Slashdot Mirror

← Back to Stories (view on slashdot.org)

Deutsche Telekom Moves Email Traffic In-Country In Wake of PRISM

Posted by timothy on from the anonymity-is-for-crazy-paranoid-people dept.

kdryer39 writes "Germany's leading telecom provider announced on Friday that it will only use German servers to handle any email traffic over its systems, citing privacy concerns arising from the recent PRISM leak and its 'public outrage over U.S. spy programs accessing citizens' private messages.' In a related move, DT has also announced that they will be providing email services over SSL to further secure their customers' communications. Sandro Gaycken, a professor of cyber security at Berlin's Free University, said 'This will make a big difference...Of course the NSA could still break in if they wanted to, but the mass encryption of emails would make it harder and more expensive for them to do so.'"

43 of 180 comments (clear)

  1. This makes sense by Anonymous Coward · · Score: 5, Insightful

    Germany is one of the hotspots for Boundless Informant. It appears that the US spies on Germany as much as it does on China.

    1. Re:This makes sense by ackthpt · · Score: 4, Interesting

      Germany is one of the hotspots for Boundless Informant. It appears that the US spies on Germany as much as it does on China.

      The NSA will probably next be cornering the market on high GPU count graphics cards.

      --

      A feeling of having made the same mistake before: Deja Foobar
    2. Re:This makes sense by fuzzyfuzzyfungus · · Score: 4, Informative

      Germany is one of the hotspots for Boundless Informant. It appears that the US spies on Germany as much as it does on China.

      It makes somewhat less sense given that the US spies on Germany with considerable assistance from the German BND...

      I can understand why Germans would Not want their emails passing through American control; but it looks like they'll have to clean house if they want to be able to do that just by going domestic.

    3. Re:This makes sense by camperdave · · Score: 2

      The NSA will probably next be cornering the market on high GPU count graphics cards.

      I would think the NSA could afford to get proper task specific processing units instead of kludging together something on banks of repurposed NVIDIA hardware.

      --
      When our name is on the back of your car, we're behind you all the way!
    4. Re:This makes sense by Anonymous Coward · · Score: 5, Interesting

      Germany is one of the hotspots for Boundless Informant. It appears that the US spies on Germany as much as it does on China.

      It makes somewhat less sense given that the US spies on Germany with considerable assistance from the German BND...

      I can understand why Germans would Not want their emails passing through American control; but it looks like they'll have to clean house if they want to be able to do that just by going domestic.

      Notice that they bitch about PRISM... but don't bother mentioning the UK's program, or any of the other monitoring programs run by various governments around the world. The US is hardly the only country doing it, but it's popular to bash on America and it draws attention away from their own spy programs. The purpose of "in-housing" the email is so it's easier for their own agencies to access.

    5. Re:This makes sense by Fjandr · · Score: 5, Interesting

      Nvidia supercomputing clusters aren't "repurposed" for highly parallel tasks. That's what they're designed for. They don't just produce graphics cards.

    6. Re:This makes sense by Rockoon · · Score: 4, Insightful

      Graphics cards are cheaper.

      Since when did the government care about cost?

      --
      "His name was James Damore."
    7. Re:This makes sense by icebike · · Score: 2

      They care about lead time.

      You can order a truck load of off the shelf cards and have them at your bunker tomorrow.

      --
      Sig Battery depleted. Reverting to safe mode.
    8. Re:This makes sense by Anonymous Coward · · Score: 2, Funny

      Nonsense, all they have to do is setup some dummy site with some scientific information on it, like it's a bunch of researchers looking for aliens (seti@home) or looking for cures to cancer, etc... and a cute little graphic screensaver client or something people can look at to make them 'feel good' that they are doing 'something useful' - meanwhile it's really all NSA codebreaking that's really going on, and they have one heck of a supercomputer for free (or very little cost).

    9. Re:This makes sense by icebike · · Score: 2

      I can understand why Germans would Not want their emails passing through American control; but it looks like they'll have to clean house if they want to be able to do that just by going domestic.

      Yes, at best it sounds like the NSA will have to get get the data from the BND. Big deal! Looks more pre-packaged and easier to handle if you ask me.

      Also the summary has this nugget:

      Of course the NSA could still break in if they wanted to, but the mass encryption of emails would make it harder and more expensive for them to do so.'"

      Except that we all know that SSL protects traffic from one place to another, but not as the email sits on the mail servers. So one tap into their server farm and all the SSL in the world won't help, because its stored in cleartext.

