Will it work? German email companies adopt new encryption to foil NSA
Communications sent between Germany’s two leading email providers will now be encrypted to provide better security against potential NSA surveillance. Experts say the move will do little to thwart well-equipped snoopers.
The “E-mail made in Germany” project has been set up in the wake of US surveillance revelations made by NSA whistleblower Edward Snowden. National Security Agency documents show that the agency intercepts 500 million phone calls, texts, and emails in Germany each month.
“Germans are deeply unsettled by the latest reports on the potential interception of communication data,” said Rene Obermann, head of Deutsche Telekom, the country’s largest email provider. “Now, they can bank on the fact that their personal data online is as secure as it possibly can be.”
Deutsche Telekom and United Internet, which operate about two-thirds of Germany’s primary email accounts, said that from now on they will use SSL (Secure Sockets Layer) – a modern, industry-standard form of encryption that scrambles signals as they are sent through cables, which is the point at which the NSA often intercepts communication. The companies will also employ exclusively German servers and internal cables when sending messages between each other.
Obermann told the media that no access to users’ email will now be possible without a warrant. However, experts claim the impact of the measure is likely to be mostly psychological and symbolic.
“This initiative helps to tackle the-day-to-day sniffing around on the communication lines but it still doesn’t prevent governments from getting information,” Stefan Frei, a research director at information security company NSS Labs, told Reuters.
As Snowden’s files revealed, the NSA specifically focuses on foreign servers – often with backing from the country that hosts them – when intercepting communication. The agency is also able to crack the SSL code, with and without help from the email operator. However, it is much harder to do so without an operator-issued “key.”
It is notable that Google and other leading companies implicated as willing participants in the PRISM surveillance program also offer SSL encoding with their email service.
“Of course the NSA could still break in if they wanted to, but the mass encryption of emails would make it harder and more expensive for them to do so,” said Sandro Gaycken, a professor of cyber security at Berlin’s Free University.