I’ve tried to choose a neutral title for this post, but I am afraid that the title of the talk Linus Neumann recently gave to the CCC gives everything away: Bullshit made in Germany (YT).
In his wonderful talk, Neumann (of the popular podcast Logbuch:Netzpolitik) sharply criticises the principles De-mail is built upon and the government agencies and companies involved in the process. As the Deutsche Post is now contemplating to become a certified De-mail provider, it looks like the De-mail is gaining traction, if not among customers, at least among the German government and potential providers.
To find out why that is a bad thing, watch Neumann’s talk or read the brief summary below.
Key problems with De-mail
No end-to-end encryption
The creation of De-mail was a unique chance to make a beautiful system with end-to-end encryption the default by giving every citizen a unique certificate. This would have effectively increased the share of communication that would have not been accessible by the government – which is why it wasn’t implemented. The responsible parties flaunt the implemented transport encryption as a great security advantage – but that should be standard for any communication channels.
To grant the De-mail the same legal validity as a signed letter, new laws were introduced. These both lower the privacy standard (as end-to-end encryption is not necessary anymore) and make each De-mail legally equivalent to signed documents.
The legal ramifications are troubling – after a one-time proof of identity all De-mails are electronically signed by the provider, and this signature is supposed to certify the origin.
Perfect for surveillance
Since De-mails are locally decrypted, ostensibly to scan them for viruses, they are a wet dream for the government agencies that might want to monitor communication: the De-mail system is limited to a few providers, is by definition (and by making it expensive) only used for sensitive communication, does not have any spam and gives the users the illusion of secrecy while being readily accessible for surveillance.
Dubious involved companies
As a contractor of several involved companies and the German government, Bearingpoint has been a part of development of the De-mail and the E-Postbrief. Coincidentally, it has also worked on the and TKÜ (=wiretapping) for the BKA.
CSC is known for being a contractor of the NSA, but has also been involved in the ePass (the electronic passport) system and the De-mail. What else have they done for the German government? The code review for the so-called Bundestrojaner, a spyware that has been used by the BKA.
Incompatible with the rest of the world
The De-mail system is intentionally limited to Germany. We agree with Neumann, that this is a severe limitation for any communication channel, and will cripple this system indefinitely.
All of this lead to only one possible conclusion: De-mail was developed to boost the Germany economy and maintain a surveillance option. As Neumann succinctly states:
No government is stupid enough to provide their citizens with a bug-proof communication system.
A spread of the De-mail would pacify worried companies and individuals and give them the illusion of privacy.
Addendum: E-Mail made in Germany
This campaign pure marketing. The newly implemented transport encryption is decades old and used by most other email providers, and it is quite scandalous that it has not been the standard so far. In addition, the transport encryption is not implemented at all in some instances: in his talk Neumann shows that he can access his emails on Telekom and GMX servers without any encryption.