Court orders encrypted email biz Tutanota to build a backdoor in user's mailbox, founder says 'this is absurd'

Plus: Yet another bod demands end-to-end encryption is broken

Tutanota has been served with a court order to backdoor its encrypted email service – a situation founder Matthias Pfau described to The Register as "absurd."

Our friends at Heise reported auf Deutsch that a court in Germany last month ordered Tutanota to help investigators monitor the contents of a user's encrypted mailbox. The site has until the end of the year to add functionality to perform this surveillance.

Such a peephole would destroy the unique selling point of Tutanota: it encrypts all data stored in people's mailboxes in such a way that it can't retrieve the contents beyond some metadata. It also allows people to wrap their outgoing and incoming messages in end-to-end encryption that, again, Tutanota can't break.

The site can, say, provide the cops access to new incoming non-encrypted emails for a particular inbox, though it can't hand over its encrypted contents. We imagine Tutanota could alter its code to capture a copy of the user's password during login so that someone else can unlock it later, though it's not clear if the court order goes this far. In any case, if the user never logs in again, the mailbox contents will remain enciphered, and the court order can't be fulfilled.

Emails that are encrypted end-to-end in Tutanota cannot be decrypted by us

Heise reported Tutanota is considering challenging the order. Pfau today told us he's not taking the matter lying down despite being legally compelled to act in accordance with the order.

"According to the ruling of the Cologne Regional Court, we were obliged to release unencrypted incoming and outgoing emails from one mailbox," Pfau told The Register. "Emails that are encrypted end-to-end in Tutanota cannot be decrypted by us."

Pfau also added that in June the Hannover Regional Court had struck down a lower district court's ruling that Tutanota was to be backdoored. While angry police workers reportedly threatened to attack Pfau, sending him menacing emails promising to abduct him from his home and throw him into "provisional detention" unless he obeyed their orders, the regional court dismissed the district court's ruling – leaving police powerless to follow through.

A silhouette walks through a keyhole leaking binary

Will there be no end to govt attempts to break encryption? Hand over your data or the kiddies get it, threaten Five Eyes spies


Tutanota's successful legal argument at the time was that it did not qualify as a "provider of telecommunications services" within EU law. Pfau explained to The Register how the German police were attempting to counter that: "Although we are no longer a provider of telecommunications services, [they say] we would be involved in providing telecommunications services and must therefore still enable telecommunications and traffic data collection."

He added: "From our point of view – and German law experts agree with us – this is absurd."

In September, not long after Pfau's personal battles with police, unidentified persons launched a series of DDoS attacks against Tutanota. Those attacks resulted in the email service going down for a while, prompting irritated users to moan until it came back up.

Backdoored encryption is a hot topic in the Western world, particularly the UK. Only this morning a little-known state agency called the Children's Commissioner published a report demanding end-to-end encryption be backdoored to keep children safe. The request illustrates the level of threat facing ordinary people wishing to stay secure online.

History has taught us that encryption backdoors do not work; inevitably, the backdoors (such as the one in the NSA's Clipper chip) are found by people who weren't supposed to know about them, or can be abused by those who do. That creates a far greater danger to internet security than whatever breaking end-to-end encryption solves. ®

Similar topics

Broader topics

Other stories you might like

  • Google sours on legacy G Suite freeloaders, demands fee or flee

    Free incarnation of online app package, which became Workplace, is going away

    Google has served eviction notices to its legacy G Suite squatters: the free service will no longer be available in four months and existing users can either pay for a Google Workspace subscription or export their data and take their not particularly valuable businesses elsewhere.

    "If you have the G Suite legacy free edition, you need to upgrade to a paid Google Workspace subscription to keep your services," the company said in a recently revised support document. "The G Suite legacy free edition will no longer be available starting May 1, 2022."

    Continue reading
  • SpaceX Starlink sat streaks now present in nearly a fifth of all astronomical images snapped by Caltech telescope

    Annoying, maybe – but totally ruining this science, maybe not

    SpaceX’s Starlink satellites appear in about a fifth of all images snapped by the Zwicky Transient Facility (ZTF), a camera attached to the Samuel Oschin Telescope in California, which is used by astronomers to study supernovae, gamma ray bursts, asteroids, and suchlike.

    A study led by Przemek Mróz, a former postdoctoral scholar at the California Institute of Technology (Caltech) and now a researcher at the University of Warsaw in Poland, analysed the current and future effects of Starlink satellites on the ZTF. The telescope and camera are housed at the Palomar Observatory, which is operated by Caltech.

    The team of astronomers found 5,301 streaks leftover from the moving satellites in images taken by the instrument between November 2019 and September 2021, according to their paper on the subject, published in the Astrophysical Journal Letters this week.

    Continue reading
  • AI tool finds hundreds of genes related to human motor neuron disease

    Breakthrough could lead to development of drugs to target illness

    A machine-learning algorithm has helped scientists find 690 human genes associated with a higher risk of developing motor neuron disease, according to research published in Cell this week.

    Neuronal cells in the central nervous system and brain break down and die in people with motor neuron disease, like amyotrophic lateral sclerosis (ALS) more commonly known as Lou Gehrig's disease, named after the baseball player who developed it. They lose control over their bodies, and as the disease progresses patients become completely paralyzed. There is currently no verified cure for ALS.

    Motor neuron disease typically affects people in old age and its causes are unknown. Johnathan Cooper-Knock, a clinical lecturer at the University of Sheffield in England and leader of Project MinE, an ambitious effort to perform whole genome sequencing of ALS, believes that understanding how genes affect cellular function could help scientists develop new drugs to treat the disease.

    Continue reading

Biting the hand that feeds IT © 1998–2022