[HN Gopher] Court rules encrypted email provider Tutanota must m...
___________________________________________________________________
Court rules encrypted email provider Tutanota must monitor messages
Author : Sami_Lehtinen
Score : 117 points
Date : 2021-05-27 14:41 UTC (8 hours ago)
(HTM) web link (www.cyberscoop.com)
(TXT) w3m dump (www.cyberscoop.com)
| Zak wrote:
| > _The decision will only impact unencrypted incoming and
| outgoing emails_
|
| Given the sorts of proposals that have been made to effectively
| ban end-to-end encryption, the part where it only affects
| unencrypted messages (and possibly the ciphertext of encrypted
| emails) is the critical point. The court ruling requires the
| email provider to intercept emails they already had the technical
| ability to intercept, for specific accounts that have been
| connected to a specific crime by evidence.
| fitblipper wrote:
| A quote that stood out to me:
|
| > The decision comes as nations around the world have sought to
| weaken encryption to benefit law enforcement investigations.
|
| When news articles talk about "an attack on encryption" it should
| be read as "an attack on companies being able to effectively
| employ encryption". While the NSA/CIA can and have put in
| backdoors and breaking changes into encryption standards, when
| leaders talk about how encryption hinders law enforcement they
| are trying to groom us for legislation (or executive pressure)
| which restricts businesses protecting their users and their data.
|
| The FBI has applied pressure on Apple to not provide e2e
| encryption for icloud backups
| (https://www.theverge.com/2020/1/21/21075033/apple-icloud-end...)
| and I have no doubt other big companies have passed on stronger
| protection in the name of complying with government pressure.
| retube wrote:
| Here is a very interesting perspective from a guy called
| Andersen Cheng who developed an encrypted messaging app -
| before removing it from the public domain given its adoption by
| Islamic State:
|
| https://www.ft.com/content/00e6b9d5-a9a2-488d-821f-de6813ca4...
|
| His proposal is for "threshold cryptography" as a trade off
| between privacy and allowing law enforcement to do their thing
| when necessary: to break a message would require agreement /
| input from multiple parties, including the courts. I think
| potentially a good compromise.
| MikeUt wrote:
| > allowing law enforcement to do their thing when necessary
|
| "their thing" being pointing a telescopic lens at a suspect
| as they enter their password, or planting a hardware
| keylogger when they leave their computer unattended?
|
| Or is "their thing" more like mass surveillance of everyone?
|
| Does Cheng feel car manufacturers have a responsibility to
| plant microphones in their vehicles, with "threshold
| encryption" keeping conversations in that car secret? What
| about construction companies? Law enforcement has no way to
| retroactively get a record of all conversations that took
| place in a room, even with a valid warrant. Does that make
| rooms beyond the reach of law enforcement?
|
| What other everyday tools we consider "ours" should be
| required to betray us if whatever threshold he proposes is
| reached? And only the good governments will be able to reach
| these thresholds, right? If you look back through history,
| the risk of one's own government turning against them is so
| low, we should have no qualms about surrounding ourselves
| with tools ready to turn on us, should the state ask them to?
| gruez wrote:
| >His proposal is for "threshold cryptography" as a trade off
| between privacy and allowing law enforcement to do their
| thing when necessary: to break a message would require
| agreement / input from multiple parties, including the courts
|
| Isn't this just key escrow by another name?
| mtgx wrote:
| Would each "court" have their individual private key? Would
| that key only work for cases happening in that area?
|
| Otherwise, once there is a key (or let's say 5) that work
| across all cases, those will be stolen and abused.
| SamBam wrote:
| I can't read the article, but naively to me this sounds like
| it requires the app-owner to be able to access the messages
| when requested, and so whatever thresholds they say they're
| adhering to (courts, etc), as an end-user I can't know if
| they might change their minds at some point and read all my
| messages.
| 3np wrote:
| While what you're saying is how it may play out in practice
| (which is, I argue, the case for any closed-source client),
| it's not necessary when using threshold encryption; you can
| construct an encrypted message such that K out of N keys
| can be combined to decrypt the ciphertext.
