German Court Orders Tutanota to Add Backdoor for Law Enforcement
December 9, 2020
Full-Text Search in Encrypted Email: Some Context
Tutanota is one of the few email services, along with Protonmail, Posteo.de, and Mailbox.org, that encrypts incoming emails by default. This means emails are stored on their servers in encrypted form, and the provider cannot decrypt them, even if they want to.
However, a ruling by the Cologne Regional Court required Tutanota to implement “a function that allows individual mailboxes to be monitored and emails to be read in plain text.” This sets a troubling precedent for the European legal system.
Tutanota plans to appeal the decision, but the appeal does not suspend the court order, meaning the company must comply regardless of the ongoing legal process. “That’s why we had to start developing a monitoring function,” a company spokesperson told c’t magazine. If the appeal is successful, the function will be removed.
The Cologne court’s decision is a dangerous precedent for the European legal system and differs from other court rulings. For example, in the summer, the Hanover District Court ruled that Tutanota does not provide or participate in any “telecommunications services” in the legal sense and therefore cannot be required to monitor communications. The Hanover judges referred to the well-known Gmail decision by the European Court on June 13, 2019 (Case C-193/18), which stated that email services are not communication services. As a result, Google is not required to register a telecommunications identifier for Gmail or set up interception interfaces.
Nevertheless, the Cologne court labeled Tutanota as a “participant” in telecommunications services, a ruling the company considers absurd and intends to fight.
Tutanota’s Response and the Backdoor Requirement
Regardless, by December 31, 2020, Tutanota is required to develop a function that gives the State Criminal Police Office of North Rhine-Westphalia access to user mailboxes, including the specific user involved in the case that triggered this situation.
The case concerns a criminal investigation in which a suspect sent a threatening email to a car dealer using Tutanota’s secure email service.
Tutanota assures users that this incident will not affect other customers. Incoming emails will continue to be encrypted by default when they arrive on the server. However, the company believes that even a one-time bypass of encryption is a threat to data protection and the security of all clients.
Here is a diagram showing how emails are encrypted and stored on the server with end-to-end encryption (left) and without it (right):
Unlike PGP, Tutanota also encrypts some metadata, not just the email body.
The company emphasizes that the backdoor will only allow access to the content of new incoming unencrypted emails. It cannot decrypt previously encrypted data or other emails with end-to-end encryption in Tutanota. In simple terms, the “backdoor” works like this:
def encrypt_mail(email):
if email.user == "badperson":
store(email)
else:
store(encrypt(email))
Perhaps Tutanota now regrets not choosing a different jurisdiction. On the other hand, this story can be seen as a kind of publicity for a company doing everything it can to protect privacy. In one interview, they mentioned considering a move to another country (like Switzerland), but that is unlikely: “The legal situation and constitution in Germany are generally very good and protect people’s privacy. Public activism also helps us prevent or weaken problematic laws (like surveillance).”
The company regularly publishes a transparency report and a warrant canary for its service. A warrant canary is the only legal way to disclose information that is otherwise prohibited from being revealed.
Encryption as a Safeguard
Encryption is the only reason the police had to go through the courts in the first place. Some believe that, on open channels, law enforcement would use wiretapping more broadly without bothering to get permission. Only cryptography protects society from the arbitrary actions of law enforcement agencies.