      --
      Sig Battery depleted. Reverting to safe mode.
    10. Re:This makes sense by icebike · · Score: 4, Informative

      SSL is enabled by flipping a switch, but it offers no real protection when some three letter agency can surf your mail server farm with their fiber back door.

      There is a lot of posturing going on in that article.

      --
      Sig Battery depleted. Reverting to safe mode.
    11. Re:This makes sense by stenvar · · Score: 2

      SSL doesn't even offer protection for transmission against the German government, given that the certificates are issued by Telekom itself.

    12. Re:This makes sense by Anonymous Coward · · Score: 2, Informative

      Have you lived in a cave for the past five years? GPUs are where it's at for hashing algorithms. A thousand SIMD cores with a generic instruction set to perform all sorts of math? The only thing that could do better right now is if you designed the ASIC yourself.

    13. Re:This makes sense by Mashiki · · Score: 3, Informative

      If you want tens of thousands of video cards, you are going to have to make a deal with a manufacturer.

      Yeah...no. If I wanted 5000-10000 video cards tomorrow, I'd call up Ingram Micro and say "this is what I want" and they'd get me X pricing per-unit in bulk(orders over 6k units get special pricing). I *have* ordered quantities of things like HDD's, and videocards in the 2500-5000 unit range in the last decade. I couldn't have 8000 cards tomorrow, but I could have every videocard in every warehouse that they own in North America for me in three days, expedited.

      --
      Om, nomnomnom...
    14. Re:This makes sense by nosfucious · · Score: 2

      Dell, et al, does not have thousands in stock. Dell, and I imagine all other manufacturers, has at most, a few days worth of stock.

      That isn't thousands. That's way to much inventory.

      For a major manufacturer like Dell, suppliers often set up nearby stocking warehouses. Only single truck or a few small trucks work the route (could be a even forklift worth at a time).

      Inventory requires space and management. Space is money. Management is money. All money that could be profits. The hoy grail here is just having enough stock on hand to fullfil the next shifts worth of builds. Not a single one more.

      Off topic: This is why the big players get a great deal on real-estate and buildings in industrial parks. Because they bring in other tennants that will be there at nearly any price, just to be working with the key tennants.

      --
      Q:I was listening to a CD in Grip and it sounded horrible! What's up? A:Perhaps you are listening to country music
  2. What mass encryption? by BLKMGK · · Score: 3, Insightful

    SSL is a transport crypto, if they "break in" the data is still stored in clear text on the servers. This was a crypto professor?? Wow...

    --
    Build it, Drive it, Improve it! Hybridz.org
    1. Re:What mass encryption? by BLKMGK · · Score: 3, Interesting

      My point is that SSL encrypts in transit not at rest. While sniffing the traffic and breaking the SSL is likely hard, if done right and new breaks notwithstanding, but when the code lands on the mail server it won't be STORED encrypted. At that point one need only break into the server and dump the data unencrypted back to the mothership. SSL will have done nothing but made it harder to sniff the traffic. She seems to allow for the idea they may and could break in and seems to think the SSL provides some protection against this - I'm baffled.

      This woman said "... Of course the NSA could still break in if they wanted to, but the mass encryption of emails would make it harder and more expensive for them to do so." and she was referring to their plan to use SSL transport encryption.

      Her comment makes NO sense and this is what I was trying to point out, I didn't think I'd have to explain it to this level. She seems to think that because they've used SSL in transport that someone breaking into the server is going to be faced with a crypto problem because of it - they won't. If that's truly what she thought and she was quoted accurately then I'm shocked that she claims any sort of knowledge about cryptography. Transport crypto does nothing at all for STORAGE. If all a bank ever did was rely on SSL then someone breaking into their website would have a field day with the unencrypted access to the data!

      P.S. What web mail based email service DOESN'T use SSL transport? If they were allowing their customer's email to go over the wire unencrypted prior to this then I'm, again, in shock!

      --
      Build it, Drive it, Improve it! Hybridz.org
  3. Thiscould be the beginning by Teun · · Score: 4, Interesting
    This could be the beginning of US companies being shunned for what their government is doing.
    Because this message will hit the front pages and prime time news.
    Although many Europeans say they've got nothing to hide they are jstill pissed off about the warrant-less spying an outside, previously considered friendly, force is doing upon them.
    I am really sad about the need for this walling off, it defeats the great idea and ideal of a world-wide network.

