Germany Builds Encrypted, Identity-Confirmed Email

jfruhlinger writes "Looking to solve the problems of spam, phishing, and unconfirmed email identities, Germany is betting very, very big. The country will pass a law this month creating 'De-mail,' a service in which all messages will be encrypted and digitally signed so they cannot be intercepted or modified in transit. Businesses and individuals wanting to send or receive De-mail messages will have to prove their real-world identity and associate that with a new De-mail address from a government-approved service provider. The service will be enabled by a new law that the government expects will be in force by the end of this month. It will allow service providers to charge for sending messages if they wish. The service is voluntary, but will it give the government too much control?"

No end-to-end encryption though

As far as I've read, they decrypt messages in the middle "to check the messages for viruses".

Re:No end-to-end encryption though

[moonbender]

Yup. Sounds like a bad joke right? A new messaging standard, incompatible with everything else, that doesn't even do end-to-end encryption! It's pathetic. It purports to solve problems that are already pretty much solved -- spam, reliable delivery -- while not solving all the difficult ones and introducing new dangers for the customers, like missing a "registered email". Oh, and you'll be charged per mail! The worst outcome would be if people ended up using it, but at this point I'm guessing it'll be a huge dud; some government entities will support it, as will a few corporations, but that's it.

Re:No end-to-end encryption though

As a native German, I can confirm this. Encryption is only used for Client Server communication.

There are further flaws in the concept. For example, our government lately decided that de-mail addresses do not have to be visually distinguishable from other mail addresses (i.e. de-mail addresses do not share a common tld, nor do the tlds have to contain something like "de-mail"). Instead, they came up with the idea that email client vendors could implement a mechanism for telling users whether an email address is a de-mail address..

Re:No end-to-end encryption though

[divisionbyzero]

YThe worst outcome would be if people ended up using it, but at this point I'm guessing it'll be a huge dud; some government entities will support it, as will a few corporations, but that's it.

I don't think they will be so lucky. I'd bet the government will require it for some communication and account access. Over time it will become more inconvenient to have multiple email accounts and people will just default to using de-mail.

Re:No end-to-end encryption though

[bemymonkey]

Hmmm, I haven't gotten much info about this, but IIRC it's not really about replacing or upgrading E-Mail, but rather about replacing snail-mail entirely. Documents with signatures and so on can now be sent as e-mail instead of in quaint old envelopes...

No, thank you.

[Mortiss]

I can encrypt on my own and Gmail already does a fine job removing spam. I don't need a Government oversight and much less a possibility of paying per message for this "privilege".

Re:No, thank you.

[TheRaven64]

Then why not use existing standards? We already have S/MIME, which allows a digital signature to be used to sign and encrypt mail. Simply pass a law saying that emails with S/MIME encryption and a certificate signed by the government's CA are viewed as legally binding. Then, anyone can continue to use existing clients, can continue to use existing servers, and can just get a certificate signed by the government if they want to opt in to this.

Every mistake in the book

They put a price on every email.

The system will not provide end-to-end encryption: Mail will only be encrypted to and from the mail service providers.

While the accounts are free, individual mails will cost money.

Mail delivered to these accounts will count as delivered to the recipient, so any respite associated with the delivery starts running. Don't read your email regularly - miss deadlines.

Did I mention that mails cost money?

I have recommended to everyone who has asked me to stay away from this system if at all possible. Don't even get an account.

Re:Every mistake in the book

[crtreece]

Anything sent via snailmail that is expected to be time sensitive and/or legally binding would require a signature, it would not just be left in the mailbox.

Or it would be sent via FedEx or UPS, again requiring a signature.

Not so sensitive items, bills and such, don't require a signature, but you're still on the hook. Mail carrier left the door to the mailbox open, and your mortgage payment invoice got blown down the road? You are still on the hook for the payment.

Re:Every mistake in the book

[mxs]

Mail delivered to these accounts will count as delivered to the recipient, so any respite associated with the delivery starts running. Don't read your email regularly - miss deadlines.

How is this different from mail delivered to your snailmail box? "I wasn't at home" has not been a particularly good excuse for a very long time.

Actually that is a very, very good excuse when you require proof of delivery/acceptance -- since those are usually signed-for. Recipient not there to sign ? No proof of personal delivery. The difference with DE-Mail is that messages count delivered when they hit your service provider, no matter whether you read your account or not. This can have far-reaching consequences under German law.

