Can Germany really keep bytes within its borders?
Alex Evans · 29 Nov 2013, 10:10
Published: 29 Nov 2013 10:10 GMT+01:00
- Germany and US vow to repair NSA damage (26 Nov 13)
- Germans quiz UK envoy on Berlin spy reports (05 Nov 13)
- German internet providers fail to impress (04 Nov 13)
Alarmed by the extent to which foreign intelligence services conducted a mass online surveillance programme, German users have been jumping ship on popular foreign-based email services in their droves.
Outgoing German justice minister Sabine Leutheusser-Schnarrenberger told journalists at a Berlin press conference in August: "German users have reacted to the NSA scandal by switching to German email providers…and they are demanding encryption.”
And in October former state-owned communications giant Deutsche Telekom proposed a secure national email network, based on a data security initiative called "Email made in Germany" which was launched in August.
"Email made in Germany"
The initiative was launched by Telekom and fellow leading mail providers GMX and Web.de to ensure all data transferred between the three firms' customers were encrypted, and never left German servers – beefing up security beyond the already exacting German legal standards.
Martin Wilhelm, a spokesman for 1&1 – the web hosting company which owns GMX and Web.de - told The Local: "It sets an additional standard of security that for the first time allows users the automatic encryption of data in all types of transmission."
More than two thirds of German email users are now with domestic providers operating under the "Email made in Germany" security standards, according to Wilhelm.
And in the past weeks Web.de and GMX have enjoyed a "gratifying rise" in new customers, Wilhelm said.
Deutsche Telekom hope to convince competitors to join the “Email Made in Germany” club, extending their commercial initiative into a national infrastructure meant to protect all German email traffic from foreign interference.
But 1&1's Anja Kolm told The Local: "We definitely don't want a 'Germany-net' or a regionalization of the internet. What we need is guaranteed security standards in Europe and transparency in what secret services are allowed to do in this country," she said.
From German emails to a German internet?
Professor Ross Anderson, head of security research at Cambridge University's computer labs, told the BBC in October that it was possible to keep data in a country and lock out foreign security services.
But other experts question whether an airtight system - as outlined by Deutsche Telekom - in which "not a single byte leaves the country or even crosses the border temporarily" is in fact possible, let alone likely to boost people's privacy.
Michael Horn, spokesman for German-based hacking group Chaos Computer Club (CCC), told The Local a national network based on local servers and encryption would not stop foreign spy agencies or hackers accessing private information.
"Spying on emails in transit is just one way to intercept communications data," he explained. "The location of a mail server doesn't automatically make it any more or less secure," he added, saying it was "even less the case with users' devices."
And existing encrypted systems like "Email made in Germany" make no true improvement to individuals' privacy, Horn said.
"As a user you have no power over the encryption – the provider encrypts and decrypts messages for you,” he said. "You can only guarantee really trustworthy communications if the encryption happens directly between the two correspondents.”
1&1 says the encryption is controlled by the internet provider "so that no technical know-how or extra spending is necessary on the part of the user."
Thomas Bösel, a spokesman for internet provider QSC, told DPA news agency in October the nature of the web meant it was not possible to ensure data stayed inside borders.
And the Frankfurter Allgemeine newspaper argued on Sunday that a state-sanctioned encryption network would be "no help against spying."
While the system might protect some of Germans' data from international spy agencies, it would not give them more privacy, but rather lead to "a centralization of surveillance capabilities" for German spy agencies like the Federal Intelligence Service (BND), the paper warned.