The concerns over the NSA spying in Germany are still going strong weeks after the news broke out, and now some of the leading email providers in the country have created a new “E-mail made in Germany” campaign to create the perception that their emails are secure. Security measures being put in place by GMX, T-Online, and web.de are more effective against your typical snooper, but when it comes to government spy agencies, is it enough to keep them out?
Under the “E-mail made in Germany” plan, any messages being sent between the participating companies, which currently account for two-thirds of all German email users, will never leave local servers. When sending out an email, users will be made aware if their email is going to be sent with the protections of the new plan via an on-screen message. In addition to the email never leaving Germany, all messages will be sent using SSL (Secure Sockets Layer) protection, which is a common encryption method that scrambles the signals as they are sent through the cables, and is typically found on e-commerce sites to protect the entry of credit card data.
Deutsche Telekom, which runs the email service T-Online, said in a statement that “Germans are deeply unsettled by the latest reports on the potential interception of communication data… Now, they can bank on the fact that their personal data online is as secure as it possibly can be.”
The question is whether this is really going to make email communications in Germany NSA spy-proof or if it is just a clever marketing scheme. Some of the leading German tech organizations, including the Chaos Computer Club, believe it to be a marketing stunt. Chaos Computer Club wrote on their website that all the companies are doing is implementing encryption methods that have been around for years, is already being used by many of their competitors, and is now just being offered up to their customers as some brand-new technological advancement.
In a statement to Ars Technica, Lukas Pitschl of GPGTools said that the “E-mail made in Germany” program will “not add real value to the security of e-mail communication… No one of the ‘E-Mail made in Germany’ initiative would say if they encrypt the data on their servers so they don’t have access to it, which they probably don’t and thus the government could force them to let them access it.”
If anything, the “E-mail made in Germany” program will slow down the interception of emails by agencies like the NSA, which according to leaked documents is in the hundreds of millions every month in Germany, but if they really want the data it can still be obtained. SSL encryption can be cracked and keeping data out of US servers doesn’t neccesarily stop Germany’s version of the NSA, the Bundesnachrichtendienst, from intercepting communications.