Deutsche Telekom has said it will avoid routing customers’ email traffic through US hosted infrastructure and will step up email security in the wake of the NSA PRISM spying scandal.
At the launch of its ‘Email made in Germany’ program, CEO René Obermann said Deutsche Telekom and its partners would rollout SSL (Https) encrypted connections between users’ client devices and the operator’s email servers.
“Germans are deeply unsettled by the latest reports on the potential interception of communication data. Our initiative is designed to counteract this concern and make email communication throughout Germany more secure in general. Protection of the private sphere is a valuable commodity,” said Obermann.
The company claims the initiative offers secure communication for two-thirds of all email users in Germany and is open to other providers who commit to the standards set out by the initiative.
Recent developments create serious challenges for secure email, however. Since secure email providerLavabit shut up shop on Friday, another main provider of encrypted communications, Silent Circle, has pulled its email offering from commercial use.
The company will continue to offer secure phone, video, and text services because it can guarantee completely end-to-end security with all cryptography done on the client.
Email, however, is inherently insecure and Deutsche Telekom’s announcement may well breed a false sense of security. Email by its nature leaves a handy paper trail of metadata because of the protocols it uses and also suffers from security concerns on the client devices where security is potentially weakest as well as on the server where data is physically stored.
Jon Callas, CTO of Silent Circle, said that the company had not received any subpoenas and was acting pre-emptively. Lavabit on the other hand, which was supposedly used by whistleblower Edward Snowden, is understood to be fighting some information requests from the US.
“Silent Mail has…always been something of a quandary for us. Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves,” said Callas.
“Another secure email provider, Lavabit, shut down their system lest they “be complicit in crimes against the American people.” We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now…It is always better to be safe than sorry, and with your safety we decided that the worst decision is always no decision,” said Callas.
More secure email providers are expected to follow suit and the tide against hosting data on US infrastrcuture looks like it will continue to grow.