Experts find security problems in new De-Mail service
Experts cited serious security risks on Wednesday in Germany’s new De-Mail system, which is set to let users send official letters and documents over the internet starting next year.
The government aims to use the system to banish the need to use printed pages for sensitive material such as letters and documents to lawyers, banks and government officials. Though it’s not set to go into full effect until 2011, major German email providers began registering customers earlier this month ahead of final government approval.
But IT expert for the country’s federal lawyers council (BRAK) Thomas Lapp told daily Frankfurter Rundschau that he believed the system was not secure.
“I have serious doubts about the De-Mail law,” he told the paper. “The security gaps cannot be overlooked.”
The problem lies in how servers must briefly decrypt documents for processing, he said, likening the process to a letter opened at least twice and then placed in a new envelope on the way to its destination.
“The promise to be as secure as a letter is therefore not kept,” he told the paper, adding that it would theoretically possible for hackers to copy or manipulate documents if they gained access to the system.
Elmar Müller, head of the DVPT association form postal services, IT and telecommunication, also acknowledged the risk.
“These issues must be fixed immediately,” he told the paper.
But head of the De-Mail programme for Deutsche Telekom Gert Metternich said that he had no concerns about the process.
“In the De-Mail system the messages are opened for a fraction of a second and decrypted by the provider servers, and immediately re-encrypted and sent on,” he said, adding that the servers were up to government standards.
“As far as that goes I have no doubts that the De-Mails are secure,” he said.