summaryrefslogtreecommitdiff
path: root/updates/2013/sommermaerchen.en.md
blob: 662134026b5eeb1a8284cd15b053ff0e2bf52ffe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
title: “E-Mail Made in Germany”: A Summer’s Tale of Secure E-Mail
date: 2013-08-09 14:12:00 
updated: 2013-08-12 22:24:52 
author: 46halbe
tags: update, pressemitteilung, demail, ssl, gnupg, encryption

While the public debate about PRISM, Tempora and XKeyScore is continuing, webmail service providers seem to be finally waking up: Two of the largest e-mail providers in Germany have announced plans to enable encryption on all connections from 2014.

<!-- TEASER_END -->

According to the mail providers, they will use SSL/TLS encrypted
connections between their servers and their users in the future. It
remains unclear whether other providers – such as self-operated mail
servers – will also be able to use these encrypted connections.

The Chaos Computer Club (CCC) appreciates these companies’ intention to
encrypt their customers’ mail traffic in the future. However, what they
haven't said is why the underlying technology, available since the late
1990s, has not been previously enabled by default. A standard feature of
competitors’ services – enforced encryption for accessing an e-mail
account – is now being sold as a technological advance and an
innovation.

Advertising these changes under the label “E-Mail Made in Germany” \[1\]
seems like a desperate effort to bring the already failed project
"De-Mail" back into the spotlight. Indeed, these providers are claiming
that De-Mail would even improve upon the new practice “in features”.

The supposed improvement is in effect only a shameless game with the
users’ increasing problem awareness precipitated by the NSA scandal. It
is comical at best if providers are now selling a well-aged technology
as a groundbreaking innovation.

What users of these mail services are not being told is that encrypting
traffic between mail providers does not mean that the e-mails themselves
will also be stored encrypted. Rather, the NSA scandal has shown that
centralised services can not be regarded as trustworthy with regard to
access from intelligence agencies. Ultimately, the technologies employed
are not capable of preventing the installation of wiretapping
infrastructure within the system. The provider and intelligence agencies
still have complete access to the contents of e-mails and, consequently,
will be able to fully analyze them.

The CCC stands by its recommendation of end-to-end encryption using
GnuPG/PGP or S/MIME as a sensible instrument to prevent unauthorised
access to e-mail.

Instead of true security, the providers use cute little German flag
icons to mark supposedly secure mails, spreading feel-good message
reminiscent of the German “summer fairytale” of the football World Cup a
few years back. Let us hope that the subject of mail encryption will be
longer-lived.

**Links**:

\[1\] <https://www.e-mail-made-in-germany.de/>