The lack of end-to-end encryption is another matter entirely, and a rather obvious strategy to ensure that the government can eavesdrop. So much is clear.

Yes, and the lies and bullshit they spew when defending this are even more so. Too bad too few people will get the message -- or care.

Basically the whole things boils down to a giant waste of money and resources for everybody. Well, everybody not implementing such a system and getting paid for it.

Re:out of thin air?

[ludwigf]

Wikipedia: "The project was announced in 2008"

Google: couldn't find a coverage of de-mail on /. before

Living in Germany I've heard about it several times before.

Looks like my Aunt was right...

[fortfive]

...when she sent me an forward claiming the government was going to start charging for email!

Why use de-mail when gpg exists?

[bl8n8r]

Why would I volunteer to use a government sponsored program that I may get charged for when I can just use Enigmail in Thunderbird, or gpg the message otherwise?

Second problem: "It will allow service providers to charge for sending messages".

Major fail. It sounded almost good until I read that.

Re:Why use de-mail when gpg exists?

[AtillaTheMagyar]

Email is different from physical home security and to compare the two I think is a bit of a red haring. That DEA case referenced where Hushmail hacked their user to get the password to decrypt their private key and stored messages shows a fundamental weakness in their system's design. I would never leave my private key on someone's server, even if it's encrypted. It's just too tempting for a government agent to strong-arm the provider into doing exactly what hushmail did. Court order? Sure, they complied with the law but here we're talking about the 'ability' of a third-party to decrypt messages. I have one key, you have another. I should be able to send to you without anyone else being able to decrypt it. Luckily, there are other systems out there like GPG which people can feel safer with. There are even some companies trying to automate everything like TrulyMail so non-technical users can also get things up and running. Is there a perfect solution? Not yet, but I see things getting better with time.

Czech govt. already did

[jmak]

And it's been a failure, for a number of reasons:

- it cost a fortune to deploy
- one message costs an equivalent of about 1 USD, which means no one uses it except for communicating with the government
- it relies on a proprietary (although free as beer) rather obscure application for Windows, fortunately a non-profit foundation later developed a cross-platform library for accessing the mailbox
- once you register into the system, any official letter you get is automatically considered delivered, so you cannot deny receiving it, that's why any sane lawyer will discourage from getting such an account ever unless you are obligated to

Obviously, because so much money already burnt, the mailbox system is here to stay.

Obligatory

[moonbender]

Your post^Whuge government engineering proposal advocates a

( ) technical (x) legislative (x) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Obligatory

[moonbender]

Cryptographically signing emails has been possible for decades. The government could have lead by example by simply doing that on a wide scale, encouraging businesses to do the same. For instance, after buying stuff online, you unfailingly get an invoice per mail, something I think businesses are pretty much required to do (if they don't snailmail it, of course); why not just require them to sign it for it to be a valid invoice. Of course, signing and encrypting go hand in hand, and LEO and the interior intelligence service are scared out of their wits of public key crypto gaining wide usage. Hence this train wreck.

Re:OpenPGP

[Alain+Williams]

This is the way to go, it is what I use when I want to send encrypted email. There are some big problems with PGP/GPG where government could help, these are:

• not enough people use it. A government push would speed adoption, if government departments use it then others will follow -- that is probably all that they need to do.
• helping with key management and verification. I would be happy to pay a small charge (say £10 one off) to have my key verified against passport, ...

Once they have done that then the normal commercial forces would kick in: some people would pay for s/ware that works, others would use FLOSS; it doesn't really matter -- it is the standard that is important.

Mail signing -- encryption is a completly different problem from spam prevention, we must not conflate the two.

if it's anything like Deutsche Post's E-Postbrief

[itsme1234]

... they better forget it.
It costs from 55 eurocents to send one "email" (to multiple euros if you want confirmation, even if there is no snail-mail/paper involved). The interface is arcane with no 3rd party integration, of course there's no end-to-end encryption (and the "mails" are way less legally protected than normal post) and there are some really nasty conditions attached:
- you have to check your mail EVERY WORKING DAY (that includes Saturdays, not that it matters)
- you can't delegate this "check mail" duty to anybody (note that there isn't anything wrong in letting your wife/neighbour/etc in charge of your physical mailbox if you trust them).

Re:out of thin air?

[tomhudson]

Because the editors choose the shittiest submissions. (I sent a few too.)

You sent in a few of the shittiest submissions?

No wonder you're posting A.C.

Re:out of thin air?

