Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.

 

Will it work? German email companies adopt new encryption to foil NSA

Published time: August 09, 2013 22:21
Edited time: August 11, 2013 10:54
A general view of the large former monitoring base of the U.S. intelligence organization National Security Agency (NSA) during break of dawn in Bad Aibling south of Munich (Reuters / Michael Dalder)

A general view of the large former monitoring base of the U.S. intelligence organization National Security Agency (NSA) during break of dawn in Bad Aibling south of Munich (Reuters / Michael Dalder)

Communications sent between Germany’s two leading email providers will now be encrypted to provide better security against potential NSA surveillance. Experts say the move will do little to thwart well-equipped snoopers.

The "E-mail made in Germany" project has been set up in the wake of US surveillance revelations made by NSA whistleblower Edward Snowden. National Security Agency documents show that the agency intercepts 500 million phone calls, texts, and emails in Germany each month.

"Germans are deeply unsettled by the latest reports on the potential interception of communication data," said Rene Obermann, head of Deutsche Telekom, the country’s largest email provider. “Now, they can bank on the fact that their personal data online is as secure as it possibly can be.”

Deutsche Telekom and United Internet, which operate about two-thirds of Germany’s primary email accounts, said that from now on they will use SSL (Secure Sockets Layer) – a modern, industry-standard form of encryption that scrambles signals as they are sent through cables, which is the point at which the NSA often intercepts communication. The companies will also employ exclusively German servers and internal cables when sending messages between each other.

AFP Photo / John Macdougall

Obermann told the media that no access to users’ email will now be possible without a warrant. However, experts claim the impact of the measure is likely to be mostly psychological and symbolic.

"This initiative helps to tackle the-day-to-day sniffing around on the communication lines but it still doesn't prevent governments from getting information," Stefan Frei, a research director at information security company NSS Labs, told Reuters.

As Snowden’s files revealed, the NSA specifically focuses on foreign servers - often with backing from the country that hosts them - when intercepting communication. The agency is also able to crack the SSL code, with and without help from the email operator. However, it is much harder to do so without an operator-issued “key."

It is notable that Google and other leading companies implicated as willing participants in the PRISM surveillance program also offer SSL encoding with their email service.

"Of course the NSA could still break in if they wanted to, but the mass encryption of emails would make it harder and more expensive for them to do so," said Sandro Gaycken, a professor of cyber security at Berlin's Free University.

Comments (17)

 

Altered States 12.08.2013 11:13

Maybe someone ought to tell al Qaeda to encrypt their conference calls. That's how this latest "Alert" from the NSA was found out. al Qaeda was planning a major..."someth ing", "somewhere" ;.

Imagine that. al Qaeda used a plain old "conference call" to linkup with their "associates&quo t; from around the world. Dummies! They should have used "stealth carrier pigeons"!

 

nagyelme 12.08.2013 06:31

"I can't understand the fuss about 'secure' e-mail services......The minimum thing you can use is send important stuff in a 7z archive with a strong password (AES-256).... If you are too lazy to learn the basics of data protection, you don't deserve the protection"

You don't understand many things. How do you propose to send the password to the other party? You are an arrogant techkie, people who don't know much about computers need these services and your condescending patronization of them is not helping to solve anything. FYI i am computer guy.

 

Kyle Rose 11.08.2013 16:28

Orbiter 11.08.2013 11:17

I can't understand the fuss about 'secure' e-mail services. Who needs such a service, if you have tools to do the encryption on the client side?

  


Yeah, so unfortunately, client-side encryption cannot do anything about the "metadata" : the SMTP envelope information or email headers. Without SSL, that information is in the clear and will be vacuumed up by the NSA.

View all comments (17)
Add comment

Authorization required for adding comments

Register or

Name

Password

Show password

Register

or Register

Request a new password

Send

or Register

To complete a registration check
your Email:

OK

or Register

A password has been sent to your email address

Edit profile

X

Name

New password

Retype new password

Current password

Save

Cancel

Follow us

Follow us