other users nothing changes. Tutanota sees through this "onetime" circumvention of the encryption a big risk in data protection and security for all other users.
And I agree. I won't feel good using a secure mail provider that promises to encrypt all my mails so that nobody else can read them, knowing they once had to implement a backdoor to circumvent exactly that.
It's not decrypting mails. Right now it looks like every incoming mail is encrypted with the public key of the recipient. What they need to do is more in the line of
def encrypt_mail(email):
if email.user=="badperson":
store(email)
else:
store(encrypt(email))
Rather stupid to be honest since it's not obvious how new mails could help the car salesman (don't know what zulieferer should be in english... supplier?) in any way shape or form. Or do they want to know if the blackmailer sends more blackmails? Don't know, don't care. I'm just always shocked how such verdicts come to be.
They will do what reddit did, keep "sensitive" additions to your system closed, and if you are not distributing it, you are not required to publish it. Just watch out for AGPL.
I mean if your code is open source, and you get an order to insert a backdoor of some kind, how can you put the backdoor in the open source code without violating a nondisclosure clause in the government’s order?
Law overrides contract, so if distributing those changes is prohibited, then not distributing those changes to code is not a violation of the open source licence, the relevant clauses of the licence contract can not be legally binding.
So you'd just [be required to] keep a non-open fork of that code even if the license (e.g. AGPL) would prohibit that.
I don't think a law requiring you to not distribute the changes overrides the license clauses terminating your license for not distributing them? It's not the license givers problem that you can't comply with the license, don't use it then?
Of course, not using that license and stopping the use of that code is also a completely valid (though costly) option.
If the licence giver believes that you're violating the contract, they are free to try and enforce that contact in court. A German court would almost certainly rule that the clause is unenforceable at least as it applies to that particular order-related modification (the licence requirements would still be valid for unrelated modifications). There is a nontrivial legal question whether that would imply that the requirement voids the licence as a whole or just the specific clause. Specific terms (e.g. AGPL clause 12) may suggest that it would void the whole licence, but I wouldn't be certain on how German courts would consider it given these specific circumstances; a German lawyer might have a good idea but I do not.
But in any case, contractual obligations are not an excuse for noncompliance with other legal requirements. If it does turn out that executing the order is incompatible with a particular license, then you must execute the order anyway and decide what's the best way to handle the consequences. Breaching a contract is a legally valid option as well, and in some cases that may even be the best option, if the expected liabilities/damages are less than the consequences of complying with it.
Tutanotas business is predicated on privacy, and on relying on open source. If the government requires them to disconnect from both, they are destroying the entire business. Imagine if they lost the right to use their foss systems because of this and the cost of starting a closed source replacement. Tutsnkta will already vanish overnight from every single privacy respecting app list. They could get sued for misrepresentation also. Shouldn’t the government at least be liable for compensating them for damages?
This is sever-side code, so you handle this email address the same way you handle other secrets, like your database password: put them in configuration instead of hardcoding them.
With end-to-end encryption, where encryption happens in an open source client, this conflict would be more interesting.
Unless you can prove your running copy is the same as the provided code (which is pretty hard for server software), you can always keep a private forked copy with the backdoor and run that
Not a lawyer and I am just speculating but in the US I believe it would likely result in the court compelling the maintainer of the libraries in question to comply with the original order, or issue new orders to compel the parties in question given the new information.
Forks are generally required to maintain the original licensing of the originating source. That would be like taking part of the Windows source code and "forking" it with the only change being the licensing. Just because you forked it and changed the license doesn't make it true.
Also: what would forking have to do with anything? If youre compelled to put a backdoor in code to be able to intercept messages from a particular person, a better argument would be to just say "lol idk how 2 do codez" as opposed to "lol im gonna fork, fuck off"
German native here. Your translation is mostly correct.
The court seems to have forced Tutanota to store new incoming non-encrypted emails in plaintext for a specific mailbox that was used to blackmail an automotive supplier.
But the article is not entirely clear on whether that is for that specific mailbox only. At one point, the article mentions that storing emails in plain text could be used on "specific mailboxes" (plural).