|
| If those public keys are on the client, it does not require
| the message to be sent to a trusted server.
|
| mtgx's comment points to some practical implementation and
| logistics issues, though. Never mind how one would handle
| key revokations...
|
| ---
|
| In case of the main article, though, that's irrelevant, as
| an e-mail provider necessarily has access to each
| unencrypted e-mail as they deliver them to and from the
| user. I can see it being the least bad way to log messages
| (if they would need to do so). Rather than logging in
| cleartext, or encrypting with a single key, it could be a
| threshold encryption where, say, more than one entity
| inside law enforcement/high court/etc are required in order
| to decrypt intercepted traffic.
|
| I think our learned instinct has become to say "yeah, would
| be nice but good luck making anyone implement that"... But
| why not?
| marcus_holmes wrote:
| That looks interesting, but needs an FT subscription to read
| which makes it rather pointless.
| webmobdev wrote:
| A democracy, while not an ideal system of governance, is based
| on negotiations and compromises between various stakeholders. A
| written or unwritten constitution tries its best to spell out
| the compromises that was negotiated between all the party and
| leaves the grey area to a neutral court.
|
| For a democratic system to function efficiently trust is
| essential. Citizens need to trust that a democratic government
| will not over reach beyond their stated power, and governments
| in power need to respect that citizen voters are not
| manipulable fools. And both needs to believe that the other can
| be held accountable, if necessary.
|
| Without going into much detail, I believe that a decent
| compromise that can be reached on this issue is for the
| citizens to demand extremely strong privacy regulations and
| stringent wiretapping laws if the government wants us to forego
| encryption.
| idiotsecant wrote:
| Laws are only valid for the length of the public's attention
| span. There are countless examples of citizen-friendly laws
| that were slowly chipped away until they were irrelevant.
|
| I'd rather not have to trust my government at all. I'm not
| sure that I buy the premise that trust is necessary- quite
| the opposite in fact. I think _accountability_ is necessary.
| Any system that requires trust or goodwill is doomed to
| failure.
| toomuchtodo wrote:
| Is there anything stopping the German government from seizing
| their domain and pointing the MX records at a government
| controlled mail server if Tutanota doesn't comply?
| Archelaos wrote:
| As you mentioned the German _government_ in particular: From a
| legal point of view it its a local public prosecutor who orders
| such operations. However, the prosecutor is not independant
| like a judge, but bound by directives of his superiors. This
| chain runs back to the minister of justice. So theoretically
| the German government may order a monitoring measure, but in
| practice I think in nearly all cases it would be a subordinate
| authority.
|
| As a side note: there has been complaints recently from the
| European Court of Justice that criticised that the German
| prosecutors are not independant enough for European standards.
| A reform is being discussed in German political circles, but
| nothing specific is to be expected before this years general
| election in September.
| a1369209993 wrote:
| > As you mentioned the German _government_ in particular
| [note emphasis]
|
| > its a local public prosecutor who orders such operations.
|
| Unless Germany uses "public" in wierd way[0][1] the public
| prosecutor is _part of_ the government. (It 's debatable
| whether they count as part the _national_ goverment, versus
| just the local /city/whereever government, but the emphasis
| on "German _government_ " rather than " _German_ government "
| suggests that's not what you meant.)
|
| 0: eg British "public schools", which IIUC are actually the
| subset of _private_ schools that aren 't limited to a
| specific profession/religion/other demographic
|
| 1: In which case maybe I'm just one of today's lucky
| 10'000[2] who gets to learn interesting facts about the
| German court system.
|
| 2: https://www.explainxkcd.com/wiki/index.php/1053
| Retric wrote:
| They would presumably also need the correct cryptographic
| signature.
| AstralStorm wrote:
| The DKIM key can be seized and misused in this way easily, or
| a new valid one can be issued and most of email software will
| not flag it.
| AstralStorm wrote:
| Depends on the registrar used for the domain. Global registrars
| are not particularly obliged to comply with German law,
| especially when it is not a case of abuse.
|
| However, if the DNS server is located in Germany, they can
| force that instead.