    But it seems to be necessary, if only as a message to the perpetrators because we know nothing is unbreakable.

    And please do remember this mail will still be accessible to German courts but now on their own conditions.

    --
    "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    1. Re:Thiscould be the beginning by Spottywot · · Score: 4, Interesting

      There is a certain amount of dick waving about this, but the more companies and countries that embarrass America and the NSA the better.

      --
      In a cybernetic fit of rage she pissed off to another age...
    2. Re:Thiscould be the beginning by stenvar · · Score: 4, Interesting

      This could be the beginning of US companies being shunned for what their government is doing.

      That's not "the beginning", it's a long, drawn-out process of European politicians and European corporations throwing whatever shit they can at the US in order to try to get Europeans to use European servers and services. They want that both because it means more revenue for them, and because it's easier for European governments to spy on their own citizens if they use European servers.

      And please do remember this mail will still be accessible to German courts but now on their own conditions.

      Are you really so naive that you think "courts" are involved? German government agencies have nearly free reign in what they access within Germany and what they do with it. You're probably still better off using a US server; the NSA may be listening in to everything you say, but the German government will have a much harder time to get at that information.

    3. Re:Thiscould be the beginning by ISoldat53 · · Score: 2

      Ironic. I wonder how much of the intel goes directly to US corporations?

  4. Re:so.... by chilvence · · Score: 5, Insightful

    I find it a beautiful irony that the country that invented the gestapo and the stasi finds the nsa a little bit too much :)

  5. Re:so.... by chilvence · · Score: 3, Informative

    Dear America

    We like Canada more than you

    Sincerely

    Everyone else.

  6. Re:so.... by Rosco+P.+Coltrane · · Score: 4, Insightful

    I find it absolutely frightening that the citizens of the country that supposedly stands against the tyranny of organizations like the Gestapo and the Stasi not only have not overturned their government over this huge scandal, but in fact mostly agree with the surveillance program.

    Americans deserve what's coming to them.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  7. Re:Pointless by hydrofix · · Score: 5, Interesting

    German companies now rate U.S. as the second worst risk to industrial espionage, only second to China. Even Russia is considered a more trustworthy IT partner than the Americans. It's not only the private citizens who care for some privacy.

  8. T-Mobile USA? by MrEricSir · · Score: 2

    Does this affect Deutsche Telekom subsidiaries such as T-Mobile USA?

    --
    There's no -1 for "I don't get it."
  9. Re:so.... by Anonymous Coward · · Score: 2

    Dear America

    We like Canada more than you

    Sincerely

    Everyone else.

    Dear Everyone Else:
    We find it rather disturbing that you're completely ok with mass spy programs until it's the US doing it. We find it upsetting that you only seem to care about WHO is fucking you up the ass, but not the fact that you're getting your anus violated in the first place.

  10. SSL security by ubeatha · · Score: 2

    What's stopping the NSA from man in the middling all this SSL traffic? They have the fibre providers rooted, I find it hard to believe that they don't have to print certs like the treasury prints money. I seem to recall China doing something similar with one of their root CAs a couple of years back.

  11. Re:so.... by Anonymous Coward · · Score: 5, Insightful

    Dear Everyone Else

    We like Canada more than America too

    Sincerely

    Americans

  12. Re:Pointless by Anonymous Coward · · Score: 3, Funny

    You could, for example, type "NSA engaging in industrial espionage" into Google.

  13. No more NSA splitter? by AHuxley · · Score: 4, Informative

    "95% of intra-German Internet communications are routed via a switch in Frankfurt."
    From the EU "Temporary Committee on the ECHELON Interception System"
    http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A5-2001-0264+0+DOC+PDF+V0//EN&language=EN
    How will SSL be "harder and more expensive" for the NSA/GCHQ if a friendly German agency just hands over the keys again?
    Seems like the West German post war telco system was designed to track Soviet/East German contacts via a few central locations.
    Why would the US need to "break in" if they where in on the design and have a great generational working relationship with German telcos and intelligence agency staff?
    i.e. "still doesn't prevent governments from getting information"

    --
    Domestic spying is now "Benign Information Gathering"
  14. Re:so.... by icebike · · Score: 4, Insightful

    Americans deserve what's coming to them.

    Actually we don't.

