The largest German mail providers launched a program to send all emails SSL encrypted AND make sure they would stay within Germany and on German servers. Making sure that that the fierce Germany privacy would govern them.
Commercially smart and they intent to go even further by showing you some sort of warning if you sent email to a 'Not Made In Germany' recipient. It will no doubt stimulate people to use GMX.DE, T-Online or WEB.DE and the future partners who already have 65% of the national market.
The fallout is also clear: everything outside of Germany is mistrusted and having warnings popup when you communicate with f.i. Google will severely hurt other providers.
Google was one of the first to offer SSL protected transport of email, but as their server is US jurisdiction they will have to hand over your unencrypted email to the NSA. Google could counter this by offering real end-end encryption, meaning that they never store it in plain text, but they are unwilling to do so as the money is in targeted ads so they have to scan them. They defend their position by claiming they can't protect you from spam if they would allow full encryption.
Anyway, this German program does exactly the same as Google, but the key difference is that the servers from the three partners are on German soil and fall under German jurisdiction.
It's good marketing, but this reversal to a sort of national email network is hampering international contacts, just like the US rules that all communication with foreigners can be legally intercepted.
Back to national borders for trusted emails: good or saddening
More info on http://www.telekom.com/media/company/192834 and https://www.e-mail-made-in-germany.de/Verschluesselung.html
So, America created the Internet, and America will destroy the internet. Sorry, everybody.
It's sad. But clever.
It's good. But defeatist.
Saddening, but caused by even more saddening events.
+Matthew Graybosch it wouldn't be so bad if America wasn't treating the Internet as it's 51st state.
A sad state of affairs that's it's coming to this.
what about GoogleMail.com in Germany?
I trust Google more then tmobile really… And is it not a guarantuee gouvernments are not spying. At all. Zo, pure marketing?
+Riël Notermans You may, but the NSA can obtain your email. Try that with the German emails
Your information is not complete. The mails are encrypted, but only server-to-server-side, not end-to-end. This "Made in Germany Security Label" is pure marketing an no innovation at all. German Newspaper: http://www.zeit.de/digital/datenschutz/2013-08/email-telekom-gmx-verschluesselt/
+Bernd Rubel Its unencrypted email travelling over SSL from end user to server AND (the new part) from server to server as long as it's between partners.
It's not fully encrypted, but as long as it doesn't leave German servers the NSA can't get hold of it and that's what the program guarantees. It's encrypted while in transit. Not at the endusers.
+Luis Carvalho , the United States treats the whole frigging planet like the 51st state. I don't like it any more than you do, but I don't think most Americans will wake up until we have our own concentration camps.
We have only ourselves to blame for this.
Back when I was doing business development and advisory work for an ediscovery company, it was clear that one issue we could point to was that when you outsourced you were trusting that there was a legal and technical framework to protect your data. There was a benefit to keeping your data here vs. outside the US.
Well, now we see that the stupidity of our surveillance programs and domestic fishing expeditions are going to backfire on us, bigtime. The US got a free pass for a while, most people completely fine with using resources in the US because they knew that they had additional protection/recourse.
The problem is that most of these programs the USG not only demands, but prevents transparency on – violate disclosure laws in many other countries. So for just legal reasons, they now have to remove that data in order to comply with their own privacy laws.
This is going to bite US technology companies many ways, and is going to lead to foreign competition.
I also find it funny that for all the ruckus we made about China forcing internet companies to share data, we aren't quite as up in arms about it when it turns out that not only is our government doing the same thing – it might just be engaging in more egregious conduct.
But don't worry, it is all to stop "terrorists". Nevermind that what constitutes a terrorist is a totally subjective term, that keeps getting applied to a variety of issues by our government. Also nevermind that some of the conduct of our government around the world would reasonably be considered terrorism if it was done to us.
The comment from the CEO of Lavabit that advised that companies are best off starting in a country OUTSIDE the US if they wanted to protect themselves and their users was more telling.