| toomuchtodo wrote:
| I assume they could also announce the address space of the
| mail server with anycast, depending on the current owner and
| the IP block size (smaller block, less collateral damage by
| doing so) of commandeering DNS is overly burdensome or
| exceeds their reach legally.
| AstralStorm wrote:
| That would run afoul of DKIM and DNSSEC unless they seize
| the signing key too.
|
| Replacing the latter is particularly hard as DNSSEC
| operates a separate single trust anchor and is not as easy
| to circumvent silently as say x.509.
| toomuchtodo wrote:
| Right, it's all dependent on how rigorous sending MXs are
| validating the receiving MX cryptographically and if the
| gov can obtain keying material (or rekey). The MITM part
| is fairly trivial for a competent nation state.
| AstralStorm wrote:
| Even obtaining valid DNSSEC and x.509 is easy, as DE
| government has its own trusted key subroot.
|
| It is a strong case for using key pinning on all levels,
| from routing protocols through DNS all the way to email
| signatures.
| gruez wrote:
| It's possible, but it would have to be a pretty important
| target because if it gets discovered, the root would get
| revoked and can't be used for such purposes again.
| [deleted]
| lightdot wrote:
| Can't answer you direct question. But if messages sent are end-
| to-end encrypted, it would make no difference.
|
| There is nothing anyone can do to decrypt the content, even if
| given access to mail servers.
| aborsy wrote:
| Metadata contains a lot of information in case of email.
|
| Also, a lot of emails are from non-Tutanota providers to
| Tutanota. These emails are encrypted upon arrival with users'
| keys, but they could be handed over to law enforcement before
| encryption.
| upofadown wrote:
| In this case they are asking for unencrypted content as well as
| metadata. These days most email is TLS encrypted on the wire so
| you require cooperation with the email server owner to get the
| metadata of encrypted messages. So email is not much different
| than other stuff when it comes to metadata.
| tantalor wrote:
| > email provider Tutanota
|
| > does not consider itself a telecommunications service
|
| Is there any point in reading further?
| hundchenkatze wrote:
| Yes? I'm not sure what point you're trying to make. Can you
| elaborate?
| usr1106 wrote:
| I guess the point is that as a telecommunication provider they
| are legally obliged to provide an interface for lawful
| interception (only to be used based on court order).
|
| If they are not a telecommunications provider there is no law
| obliging them to do anything.
|
| So it's all about legal definitions...
| salawat wrote:
| The slippery slope there is once you apply a duck-typing test
| in a legal context, a corier or a third-party becomes a
| telecommunications service.
|
| I'm sorry, I don't buy that the government should be
| recognized as having an absolute right to interpose itself in
| the middle of any two party conversation. _Not even by
| warrant_.
|
| Justice systems are not, nor should be all-powerful, and
| that's the direction I see pop up more and more often to the
| point I'm becoming seriously concerned that rhetoric is
| sliding in a direction where liberty and freedom is
| sacrificed on the altar 9f public safety.
|
| There is no point being free in a world where you are
| constantly micromanaged in the interests of maintaining the
| stability of the state and public, especially when those
| driving that edifice almost inevitably end up not aligning
| with the public they putatively serve, and consider anything
| less than half of the population an acceptable sacrifice to
| the whims of a slim majority.
| Tutanota wrote:
| Hi there, Tutanota team here. We came across the discussion and
| wanted to say that we're available for any questions. The
| decision only affects not encrypted emails, the end-to-end
| encryption of Tutanota is not affected. To the contrary, the
| ruling - even though we hoped for a different outcome - again
| shows why end-to-end encryption is necessary.
|
| This ruling is a follow-up of a previous court order from 2020.
| We have posted a more detailed comment here:
| https://np.reddit.com/r/tutanota/comments/k3sfs5/in_englisch...
| qot wrote:
| Could you just ban the two accounts? That way you don't have to
| monitor them. I'm sure you could come up with a plausible terms
| of service reason.
| fsflover wrote:
| But what about the metadata?
| Tutanota wrote:
| If you send end-to-end encrypted data, body, subject line &
| attachments are encrypted. Email addresses (metadata) can't
| be encrypted due to the way the email system is set up
| (interoperability).
