You've not got mail
July 22, 2010
Some German IT experts are raising doubts about Germany's DE-Mail encryption system by pointing to what they call a security problem in the proposed e-mail network, which was opened to the public for registration earlier this month.
E-mail sent through DE-Mail's servers may be decrypted and re-encrypted up to two times before reaching its target, possibly giving third parties access to its content.
Deutsche Telekom is one of the companies behind the DE-Mail project and has dismissed security concerns by stressing that the decryption occurs for just a fraction of a second and that it is only carried out on servers that have met government security standards.
"The decryption process was included intentionally from the beginning - it doesn't represent a mistake or oversight on our part," said Ralf Sauerzapf, a Deutsche Telekom spokesperson, in an interview with Deutsche Welle.
"In designing DE-Mail, we had two options. Creating a system with end-to-end encryption would have required the user to install and routinely update software on his or her computer," he said. "We see a far greater security risk in leaving those tasks to the user compared with our proposed system that will indeed involve a brief decryption by our servers but that will also be monitored by an independent government agency."
Sauerzapf said that despite these new concerns, he expects DE-Mail to be released on-schedule later this year.
"Hollow comfort"
Deutsche Telekom officials argue that DE-Mail will be used for the secure exchange of information that would normally be sent by post, including sensitive data from government offices and financial service providers.
But Deutsche Telekom's response to the security issues is nothing more than "hollow comfort," said Elmar Mueller, head of the German Assocation of Post, Information Technology and Telecommunication.
"We have already seen misuse of data by telecommunication companies in recent years. Plus there's a risk that hackers could take advantage of the security loophole," Mueller told Deutsche Welle. "Since the service is targeted at institutions like insurers or banks that send extremely important data, the security standard needs to be at 100 percent."
Deutsche Telekom has tried to limit security concerns by inviting hackers to try to crack a trial version of the DE-Mail system. While none of the attempts have worked so far, it's impossible to rule out with certainty the success of a future break into the system.
How secure is secure enough?
The DE-Mail debate hinges primarily on which security approach is ultimately decided upon.
"I don't see it as a big problem that data is briefly decrypted," said Tarvi Martens, one of the leaders of the Estonian digital ID card project at the Estonian Certification Center. The Baltic nation implemented a similar secure e-mail system in 2002.
"The practical issue is that the electronic world is a lot more secure than the physical world - including the postal system, where many more people come in contact with sensitive material, and there are more uncontrollable variables."
In the fall, German lawmakers also will have to weigh in on whether the practical issues surrounding Telekom's plan trump its security risks. Before DE-Mail can be implemented, it must be approved by law.
"I assume that as soon as the law makes it to parliament, the question of whether DE-Mail is secure enough will be the sticking point," Elmar Mueller said.
If the law passes, Telekom may enjoy an important new revenue stream - the company intends to charge between 10 euro cents and 20 euro cents ($0.12 to $0.25) for each message sent.
That's the price users must pay for what the company regards as what Sauerzapf called "a very special service."
Author: Greg Wiser
Editor: Cyrus Farivar