At some point you have to ask if the value of this kind of security is worth the cost, and the reasonable answer for me is no.
I thought Guantanomo Bay qualified as a concentration camp +Matthew Graybosch?
Very, very well said +Michael Kelly
It's snake oil – what good is an email which is encrypted between servers but unencrypted on the servers themselves? And the German secret service actually gave data and email to the NSA. If you read the german text very closely, they say this will protect the clients' data from unauthorised access. But of course, the german government does only authorised accesses…
+Michael Kelly by forcing the Internet industry in US into compliance, they may very well have killed it. One thing is certain, it killed our trust. Until non-US alternatives show up. If they don't do something until then, it's bye-bye.
The clock is ticking.
+Max Huijgen No, you are wrong, really. "lawful interception" is still guaranteed by the companies. There's a big discussion in Germany about the cooperations between the BND and the NSA, so transferring unencrypted Mails to a server – to any server, also in Germany – does not secure anything.
Of course it's not a solution if you want privacy +Nikolas Tautenhahn It's effective marketing with the nasty outcome that we no longer trust 'foreign' email addresses.
+Max Huijgen, I'm tempted to say that the only difference between Gitmo and other American prisons is that Gitmo is run by Uncle Sam, and not some corporation.
I didn't state that it would be secure +Bernd Rubel I'm not a proponent of the program. I explained how it worked and if Germans trust their own government it's a solution. They know their email is legally open for the NSA. That's no longer the case if they use this program.
If I was German, why would I find it okay if German authorities read my mail but get scared if NSA does?
While it makes no big difference to me I still prefer a good trust and service 😉
Because there haven't been cases of kidnapping by German secret services f.i. or because people don't like to end up in jail because of laws they never voted for.
People tend to trust their own government more than others. Right or wrong, but it's the reality. Ask the Americans who sleep well as long as the NSA spies on foreigners +Riël Notermans
It is a sad, sad World.
The ssl wont stop the actual emails from being "harvested" at the actual server, from what you say the actual email won't be encrypted, just the transport
Maybe it helps if I add that the market share of these three companies within Germany is about 65%.
So they cannot send outside germany? I am afraid people dont like the hassle.
Are German users known or do they care about NSA anyway? Dutch dont really… Even companies dont care very much.
I think the possibility is great but I dont expect much from it tbh. We will see!
+Max Huijgen It's still the case if GCHQ controls the german backbones like DE-CIX. http://heise.de/-1928683
+Bernd Rubel That's what the three partners guarantee: the data will stay on Germain soil and servers. When in transport it's encrypted.
+Riël Notermans they can sent email abroad or to fellow Germans with different email acccounts, but they get a warning.
+Max Huijgen And that means exactly nothing. It's pure marketing. (Edit: +Torsten Kleinz wrote a clear article about it, perhaps Google Translate is accurate enough: http://translate.google.de/translate?sl=de&tl=en&js=n&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.zeit.de%2Fdigital%2Fdatenschutz%2F2013-08%2Femail-telekom-gmx-verschluesselt%2F&act=url)
Well, I'm not defending the program, but it's encrypted in transport. That's SSL in action +Bernd Rubel
Back in 2003 I started work on an encrypted mail system.
I decided that time that the effort I could put into it could not possibly uh give me a complete enough product and I started work at a different project so it got put aside. I see what happened to lava bit and asked a buddy his opinion.
The way I thought there were two major concerns.
First it had to be outside of USA so that it was free of a security letter.
Second the servers had to be in a place where they could not be taken like Kim Dotcoms were.