| cjg wrote:
| This is what BitMessage tried to solve, but it looks a bit
| unloved right now.
| juskrey wrote:
| BitMessage was probably the most important experiment in
| all that blockchain insanity. Among other things, it
| showed that there are limits for maximum entropy for
| messaging. E.g. everyone should receive every message to
| plausibly deny communication, but we have a clear and
| very short horizon for that amount of data. Hence should
| expire messages quickly, which does not work in many if
| not most real world situations.
| KirillPanov wrote:
| I don't think bitmessage languished due to any inherent
| technical obstacle, did it?
|
| It simply didn't attract a lot of interest because most
| people figured that PGP-encrypted messages sent from
| throwaway webmail accounts was good enough.
|
| Also the bitmessage software was really horrifically low-
| quality python, and the project seemed to take the
| bitcoin attitude that "the first implementation is the
| spec, multiple implementations equals bad" which was a
| turn-off. I had a really really hard time putting my
| faith in that codebase.
|
| I think the idea behind bitmessage will resurface in a
| cleaner form if a compelling use ever arises. Enough
| smart people heard about bitmessage that the idea is now
| "out there" permanently.
|
| If it ever does, I think a neat twist would be changing
| the Proof of Work (used to limit spam) into Proof of
| Storage like Chia uses, except that the storage "plots"
| are the active set of circulating bitmessages (which are
| encrypted and therefore have no exploitable structure,
| just like the hash chains in Chia plots) plus a smaller
| indexing structure. Two birds, one stone. This is not
| straightforward, but I believe it is possible.
| grouphugs wrote:
| the people in this supporting police are fucking idiots, and i
| can show you why. i can have all of these people implicated in
| crimes they've never been a part of with 1 25% chance of having
| them incarcerated. good luck
| dandanua wrote:
| Can someone explain how private emails are used in prosecutions?
| If it's a blackmail or intimidation then a victim can supply all
| the necessary evidence. If it's an illegal trade then there
| should be traces in the real world.
|
| In what situations private emails of criminals are absolutely
| necessary? The only thing I can imagine is an exchange between
| two criminals of classified information for virtual currency.
| grouphugs wrote:
| the people supporting police in this thread are fucking idiots,
| and i can show you all why. i can have all of these people
| implicated in serious crimes with a 25% chance of incarceration,
| and a 100% chance at a lot of mental health side effects and
| monetary side effects. atm i believe that's a good idea and it's
| worth testing out. if they want police, they're gonna get them
| right at that there. best of luck everyone, enjoy the games
| foobarbazetc wrote:
| * of specific accounts by legal order.
|
| Eh.
| CommieBobDole wrote:
| And only unencrypted emails, because they don't have access to
| the encrypted ones.
|
| So the takeaway here is "If you're going to do something that
| law enforcement is likely to get a court order to monitor,
| don't sign up for an end-to-end encrypted email service and
| then send plaintext emails over it."
| marcus_holmes wrote:
| I keep wondering where this ends up.
|
| I don't think, as a society, we can preserve complete privacy
| of communication and also have a justice system that is seen
| to be just. If the bad people can trivially conceal all their
| communication, and yet we require evidence of wrongdoing in
| order to convict someone of a crime, how do we balance that?
|
| Things like establishing intent (for murder vs manslaughter)
| have hinged on what the accused said prior to the act.
|
| For white-collar crime, proving collusion has hinged on
| communication evidence.
|
| If all the documents that prove fraud are stored encrypted
| with no way of getting to them, how do we prove fraud?
|
| If we can't procure the evidence, how do we convict bad
| people of the bad things they've done?
|
| Do we just prosecute the stupid people and allow anyone with
| an ounce of technical knowledge to do whatever they like?
| upofadown wrote:
| >...we require evidence of wrongdoing in order to convict
| someone of a crime...
|
| Most evidence is not communications. Most crimes have a
| victim that can testify.
|
| Otherwise, how did we ever prosecute crimes in a world were
| people just talked to one another in private?
| marcus_holmes wrote:
| > Most evidence is not communications. Most crimes have a
| victim that can testify.
