• Germany's news in English

Experts find security problems in new De-Mail service

DDP/The Local · 21 Jul 2010, 09:00

Published: 21 Jul 2010 09:00 GMT+02:00

Facebook Twitter Google+ reddit

The government aims to use the system to banish the need to use printed pages for sensitive material such as letters and documents to lawyers, banks and government officials. Though it’s not set to go into full effect until 2011, major German email providers began registering customers earlier this month ahead of final government approval.

But IT expert for the country’s federal lawyers council (BRAK) Thomas Lapp told daily Frankfurter Rundschau that he believed the system was not secure.

“I have serious doubts about the De-Mail law,” he told the paper. “The security gaps cannot be overlooked.”

The problem lies in how servers must briefly decrypt documents for processing, he said, likening the process to a letter opened at least twice and then placed in a new envelope on the way to its destination.

“The promise to be as secure as a letter is therefore not kept,” he told the paper, adding that it would theoretically possible for hackers to copy or manipulate documents if they gained access to the system.

Elmar Müller, head of the DVPT association form postal services, IT and telecommunication, also acknowledged the risk.

“These issues must be fixed immediately,” he told the paper.

But head of the De-Mail programme for Deutsche Telekom Gert Metternich said that he had no concerns about the process.

Story continues below…

“In the De-Mail system the messages are opened for a fraction of a second and decrypted by the provider servers, and immediately re-encrypted and sent on,” he said, adding that the servers were up to government standards.

“As far as that goes I have no doubts that the De-Mails are secure,” he said.

DDP/The Local (news@thelocal.de)

Facebook Twitter Google+ reddit

Your comments about this article

14:37 July 21, 2010 by slawek
The actual proper way to secure the systems would involve generating a private/public encryption key pair by the user himself. Then having the public key signed by the postal service and including the key in his browser's or e-mail client key chain. In this way only the user could be able to open the mail.

This is the standard procedure supported by major operating systems since years. As far as I recall it's even possible for the user to authenticate himself through the web browser in this way.

If the major providers are unwilling to or do not grasp a decades old concept of privacy It's a clear sign we should start to worry about such pseudo IT professionals.
12:41 July 22, 2010 by milylasouris
I agree with Slawek. Any system where the message can be or needs to be decrypted somewhere between the sender and the intended recipient is inherently insecure. I wouldn't want to do any communication of sensitive data without knowing that only the recipient can read that data.

No security system is completely secure, but this one really seems to be operating in the way such systems did decades ago. Creating systems secure enough to protect the sort of data this service would be used for is not rocket science.
Today's headlines
Outrage over ruling on 'brutal' gang rape of teen girl
The now convicted suspects, sitting in court in Hamburg. Photo: DPA.

A 14-year-old girl was gang-raped and left partially clothed and unconscious in freezing temperatures. Now prosecutors are appealing the sentences for the young men found guilty, most of whom will not set foot in jail.

Dozens of Turkish diplomats apply for asylum in Germany
Demonstrators holding a giant Turkish flag protest against the attempted coup in Istanbul in July. Photo: DPA.

Since the failed putsch attempt in Turkey in July, Germany has received 35 asylum applications from people with Turkish diplomatic passports, the Interior Ministry confirmed on Wednesday.

Hertha Berlin fan club criticised for 'anti-gay banner'
Hertha BSC beat FC Cologne 2-1. Photo: DPA

A 50 metre fan banner apparently mocking the idea of gay adoption has overshadowed Hertha BSC's win in the Bundesliga.

Germany stalls Chinese takeover of tech firm Aixtron
Aixtron headquarters in Herzogenrath. Photo: DPA

The German government on Monday said it had withdrawn approval for a Chinese firm to acquire Aixtron, a supplier to the semiconductor industry, amid growing unease over Chinese investment in German companies.

Politicians call for tough sentences for 'killer clowns'
File photo: DPA.

Now that the so-called 'killer clown' craze has spread from the US to Germany, elected officials are drawing a hard line against such "pranks", with some threatening offenders with jail time of up to a year.

Nearly one in ten Germans are severely disabled
Photo: DPA

New figures reveal that 9.3 percent of the German population last year were considered severely disabled.

The Local List
Germany's top 10 most surreal sites to visit
The Upside-Down House, in Mecklenburg–Western Pomerania. Photo: Olaf Meister / Wikimedia Commons

From upside-down houses on Baltic islands to a fairy-tale castle near the Austrian border, Germany is a treasure trove of the extraordinary.

Bavarian critics back Merkel for Chancellor again
Photo: DPA

The Christian Social Union (CSU) have long delayed backing Angela Merkel as their candidate for Chancellor in next year's general election. But now key leaders are supporting her publicly.

Four taken to hospital after hotel toilet bursts into flames
File photo: DPA.

Four guests at a Nuremberg hotel were taken to hospital due to smoke inhalation early Monday morning after a toilet there burst into flames.

Creepy clown scare spreads to Germany
Two of the clowns were apparently equipped with chainsaws. Photo: Pedro Pardo / AFP file picture

Police said Friday five incidents involving so-called scary clowns had occurred in two north German towns, including one assailant who hit a man with a baseball bat, amid fears that Halloween could spark a rash of similar attacks.

10 things you never knew about socialist East Germany
Sponsored Article
Last chance to vote absentee in the US elections
How Germans fell in love with America's favourite squash
How I ditched London for Berlin and became a published author
12 clever German idioms that'll make you sound like a pro
23 fascinating facts you never knew about Berlin
9 unmissable events to check out in Germany this October
10 things you never knew about German reunification
10 things you're sure to notice after an Oktoberfest visit
Germany's 10 most Instagram-able places
15 pics that prove Germany is absolutely enchanting in autumn
10 German films you have to watch before you die
6 things about Munich that’ll stay with you forever
10 pieces of German slang you'll never learn in class
Ouch! Naked swimmer hospitalized after angler hooks his penis
Six reasons why Berlin is now known as 'the failed city'
15 tell-tale signs you’ll never quite master German
7 American habits that make Germans very, very uncomfortable
Story of a fugitive cow who outwitted police for weeks before capture
Eleven famous Germans with surnames that'll make your sides split
The best ways to get a visa as an American in Germany
jobs available
Toytown Germany
Germany's English-speaking crowd