Thus, the state can read, De-mails are not encrypted properly – that is unsafe and dangerous, security analyst Linus Neumann said the chaos Congress 30c3.
Just so there are no misunderstandings: De-Mail is the declared attempt by the Federal Republic to build all Germans a secure way of electronic communication. Not since the NSA all technical systems has been infiltrated, emails are a problem because they can be read by anyone as postcards. De-Mail will change all that actually, they should – as stated in the relevant law – “ensure safe, confidential and verifiable commerce to anyone on the Internet” one. The certified provider can show each of their ID card and register it by name. That they are allowed money for each De-Mail require 39 cents are usually.
claim to be confidential and secure, is not nearly satisfied. There has long been criticism of the system. Meanwhile, security analysts, given the apparently deliberate uncertainty of De-mails but only cynicism left. Just as Linus Neumann. He blogs for years about such issues, working at a company that tests technical systems for their safety and was invited as an expert to the De-Mail topic in the Bundestag.
Neumann presented at the 30th Chaos Communication Congress (30c3) a comprehensive analysis of the State-mails ago in Hamburg. It is devastating: De-mails are not safer than ordinary mails, they were “unnecessarily and intentionally incompatible with the rest of the world”, they are an attractive target for criminals and would also entail more legal risks for users
And not only that De-Mail was the chance Neumann said, comprehensively introduce an encrypted and secure communications in Germany. “Thus I have explained why that was not done.” De-Mail is deliberately designed so that German security services could read the content, he believes. “No government is stupid enough to provide their citizens with a tap-proof system for communication.”
It is all about that in De-mails no end-to-end encryption is built-in. The term describes that data can be encrypted by the sender and decrypted only from the receiver and read. Although De-mails are quite encrypted, but not on her all the way through the Internet.
The encryption is performed by the provider, that provider of the system, such as the telecom or Web.de, not the customer. And the provider decrypts the De-mails in between back in to read them. The argument: The serve of safety, only it would be possible to guarantee that De-mails contain viruses. The virus scanner should look into the mail.
Neumann however, said the serving alone of uncertainty. After all, there is thus a central server on which the mails were lying around unencrypted, even if only for a short time. This server is guaranteed a worthwhile target for any attacker, and will therefore also be attacked guaranteed. For Neumann, it is only a matter of time until De-mails are hacked.
In addition, he holds the thing with the virus scanner is a false argument to justify that the state wants to get at the contents of the mails. “If I intend to infect many computers with a virus, I do that but not with a mail, which costs 39 cents and is registered in my name,” he said. Virus attacks by criminals are mass attacks, want to reach millions of computers in the hope that you can then take a few thousand. The system De-Mail is no interest for such attacks to be too expensive.