德国法院强制Tutanota为邮件勒索案创建后门

CyberScoop消息,德国科隆地区一家法院已下令端到端加密电子邮件提供商Tutanota监控一名涉嫌敲诈案件的用户的账户。

Tutanota计划对该法院11月份的判决提出上诉,认为该判决与汉诺威地区法院今年早些时候裁定”Tutanota并不提供电信服务,根据德国法律,Tutanota不应被迫对其电子邮件进行监控”的判决相违背,科隆地区法院的最新判决也可能与欧盟法院2019年作出的Gmail不是电子通信服务的判决相抵触。

Tutanota的联合创始人Matthias Pfau表示,这一判决不会影响其他用户的电子邮件,但可能会为电子邮件安全和隐私设置一个危险的先例。如果其他类似案件在未来数月或数年内浮出水面,这起案件可能会为更具侵入性的监控铺平道路。

同时,Tutanota也在Redit对些进行了回应:

“Tutanota是为数不多的加密整个邮箱的邮件提供商之一。加密的数据不能被我们解密,因为只有用户持有解密的密钥。判决要求Tutanota将犯罪嫌疑人新收、发的未加密邮件在加密之前上交。该判决不会影响任何其他邮箱帐户,也不会影响已经加密的数据或通过端到端加密发送的电子邮件。只有用户有权访问密钥,因此我们无法解密任何数据。这一判决再次表明了端到端加密的重要性。任何未经端到端加密发送的电子邮件必须视为不机密,我们始终向用户解释这一点。虽然我们必须遵守法院的命令,但我们会不遗余力地保护用户的隐私。这就是为什么我们会对这个决定提起上诉。此外,我们目前正准备就类似案件向BGH提出上诉,以获得最高法院的判决。”

原文如下:

Tutanota is one of the few mail providers that encrypts the entire mailbox. The encrypted data can’t be decrypted by us as only the user holds the key for decryption.

This ruling requires Tutanota to hand out newly incoming and outgoing non-encrypted emails of one suspected criminal before these are being encrypted.

The ruling does not affect any other mail account. It also does not affect already encrypted data or emails that are sent with end-to-end encryption. Only the user has access to the key so we are not able to decrypt any data.

This ruling again shows why end-to-end encryption is important. Any email sent without end-to-end encryption must be considered as not confidential and we always explain this to our users.

Edit: While we have to comply with court orders, we go to great lengths to fight for our users’ privacy. That’s why we will file an appeal against the decision. Furthermore, we are currently preparing an appeal to the BGH in a similar case in order to obtain a decision from the highest court.

Reddit相关讨论地址如下:

  1. https://np.reddit.com/r/tutanota/comments/k3sfs5/in_englisch_court_forces_mail_provider_tutanota/ge4xywc/
  2. https://www.reddit.com/r/tutanota/comments/kaawl1/german_court_forces_encrypted_email_provider/

支付宝打赏 微信打赏

感谢打赏,支持支付宝、微信!