    It matters not a wit who we elect, because the NSA/CIA are somehow above the law, and quickly co-opt every elected official.
    We can do about as much about this as your lowly jewish shop keeper could do in 1938. We are totally screwed here, and its small comfort that you are in the same boat with your own government's spying programs.

    --
    Sig Battery depleted. Reverting to safe mode.
  15. Re:so.... by couchslug · · Score: 4, Funny

    Dear Everyone Else

    We are delighted you like our norther corporate appendage more than us

    That will increase its value after assimilation is complete

    Sincerely

    America

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  16. Not all governments throw people away by copponex · · Score: 4, Interesting

    ATF uses fake drugs, big bucks to snare suspects

    It's the drugs â" though non-existent â" that make that possible because federal law usually imposes tougher mandatory sentences for drugs than for guns. The more drugs the agents say are likely to be in the stash house, the longer the targets' sentence is likely to be. Conspiring to distribute 5 kilograms of cocaine usually carries a mandatory 10-year sentence â" or 20 years if the target has already been convicted of a drug crime.

    That fact has not escaped judges' notice. The ATF's stings give agents "virtually unfettered ability to inflate the amount of drugs supposedly in the house and thereby obtain a greater sentence," a federal appeals court in California said in 2010. "The ease with which the government can manipulate these factors makes us wary." Still, most courts have said tough federal sentencing laws leave them powerless to grant shorter prison terms.

    To the ATF, long sentences are the point. Fifteen years "is the mark," Smith said.

    "You get the guy, you get him with a gun, and you can lock him up for 18 months for the gun. All you did was give this guy street creds," Smith said. "When you go in there and you stamp him out with a 15-to-life sentence, you make an impact in that community." ...
    [A defendant's] lawyer, Michael Falconer, said he wouldn't be opposed to the drug-house stings if he thought the ATF could make sure they were aimed only at people who were already ripping off drug dealers. "But on some level," he said, "it's Orwellian that they have to create crime to prevent crime."

    You know what the US government won't do for that same individual? Ensure they have a decent education, a basic level of care for their mental and physical health, a safe neighborhood, and a real shot at becoming a contributing member of society even though that would cost less than convicting them of thoughtcrime and throwing them in prison for fifteen years. Instead we pay for some kitted out machine gun-toting pigs to play cowboy rather than policing the streets like officers. Not incidentally, they're too chickenshit to get out of their cars in a lot of those neighborhoods. Yet they still collect their paycheck and their pension, live way out in the suburbs to avoid the desperation they help create with their cowardice, and pat themselves on the back for being heroes.

    Now imagine you're an immigrant, or an Iraqi, Yemeni, Afghani, or Syrian. You're worth even less than a citizen. You're trash. You're not even a speedbump on the way to some policy goal rooted in geopolitical theories that have been dead to the rest of the world since the 80s. The kind of policy that sends a million troops and five trillion dollars to a sanctioned, isolated nation, and ends up destabilizing the entire region, massively aiding Iran, and stoking tensions between Shia and Sunni, all while avoiding a single hint of punishment for Saudi Arabia or Pakistan where all of the funding and most of the terrorists for 9/11 came from. Oh, and as a plus: where al Qaeda was unheard of before, they now have another weak state to operate from. Brilliant.

    That's why the rest of the world despises the American government. It's not our freedom. It's our complete lack of principle, abject hypocrisy, and massive state violence that they hate. And with our apathetic political landscape, they're beginning to tire of Americans individually for being lazy, ignorant, wasteful, and greedy. We just sit here and take it; a nation of lolling toddlers waiting on the next innovation in fast food and reruns of Pawn Stars while our wealth is squandered in military adventurism that has killed millions of innocent people in only five decades.

    PRISM is just icing on the rotting carcass that once wa

  17. Re:so.... by Anonymous Coward · · Score: 2, Informative

    I find it a beautiful irony that the country that invented the gestapo and the stasi finds the nsa a little bit too much :)

    Perhaps they learned from it?

  18. Perhaps it's time for mail clients to return? by laird · · Score: 2

    Perhaps it's time for mail clients to make a comeback.

    With end-to-end encryption, such as PGP, GPG or S/MIME, users control their own security and don't have to trust anyone in between, so all the ISPs could know (and leak to whoever wants to spy on their users) is the email addresses in the routing, not the email contents. These problems were all solved many years ago. Sure, mail clients aren't as convenient as webmail, but if there's a concerted attack by our ISPs on our private communications, the least we can do is fight back.