[muuh-gnu]

DHL, i.e. "Deutsche Post" isnt participating in De-Mail at all. Since the basic purpose of De-Mail was to obsolete a large part of legally binding snail mail, and Deutsche Post realized they would be hit the hardest by this, they developed their own competitive service called "Deutsche Post ePostBrief", which works exactly the same as De-Mail, but of course isnt compatible with De-Mail, so you cant interchange legally binding emails between providers. Deutsche Post is kinda alone in their camp, since basically everybody else (ISPs, Email-Providers) is in the De-Mail camp.

What both of course have in common is that there is no end-to-end encryption, so now you have not only to trust your lawyer/bank/doctor for confidential stuff, but now you also have to trust the carrier. Oh, and, in order to not hurt their snail mail business, every "Deutsche Post ePostBrief" will cost EUR 0,55, exactly as much as a snail mail.

There's something like that in Italy as well

[opus_magnum]

named PEC: (http://tools.ietf.org/html/draft-gennai-smime-cnipa-pec-08> ) which has the same legal validity as certified mail.
There's also a variant (CEC-PAC) to communicate with government offices only.

Re:Email should cost one penny per message

[Stormy+Dragon]

1 penny where?

If the sender's e-mail server is charging the penny, how does the recipient's server verify that the penny has actually been collected? If it means only accepting e-mail from servers at known ISP's you're going to break most business e-mail servers. Also, it's essentially just a white list, so why not just implement a white list and forget about the money.

If the recipient's e-mail server is charging the penny, how do you verify who sent the e-mail so you know who to charge? Also, even if you do get rid of spam, you just created a new replacement fraud. The spammers infect a million computers and get them each to send one e-mail to random addresses at the spammer's e-mail server. Viola, the spammer gets to collect $10,000.00 How many people are going to notice their e-mail bill is off by a couple of pennies that month?

This is setting aside that the financial system isn't really prepared to handle billions of one penny transactions every day. You can aggregate, I suppose, but who verifies all the e-mail servers are doing their bookkeeping properly?

Great big pile of sh*t

[garry_g]

Yet another example of either clueless politicians, attempting to do "a good thing" all the while creating on over regulated, technically inferior system, or the clever attempt to get yet another way of snooping on the people while making them "feel good and safe" ...
The good thing at the moment is that it's not mandatory to have or use the POS email service. At the prices currently discussed(55 âcent per email - same as for a regular letter!), I doubt it will find many people who are interested in using it. Though they have said that prices "may" go down ...
And yes, the standard usually means the mail will be decoded by the MITM, to check for spam (yeah right, at .55â a piece?) or virus/malware (whoah - get a worm on your machine, let it send out millions of DE-Mails - get poor in the process - at least then you won't be able to afford any more internet, removing one more botnet machine from the net), then re-encode for the recipient. The standard is supposed to include the option for end-to-end encryption though, but I'm not sure under which circumstances ... Anyway, as the DE-mail is kept on certain provider mailservers, with current law interpretation, any court could order all the mails to a certain person (or from) to be handed over to law enforcement ...

Problem is the typical chicken and egg dilemma - too few people use public key crypto, because they don't know (or care) about it, so the ones who would use it don't have any recipients to send to, so less people use it ...
Guess everybody should start using a footer with a link to a web page that explains for computer dummies how to set up and operate GPG/PGP and forget all about this crap government control attempt ...

Re:OpenPGP

[jgrahn]

This is the way to go, it is what I use when I want to send encrypted email. There are some big problems with PGP/GPG where government could help, these are:

• not enough people use it. A government push would speed adoption, if government departments use it then others will follow -- that is probably all that they need to do.
• helping with key management and verification. I would be happy to pay a small charge (say £10 one off) to have my key verified against passport, ...

Once they have done that then the normal commercial forces would kick in: some people would pay for s/ware that works, others would use FLOSS; it doesn't really matter -- it is the standard that is important.

Right on. All I'd have to do is to trust the German key (they could publish the fingerprint in Frankfurter Allgemeine Zeitung or something) and I could communicate with anyone in .de.

And that is why I resent the "OMG I would never trust a system where the government is involved!" comments here. Handing out public identities for people is precisely what governments *are for*. Without the government, we are clearly stuck where we are today: with unsigned and unencrypted mail.

That's the problem isn't it?

[HotNeedleOfInquiry]

I'd love to have widely adopted secure end-to-end non-reputable email, but I think it will be a cold day in hell before *any* government will support a standard that doesn't permit them to read the email at will.