> Ein Urteil des Landgerichts Köln zwingt das hannoversche Unternehmen nun jedoch zum Einbau einer Funktion, mit der Ermittler einzelne Postfächer überwachen und Mails im Klartext lesen können.
IANAL, but if I am not mistaken, German law requires telecommunication providers (above a certain threshold) to provide law enforcement with a way to look into customer communication via the provider. Meaning here, they need to implement a way for law enforcement to look into any mailbox they can come up with a warrant for.
> So hatte im Sommer das Landgericht Hannover entschieden, dass Tutanota im rechtlichen Sinn keine „Telekommunikationsdienste“ erbringt oder daran mitwirkt – und deshalb auch nicht zur Telekommunikationsüberwachung verpflichtet werden kann
In the summer the Landgericht Hannover judged that Tutanota isn't a "Telekommunikationsdienste" (telecommunication providers) and they also don't take part in one. That is why Tutanota calls bullshit.
> Das Kölner Gericht sieht Tutanota dennoch als „Mitwirkenden“ bei der Erbringung von Telekommunikationsdiensten. Folglich müsse das Unternehmen die Überwachung ermöglichen.
Cologne now says the opposite and says they "take part" in providing telecommunication without clarification.
>The court seems to have forced Tutanota to store new incoming non-encrypted emails in plaintext
This makes sense as AFAIK Tutanota messages between users are encrypted on the client side, not the server side. I guess they could try to backdoor that too but I'd think someone would be able to sniff that in the network traffic?
You are missing the entire point of why this is a horrible thing to begin with! They have to develop new encryption circumvention technology for this one surveillance which weakens encryption for everyone using the encryption technology.
Its exactly like if you were to force the creator of PGP to build a backdoored version of PGP with the right windows signatures or something. You could just say, "it will only be for new emails for the specific mailbox, as the rest are already encrypted", but then you are missing the point entirely.
BTW germany is currently in the process of shoving a new law though the EU which will effectively destroy all encrypted services in europe (by means of forcing backdoors/secondary keys). Just for context.
My German is extremely rusty, but the whole dispute here seems to stem from the discussion wether or not the company has to comply with what we normally call 'lawfull-intercept' as part of telecom regulations. They contest the notion that they are a telecom provider.
It’s not so late here in Europe yet. At least not for hackers :) And there ought to be some German-speaking persons over the pond as well. We’ll see :)
I worked in the telecom industry, and knowing how much surveillance related regulations was there, I can't believe true e2e encryption is a thing on the internet.
I'm surprised how so many people in tech believe that a messaging application like WhatsApp is allowed to have real e2e encryption. It's impossible for regulators to ignore a platform with substantial traffic.
You are right, and yet I always asked myself if all the regulations ever made sense.
Those that really want to coordinate any kind of illicit activity, do they use Whatsapp thinking it is secure, or would they be smart enough to set up their own infrastructure? How many threats were stopped due to police/Three-Letter-Agencies being able to tap into the largest services vs going to the deep web and infiltrating/investigating the group "in person"?
In any case, my feeling is that all these regulations do is push privacy-conscious people into running their own infra. I was even on the point of running my own email, Matrix and even a SIP server at home, but then I realized that whoever I will be communicating with would not be doing the same so the whole thing is at best an exercise in my sysadmin skills.
(I used Google translate to some quotes might not be 100% correct)
> "We therefore had to start developing the monitoring function"
Ouch, pretty hard to recommend a service that has admitted to building tools for LE.
> This should not change anything for other users; their emails should continue to be encrypted by default. Nevertheless, Tutanota sees a one-time bypassing of encryption as a data protection and security risk for all customers.
> As Tutanota emphasized, the surveillance measure only affects newly incoming unencrypted e-mails. The company cannot decrypt already encrypted data or end-to-end encrypted e-mails in Tutanota.
It's a bit unclear here if it only means plaintext, incoming emails are effected while in transit or if all new plaintext emails are/could be saved without encryption.
True. Not much has really changed beyond more confirmation that anything plain text can be and will be fall into the hands of third party actor/government. Although certain jurisdictions at least in theory have barriers to this e.g Germany vs Switzerland.
