https://techcrunch.com/2020/12/08/german-secure-email-provider-
tutanota-forced-to-monitor-an-account-after-regional-court-ruling/

Excerpt:
"German e2e encrypted email provider Tutanota has been ordered by a
regional court to develop a function that allows it to monitor an
individual account."

"A spokeswoman for Tutanota confirmed it has told the court it will
develop the function by the end of this year � whereas she suggested
its appeals process is likely to take �months� more to run its course.

�We are going to the higher court in parallel. We are already
preparing an appeal to the Bundesgerichtshof [Germany�s Federal Court
of Justice],� she added."
=======================
December 8, 2020

German e2e encrypted email provider Tutanota has been ordered by a
regional court to develop a function that allows it to monitor an
individual account.

The encrypted email service provider has been fighting a number of
such orders in its home country.

The ruling, which was reported in the German press late last month,
contradicts an earlier Hanover court finding that Tutanota, a
provider of web-based email, is not a telecommunications service.

The order by the Cologne court comes under a German law (known as
�TKG�) which requires telecommunications service providers to
disclose data to law enforcement/intelligence agencies if they
receive a lawful intercept request.

The Cologne court ruling also runs counter to a 2019 decision by
Europe�s top court, the CJEU, which found that another web-based
email service, Gmail, is not an �electronic communications service�
as defined in EU law � meaning it can�t be subject to common EU rules
for telcos.

Tutanota co-founder Matthias Pfau described the Cologne ruling as
�absurd� � and confirmed it�s appealing.

�The argumentation is as follows: Although we are no longer a
provider of telecommunications services, we would be involved in
providing telecommunications services and must therefore still enable
telecommunications and traffic data collection,� he told TechCrunch.

�From our point of view � and law German law experts agree with us �
this is absurd. Neither does the court state what telecommunications
service we are involved in nor do they name the actual provider of
the telecommunications service.

�The telecommunications service cannot be email, because we provide
it completely ourselves. And if we were to participate, we would have
to have a business relationship with the actual provider.�

Despite the absurdity of a regional court treating an email provider
as an ISP � in apparent contradiction of earlier CJEU guidance �
Tutanota is nonetheless required to comply with the order, and
develop a surveillance function for the specific inbox, while its
appeal continues.

A spokeswoman for Tutanota confirmed it has told the court it will
develop the function by the end of this year � whereas she suggested
its appeals process is likely to take �months� more to run its course.

�We are going to the higher court in parallel. We are already
preparing an appeal to the Bundesgerichtshof [Germany�s Federal Court
of Justice],� she added.

The Cologne court order is for a surveillance function to be
implemented on a single Tutanota account that had been used for an
extortion attempt. The Tutanota spokeswoman said the monitoring
function will only apply to future emails this account receives � it
will not affect emails previously received.

She added that the account in question appears to no longer be in use.

While after-the-fact monitoring seems unlikely to make any difference
to the specific (extortion) case, the suspicion is the court wants to
create a precedence � raising the hackles of security watchers who
are worried about the risk of digital service providers being
compelled to bake backdoors into their services in the region.

Last month a draft resolution of the Council of the European Union
triggered substantial concern that EU lawmakers are considering a ban
on e2e encryption as part of an anti-terrorism security push. However
the draft document discussed only �lawful and targeted access� �
while expressing support for �strong encryption�.

Returning to the Tutanote surveillance order, it can only be made to
apply to unencrypted emails linked to the specific account.

This is because the email service provider applies e2e encryption to
its own users� content � meaning it does not hold decryption keys so
is unable to decrypt the data � though it also allows users to
receive emails from email services that do not apply e2e encryption
(hence it can be compelled to provide that data in plain text).

However, if the EU were to legislate to compel e2e encryption service
providers to provide decrypted data in response to lawful intercept
requests, it would effectively outlaw the use of e2e encryption.

That�s the scenario of most concern � though no such law has yet been
proposed by any EU institutions. (And would very likely face fierce
opposition in the European parliament, as well as more broadly, from
academia, civil society, consumer protection, and privacy and digital
rights groups, among others.)

�According to the ruling of the Cologne Regional Court, we were
obliged to release unencrypted incoming and outgoing emails from one
mailbox. Emails that are encrypted end-to-end in Tutanota cannot be
decrypted by us, not even after the court order,� noted Pfau.

�Tutanota is one of the few mail providers that encrypts the entire
mailbox, also calendar and contacts. The encrypted data cannot be
decrypted by us, because only the user has the key to decrypt it.�

�This decision shows again why end-to-end encryption is so
important,� he added.

On Tue, 18 Jul 2023 21:13:11 +0200 (CEST), Nomen Nescio <nobody@dizum.com> wrote:
>decrypted

Bela Ferenc Dezso Blasko was born to Istvan & Paula de Vojnich-Blasko at
their house in Kirchengasse 6(21E54:05,45N41:02) Lugos, Magyar Kiralysag
Friday 20 October 1882 at 3:30 PM LMT(A/mem).