    There are secure mail clients for pretty much every OS. So no easy browser access, but that's the cost of controlling your own communications.

    --
    Enable 3D printed prosthetics!
    1. Re:Perhaps it's time for mail clients to return? by geminidomino · · Score: 2

      Good luck with that.

      Even back before local mail clients started to fall by the wayside, setting up [P]GP[G] generally involved a lot of not very user-friendly hoop-jumping. Then, after you finally got it to work (or you went with one of the niche mail clients whose only real functionality was the encryption), you had to deal with keys.

      By the time you got your keys ready to go, and assuming you could find someone who could/would sign it, etc... you most likely realized that 100% of the people you were likely to email in the next 24 months would not be jumping through the same hoops, so you were good to go, but it was still ultimately useless to you.

      If, by some miracle of statistical noise, you did end up in email communication with someone who had both the patience and inclination to go through the same setup, and that setup was compatible with yours, he/she was probably on the other end of the continent, if not on a different one, which made the traditional model of face-to-facing for key exchange impractical, at best. Of course, various middle-men services sprang up for a while to facilitate that process, which pretty much defeated the purpose of that process.

      I'm not saying that end-to-end encryption isn't useful. Not even close to saying that. But if we're being honest, it's not something that's feasible to work for the mundanes any time soon.

  19. Re:so.... by geminidomino · · Score: 4, Funny

    Dear Anonymous Mk II,

    "Who is dicking whom."

    Sincerely,
    Ms. Bluebell, your sixth grade English Teacher

  20. why bother when you already have the keys? by SuperBanana · · Score: 5, Interesting

    The NSA will probably next be cornering the market on high GPU count graphics cards.

    What makes you think they don't have the private keys already, or can't get them?

    At this point it's probably not unreasonable at all to assume that the NSA either has their foot in the door somehow, or simply National Security Letter's the CA into giving them any keys they want. Technically, all they'd need is the CA's keys, as that's all that protects *your* private key when it's in transit to you, since they're already snooping for everything else.

    Really, the current CA system is a dream for the NSA - encryption that is controlled completely by a small group. It's now making a lot of sense why they went after Zimmerman for PGP. The peer-to-peer trust network and person-to-person encryption must've scared the shit out of them.

    While we're on the subject of reasonable assumptions - it seems reasonable to assume that the NSA has worked to insert weaknesses and vulnerabilities in most open-source encryption software. Whether they've been successful or not is what we need to know. Remember the fuss a few years ago with IPSEC, OpenBSD, and the FBI?

    --
    Please help metamoderate.
    1. Re:why bother when you already have the keys? by Anonymous Coward · · Score: 4, Insightful

      Technically, all they'd need is the CA's keys, as that's all that protects *your* private key when it's in transit to you

      No it's not!

      You have your private key, and public key, which is signed by a CA. The private key never leaves the server. Thats why it's called "PUBLIC key cryptography"

  21. Re: Pointless by Anonymous Coward · · Score: 3, Informative

    I suppose you could read the wikipedia article, but the EU report on ECHELON has a nice section (10.7) outlining the known history of state-involved industrial espionage: http://cryptome.org/echelon-ep-fin.htm#10

  22. Re:Pointless by jma05 · · Score: 3, Interesting

    Just wait 1-2 weeks. The next batch of revelations is due to start in about a week.
    Source: http://www.reuters.com/article/2013/08/07/us-usa-security-snowden-brazil-idUSBRE97600L20130807

    The documents concerning this are expected to be included in them.

      “The pretext [given by Washington] for the spying is only one thing: terrorism and the need to protect the [American] people. But the reality is that there are many documents which have nothing to do with terrorism or national security, but have to do with competition with other countries, in the business, industrial and economic fields," Greenwald said on Tuesday.

    Source: http://rt.com/news/journalist-thousands-snowden-documents-143/

    So, no concrete evidence yet; but it is coming soon.

  23. Re:so.... by Anonymous Coward · · Score: 2, Insightful

    You fucking hypocrite. Why don't you read about how the Nazis came to power. As I am not German, I can only assume it's dumb-assed people like you that don't read the history books.

    Start with this link,
    http://en.wikipedia.org/wiki/Adolf_Hitler's_rise_to_power

    In case you are a "TL;DR", just look at the section "Seizure of control"
    In case you are still too fucking lazy, my response to your comment is "ditto".

    Remember, I'm not German - I've just studied history ... and that makes one of us.

    Now go fuck yourself.