My buddies advice which I am wisely taking "don't go there Bill"
I have been using the web.de service for private e-mail for a couple of years now. I am now planning to move all my e-mail and as many services as possible away from U.S. services. You have no idea how strict they are about privacy here. It's an important part of the German psyche. Of course they used to collaborate with the U.S. and the UK but they are now politically terminating these deals after discovering they were spied on in the EU. The Germans won't have that. They won't have that at all. You have to remember that transparency in the government here is a totally different beast than in the U.S. and the UK. I'm not saying that it is perfect. It is far from it. It is however, much better for the consumer to use EU services than U.S. services when it comes to privacy. Let me also remind you that we have another secure e-mail system here that is set up to eliminate paper documents. That, too, has an extremely high level of security. It is actually a closed circuit e-mail system. Try to hack that, NSA (and getting away with it): http://en.wikipedia.org/wiki/De-Mail
I added some extra paragraphs to the original post as it's clear from the discussion that there were some misconceptions about what the program offers, how it differs from Google's current offer, and what the real repercussions are.
And this might make it a little harder for the NSA to get the mails (not at all impossible) but if you hear the German politians talk you can be sure your data is not safe with German providers anyway.
Yes, its only (but nevetheless) a partial good idea:
many germans got concerned about NSA reading all mails automatically, (yes, they do !). So the communication companies try to take advantage from the situation to push their e mail account offers, with some succes.
But: web de and GMX suck with commercials, and telekon… is telekom.
And the german security services have of course an access to the german communication companys, "lawful interception" according to the laws, and because those are much closer to me than the US, they would be the last ones i would thrust
So if you want real private mail, you have to encrypt yourself :-))
But for smaller german companies, it might be an advantage if US secret serrvices can not so ealily spy on them: thereare suspicions that do not only on terror, but sometimes economic spying, too, and give hints for offers or technical details to good collaborating "friends" like Boeing and co.
+Ronnie Rocket the problem with de-mail is by far greater. A de-mail is like a signature under a contract – but your email provider only verifies your identity once. You don't get a special client or encryption, the emails are once again decrypted on the server (so they can be scanned for "viruses"), so no added security here. The (legal) problem is: if someone intercepts your login by any means, they can file your divorce or quit your job. So, a user of de-mail has more risks than someone who doesn't use it
Good point about the economic espionage +Christoph Schaddach
It probably does not matter on the specifics +Max Huijgen
What probably matters more is that there is a perception that data in the US and internet traffic in the US is not secure from our own government.
The USG and specifically the NSA has done a bangup job of turning itself into an international bogeyman, and any data company in the US is going to have a hard time denying it is not affected by it.
Which means email, document storage, data preservation, and likely even search engines are all going to find that there will be versions popping up outside the US that are going to use the fact they are outside the US as a primary selling point now.
We have now created the perception that data based in the US is at risk if you do business internationally or are based outside of the US.
Combine this with the news of parallel construction where intelligence agencies are sharing illegally obtained information (circumventing constitutional and legal controls) and add the conduct where the government simply labels its conduct secret in order to prevent any oversight or whistleblowing, the very things that act as hedges against abuse of power.
You get an environment where being based in the US becomes a disadvantage vs foreign competition not subject to the same restrictions.
And this is really going to matter in cloud. We just gave a bunch of business to foreign competition and probably cost hundreds if not thousands of jobs over the long term in order to justify budgets to an intelligence organization that produces few tangible benefits vs the cost.
It won't be worth the risk and potential cost of lawsuits to try to work within the US if you don't have to. There have been estimates that 10% of cloud opportunities are going to be lost to foreign competition because of this. I don't see that as an unreasonable estimate.
I don't think there is a proper system on the market right now. I do think the EU are moving in the right direction and the U.S. are doing the opposite. That is why I am betting on the German based services as of now. Give me an e-mail server on, say, Iceland with full encryption, no ads and a cooperative open, non profit ownership and I am there in a spiffy!
We should start talking business +Ronnie Rocket 🙂
+Max Huijgen economic expionage is the most concern of german government (and its company financiers) – the citizens are not so importand. I assume, in other countries it is similar …
Completely agree +Michael Kelly
does anybody still remember email as it was meant to be? before webmail? before the idea that you mail was bound to a corporation or a country?
IMO the important thing here is not so much the service itself, which I see as more of a marketing thing, After all, so many eMails go across borders and the fact that the "Datenspeicherung" issue is still not solved on an EU level would seem to reduce the practical usefulness of the service.
