Tutanota has been served with a court order to build a backdoor into its encrypted email service – though founder Matthias Pfau told The Register that this is “absurd” and can’t be done by his company.
German IT news website Heise reported (in German) that a local court in Germany had ordered Tutanota to help investigators monitor the unencrypted contents of one user’s mailbox.
Such a backdoor would destroy the unique selling point of Tutanota, however, and founder Pfau is not taking it lying down – despite being legally compelled to act in accordance with the order.
“According to the ruling of the Cologne Regional Court, we were obliged to release unencrypted incoming and outgoing emails from one mailbox. Emails that are encrypted end-to-end in Tutanota cannot be decrypted by us,” Pfau told The Register.
Pfau also added that in June the Hannover Regional Court had struck down (auf Deutsch) a lower district court’s ruling that Tutanota was to be backdoored. While angry police workers reportedly threatened to attack Pfau, sending him menacing emails promising to abduct him from his home and throw him into “provisional detention” unless he obeyed their orders, the regional court dismissed the district court’s ruling – leaving police powerless to follow through.
Will there be no end to govt attempts to break encryption? Hand over your data or the kiddies get it, threaten Five Eyes spies
Tutanota’s successful legal argument at the time was that it did not qualify as a “provider of telecommunications services” within EU law. Pfau explained to The Register how the German police were attempting to counter that: “Although we are no longer a provider of telecommunications services, [they say] we would be involved in providing telecommunications services and must therefore still enable telecommunications and traffic data collection.”
He added: “From our point of view – and German law experts agree with us – this is absurd.”
In September, not long after Pfau’s personal battles with police, unidentified persons launched a series of DDoS attacks against Tutanota. Those attacks resulted in the email service going down for a while, prompting irritated users to moan until it came back up.
Backdoored encryption is a hot topic in the Western world, particularly the UK. Only this morning a little-known state agency called the Children’s Commissioner published a report demanding end-to-end encryption be backdoored to keep children safe. The request illustrates the level of threat facing ordinary people wishing to stay secure online.
History has taught us that encryption backdoors do not work; inevitably, the backdoors (such as the one in the NSA’s Clipper chip) are found by people who weren’t supposed to know about them. That creates a far greater danger to internet security than whatever breaking end-to-end encryption solves. ®