|
| Yes, there is usually evidence that is not electronic.
| But removing the electronic evidence makes it harder to
| secure a conviction.
|
| In many cases, the victim's testimony is not enough. If
| it comes down to the victim's word against the accused's,
| then we come down on the side of the accused in these
| cases, because any doubt at all is enough not to convict.
| To change this we would need to change our entire legal
| system.
|
| > Otherwise, how did we ever prosecute crimes in a world
| were people just talked to one another in private?
|
| Communication is not just conversation. Letters and
| documents are also communication, and leave a paper trail
| that could be followed. Now, not so much. If all
| documents are e2e encrypted, we have a problem proving
| any crime that doesn't leave physical evidence.
| upofadown wrote:
| >Letters and documents are also communication, and leave
| a paper trail that could be followed.
|
| Certainly, which is why those up to no good would make a
| point of not creating such a paper trail. If they had to
| communicate over an insecure medium they would use codes.
| It seems unreasonable to insist that everyone give up
| their normal privacy just on the hope that a criminal
| might fail to obscure their meaning on what everyone will
| know to be an insecure medium.
| regnull wrote:
| Shameless plug time! I'm working on 100% encrypted/authenticated
| email based on Self-Sovereign Identity and decentralized key
| registry, check it out at https://github.com/regnull/ubikom
| doggodaddo78 wrote:
| Always use E2EE if you're worried. Then, the major things a govt
| would get from a warrant would be the metadata and the to/from.
|
| How can an email provider be _required_ to spend time and money
| to spy on all of its users for a government without a specific
| warrant?
|
| Edit: No Clipper chips. Not this again. No way.
| https://en.wikipedia.org/wiki/Clipper_chip
| Aerroon wrote:
| Worse things have been done before though:
| https://en.wikipedia.org/wiki/Data_Retention_Directive
|
| ISPs were required to save logs of their users' traffic in the
| EU. Eventually this got squashed by the courts, but that took
| years.
| Dah00n wrote:
| I must admit I don't see the problem since this isn't "give us
| unencrypted mails from your encrypted service" but actually "give
| us unencrypt mails from your unencrypted service". This is not
| any different than any other case of "hand over the data". The
| court specifically only ask for _unencrypted mails_. Of course
| one can argue for and against this access by law-enforcement but
| this is a clickbait headline that sounds as if they have to
| monitor and hand over encrypted mails unencrypted.
|
| > _The decision will only impact unencrypted incoming and
| outgoing emails, as Tutanota can't decrypt data that has already
| been encrypted, Tutanota added. It also said this should serve as
| a warning that for customers interested in maintaining their
| privacy, encryption is paramount._
| jrochkind1 wrote:
| So what makes it different than _some_ "hand over the data", is
| they are requiring the service to log things they aren't
| logging at all now, rather than to hand over logs. How
| significant this difference is, you can argue, but that's the
| difference I think.
| swiley wrote:
| >they are requiring the service to log things they aren't
| logging at all now
|
| That actually is a big deal, last I checked (in the US
| anyway) you're not really required to log much (if anything)
| as long as you can keep illegal content/abuse off your
| service.
| jrochkind1 wrote:
| I _think_ there are laws /regulations in the USA that
| require telecommunications providers or some term like that
| to do some logging too. I have a vague memory of being
| disapointed when they were passed, but can't recall what
| sorts of enterprises counted for them. But now I'm not
| succeeding in googling on it so could be wrong.
| d4mi3n wrote:
| This depends a lot on context. For example, if you operate
| as a lender in the US finance industry, you're legally
| obligated to do things like:
|
| 1. Do KYC (Know Your Customer) checks to verify somebody's
| identity
|
| 2. Cross references customers to blacklists provided by the
| federal government (anti-money laundering laws, political
| sanctions, known fraudsters)
|
| 3. Maintain records of who you lent money to, when, for how
| much, and what the declared use of funds was
|
| Etc, etc. There are a lot of reasons in a lot of industries
| where you're required to keep records of things.
___________________________________________________________________
(page generated 2021-05-27 23:02 UTC)