However, the upside is that, simply through marketing this it will raise awareness, both with consumers and politicians, that privacy is a basic right and not 'optional'.
This might interest you +John Blossom
+Max Huijgen Saddening. This is pretty much what Russia wants Germany to do – to isolate itself from its security partners. No small surprise that they harbor Snowden at this point. NSA reforms are needed, but privacy in isolation is not a match for public communications in a unified and open society.
It's saddening +John Blossom but Russia has nothing to do with the sentiments of the Germans. These days are long over.
+Max Huijgen I am sure that's what Russia would like Germans to think.
Maybe they do, but Russia's wishes are irrelevant.
+Max Huijgen I wish that they were. They are harboring the person who revealed things which brought this political crisis on. Now, the facts are the facts, but how one goes about delivering the facts – and who sponsors their delivery – is another question.
I simply would like to suggest that the world is not as simple as some would wish. After World War I, the French sought an isolationist approach to its external threats via the simplistic defenses of the Maginot Line, which meant that they felt safe ignoring many real threats. Other countries in other situations have harbored isolationist tendencies for other reasons. This has gone in cycles through the years in many places, including Europe. I would hope that people would have longer memories and bear in mind that human nature does not improve linearly.
Russia ? Is a country with small industrial base, its only power comes from the ability to export fossil fuels, like saudi arabia.
so it has a similar influence on europe like saudi arabia
and it has a few thousend nuclear weapons, but they are als useful as their US counterparts: even north korea ignores them. (okay, they prevent north corea from waging a greater war, but countries with less ambition in war games are not very impressed by them – because they won´t be used against them.
Cold warriors still think in tanks and rockets and hemispheres of influence, but todays influence is based on economics – the merchants have won. A good example is china, or south america, where growing economic base allowed countries like brasil (or because of resources like venezuela) to escape former influence.
If europeans really would fear russia as a threat, they should invest in more tanks and rockets, not in secret services – but, as far as i know, the forces of the non – russian european countries are big enough already.
And the snowden asylum ? In my opinion, it´s a little ridiculous that most US pressure on russia today is not for civil rights, threatmend of dissidents, killing and torture by Kadyrev in cechenia with 1000´s of victims, and delivering weapons for the syrian dictatorship, but for getting one single man to a 50 – 90 year prison penalty whose crime was not even a murder. If one man will not get in jail – there are greater unjustnesses in the world.
If the reverse situation had occurred I'm pretty sure the US wouldn't have handed over Эдуард Snowinsky +Christoph Schaddach
Snovinsy – hi – a good point ! Yes, the west often gave a save home to soviet dissidents (if they could escape), and the soviet had to accept it (expect a handful secret service actions…)
But John Blossom would answer: "You can´t compare the legal justice of the freest country in the world with sinistre dictatorship !
Then Wladimir Putin would comment: remember CIA – reditions and torture of often innocent people, and signature kills without trial or defender, (Magna Carta 1225 – no secret justice !)… and our pussy singers (nice girls, by the way !) got more a fair trial than some of your underprivileged, often black people in your country if accused – there are cases, you won´t believe !
In my opinion, there is still a great difference between US and Russia. But it could be a greater one (and not by worsing Russia !). It´s sad, that our governments gave a advantage in human rights – the most importand "ideology" we have in my opinion, because the others, wealth and freedom of trade are more for the rich – they gave it partly out of hand. (And the german government, too, it was heavily involved in admitting renditions etc) It´s nearly the whole "western" world, except iceland, perhaps.
Yes, human rights are uncomfortable sometimes, but they are most importand when it´s not easy to respect them – because in the other cases, when it is easy to respect them, they are not so necessary. So, no government can have both: hold the rights up and do the tortures. Even if some legal constructs make it believable.
