Tutanota is not anonymous anymore – According to a ruling by the Itzehoe (Germany) district court, the email provider Tutanota will have to allow investigators to access suspects’ emails unencrypted after receiving the court order. The German company had not complied with a first request made in October 2018.
Tutanota should let authorities monitor chats in real time
The district court of Itzehoe asked Tutanota to make the e-mails of suspects available to the police unencrypted and in real time. Tutanota was sentenced to obey court orders in the future. In its ruling, the local court refers to Tutanota’s obligation to disclose data for investigation purposes in accordance with the Criminal Procedure Code § 100a and the Telecommunications Act § 11. In addition, a fine of 1,000 euros was imposed. The management of the e-mail provider announced that they would not continue to defend themselves legally against this order.
The proceedings took place after cyber criminals threatened several companies with their malware last year and communicated with the companies via Tutanota. The police demanded full access to the e-mails in order to carry out their investigations. However, Tutanota has encrypted all customer data by default. This also applies to the user’s calendar, notes or cloud storage. All e-mails from one Tutanota customer to another are also automatically encrypted, similar to Protonmail.
Authorities demand their own backdoor
The German provider advertises itself as the “world’s safest e-mail service”. Six million customers now use the service, many of which have a free account. Tutanota must now set up a kind of official backdoor in order to avoid further fines, so that the police can immediately access the suspects’ e-mails after receiving the court letter. CEO Matthias Pfau told that instead he would rather concentrate on completely different things than give the authorities extended access rights.
EU e-mail providers not very popular in certain circles
For cybercriminals, this news is no accident. Every year, the German competitor Posteo voluntarily admits the number of official LE-inquiries in its transparency report. For years, Posteo had also unsuccessfully tried to defend itself in court against the disclosure of the data.
Anyone who wants to break German law rarely uses a provider within Europe anyway. In the digital underground, the e-mail services of offshore companies or Russian e-mail providers have long been highly popular. Where no EU legislation is in place, no operator can be forced to disclose customer data by court order.