Cologne court departs from ECJ ruling to order Tutanota to break encryption

Tutanota is a German encrypted e-mail provider. Recently (Nov 2020) a Cologne court ordered them to implement a backdoor for a particular customer’s account. The order comes in the heels of a ransom note sent to an auto supplier.

ECJ’s “Gmail ruling” in 2019 refused to classify email as a telecommunication service thereby thwarting backdoor/monitoring requests as is often required from telecom service providers. A Hanover court had followed this precedent to grant reprieve to Tutanota back in April.

Source: Tutanota backdoor order (German)

Calling the result a backdoor would be deceptive, it’s just an order to monitor the account, this doesn’t affect the encryption, non-encrypted emails only will be recovered at best( until they are forced to change their portal to be a key logger, still keeping old school copy paste pgp emails secure).

Edited to add:

"Tutanota is one of the few mail providers that encrypts the entire mailbox, also calendar and contacts. The encrypted data cannot be decrypted by us, because only the user has the key to decrypt it.” - Pfau (Tutanota Co-Founder)

The order specifically demands decryption for investigators. Given Tutanota’s current implementation, that will impact all mails coming in, once that feature is in place. That is the very definition of a backdoor.

Here’s a thread I did where I trace the history of this case, and the ECJ ruling. Also, sources.

1 Like