Russia is the main conduit of support for Syria and some other rogue states, as well was a key component in cyberterrorism. It's certainly a different global terrain than it was at the height of the Cold War. In some ways the tables have turned – it seems at times that Russia acts as a channel of "plausible denial" that bolsters Chinese global strategy. The odd thing is that many of the people who wail about "human rights" in this Snowden situation completely ignore the bald-faced, public and egregious acts of human rights violations in China and Russia. If you are a person of different sexual orientation, for example, may God help you in Russia. If you dare to share free thoughts in online in China, may God help you. The U.S. is far from perfect, but the current debate seems a bit like people complaining about a cousin because they're afraid to address a drunk brother.
I agree that the West has much to answer for, and our values have become corrupt in the pursuit of security at any price. But let's be careful to not undo good in the pursuit of evil – and let's always remember that we're all human, all frail, and all in need of global cooperation towards the good. There is no superior nation, no superior race – only the opportunity to create a superior way of living together in peace.
Nearly nobody denies the rogue human right violations in russia, china, north korea – and i don´t critisize the US government to insist in delivering Snowden if he were in a country which has a legal extradition pakt with US, if his deeds were against US law. But i wonder what pressure the govenment tries against countries where is no extradition commitment, but have other much more and severe human right violations there (als you wrote) than not delivering a potential criminal (not even murder) to his origin country…
And if there is ursurpation of too much surveillance by a secret service, how else could the public be informed unless one persontakes the risk to tell it ? And mostly, there is no other choice than to act against the law, that the government made to protect it´s secret services. A difficult case. and a court will have no other choice than to judge according to the written law, not the possibly good intentiion. So, asylum in a foreign country is not the worst outcome. And the data he knew have sprad already.
But in another point i would not be afraid: The gloobal cooperation of the more free countries will not end – everybody except some conspiracy theorist knows the difference in human rights between US, europe and other democracys against the dictatorships. Sometimes some merchants try to protegy nationalism to bolster their own companies, but in the worldwide struggle for human rights, free speech, free thoughts and free sexual orientation we could all be together – like amnesty or human rights watch give an example 🙂
+Christoph Schaddach I think that some of the checks and balances that Obama is proposing will help matters, though other aspects of U.S. security policy will take longer to balance – especially in a world that is still so out of balance in general. The Cold War left a legacy in many places of power for power's sake. But so it has been for much of human history. Economic and political extremes are the real threats in the U.S., ones which security policy tends to overshadow too often.
+John Blossom : totally agreed !
and: has left a legacy in many places of power for power´s sake is a good description – structures often live on, even when their reason has dwarfed (became smaller), …
+Christoph Schaddach We are, as humans, usually far more optimistic about our ability to eliminate human aggression than we have a right to be. They call World War I "the war to end all wars." Oops. There's no need to be paranoid, only realistic about what it takes to curtail aggression.
And then, Word War II was the war to end all wars until now. Nobody did espect it, all calculated with word war III, end even built bunkers for it, but it did not come: The nukes too deterrent, i suppose
Of course, there were hundreds or wars after WWII, but they were civil wars in poorer countrys, or something an englishman one hundred years ago would have called "colonial wars": The mothercountry sends some weapons and soldiers, but is not really threadened however the war comes out:
No matter, if the vietnam and today the afghan war is won or lost, the taliban will never come to USA in big numbers with full equipment – like the russian did, when the nazi idea of expanding east went wrong …
THAT was a war, and even the USA sufferend ten tausends or hundred thousands of victims at Omaha beach and afterwards – and if not succesful, the nazis WOULD have come in the opposite direction and enslave the US like they did with the occupied eastern regions: No chance for El Kaida to compare with.
so, i really would say, we live in a period of peace. Relatively…
+Christoph Schaddach Yes, and one needs to recognize that some compromises were needed to sustain that peace. Not all were worth it, but some were.
Qes, even the atomic weapons turned out als a real peacemaker, as we can see it now – but in the Cuba crsis and some times after it was a very dangerous bet.
Many things you can only see afterwards … but compromises are always important. Only if both sides are equally dissatisfied, a treaty is really good (quote; i don´t know:-))