Tutanota is a german email provider which encrypts incoming email after those were received.
The court ordered tutanota to provide incoming emails to a single email account to law enforcement. This is "lawful interception" as you know it, as "service-side encryption" is useless against lawful interception laws.
Clickbait verging on the fake news - they took piece of information completely out of the context and baked a "sensation". No, Tutanova does NOT install "backdoor" be it a court order or not. Government or else can only read contents of non-encrypted mails and only metadata of the encrypted mails, it has been so ever since and this is the way the email works.
Clarification in plain English here https://www.reddit.com/r/tutanota/comments/k3sfs5/in_englisc...
I'm just saying that Sweden, Norway and Finland together would make an awesome couple; given how they overcame legislative issues and how they modernized their countries against all odds (with all that happened after 1808).
From a political perspective they're quick to adapt to a changing landscape.
FWIW, Apple has backdoored iMessage's end-to-end encryption via iCloud Backup plaintext/key escrow, automatically on by default, so if people did quit or threaten to quit, it didn't actually stop or change anything.
Apparently Apple was going to fix this glaring hole in their cryptosystem, but Apple Legal killed it as a favor to the FBI.
Would there be some way of wording a contractual agreement with a company such that all of their customers contracts would irrevocably end if such a backdoor were installed. Tutanota should consider ceasing trading in response to this. Surely the court won’t force them to not just stop supplying email services to everyone.
A relevant machine-translated paragraph appears to indicate that they are only required to implement monitoring of a single mailbox:
> This is about a blackmail that had been sent to an automotive supplier from a Tutanota mailbox. Tutanota is now forced to program a function by the end of the year that allows the State Criminal Police Office of North Rhine-Westphalia to monitor this mailbox.
Lacking the ability to read this without translation, I cannot determine conclusively whether or not they're also required to preemptively retain plaintext emails for other mailboxes in order to support any future wiretapping requests.
There's a clear distinction between "We are mandated by the court to maintain plaintext for all accounts for all time" and "We are mandated by the court to have the capability to maintain plaintext for one account when ordered so by subpoena-or-equivalent". This is the latter.
Arguments can be had about the relevance of that distinction, but relevant or not, the distinction does exist. Thanks for clarifying!
(I'm not participating in the "Is this distinction relevant?" discussion today, sorry, just trying to understand what was passed. See other threads for pro/con arguments.)
It only affects new incoming mails as they cannot decrypt the old ones.
My understanding of the German wiretapping law is also that they can only record messages from the point of the wiretapping court order so no older messages can be accessed by it.
My understanding is that they are only required to monitor a single specific mailbox (for which a court order has been issued) - so no preemptive collection.
The following (machine-translated) paragraph clears that up:
This should not change anything for the other users, their mails should continue to be encrypted by default. Nevertheless, Tutanota considers a one-time circumvention of the encryption to be a data protection and security risk for all customers.
[Update, 30.11., 12 o'clock] As Tutanota emphasized, the monitoring measure only affects newly incoming unencrypted e-mails. Already encrypted data as well as end-to-end encrypted e-mails in Tutanota cannot be decrypted by the company. [Update]
The article says criminal police had a problem with an extortion email. If the victim is willing to collaborate what's the problem with getting the plaintext?
Anyway, I wonder how it's going to be implemented for the case where encryption is done on the client side with open-source tools (not sure if that's the case for Tutanota).
Realistically speaking, is there jurisdiction where this isn't a threat? Most governments allow for wiretaps (basically what this "backdoor" is) when there's a warrant, so I'm not sure what the alternative is. Not even self-hosting works because they can seize your server/ip/domain name and install a backdoor there.
If I read Tutanota's explanation of encryption correctly, messages sent between users are encrypted on the client side. While it would be obvious in network traffic if they sent back plain text to their server, it is possible to encrypt txt with multiple keys, ie their key as well as the intended recipient's. Would something like that be able to be detected on the client side, in particular for one user? I'm guessing yes but it would require verifying the js everytime you used their service, right? (asking)
I don’t know what people expected from a service like this hosted in Germany... Germany is a very bad place for personal freedoms when compared to most of the west
