Slashdot Mirror

← Back to Stories (view on slashdot.org)

French, German Leaders: Keep European Email Off US Servers

Posted by timothy on from the at-least-those-countries-don't-spy dept.

jfruh writes "In her weekly podcast, German Chancellor Angela Merkel said she'd be discussing European email security with French President Francois Hollande. Specifically, in the wake of the NSA spying revelations, the two leaders will try to keep European email off of American servers altogether to avoid snooping. This comes as Merkel's government faces criminal complaints for assisting aspects of the NSA's programs."

6 of 115 comments (clear)

  1. You, uh... Know... by Greyfox · · Score: 4, Informative
    That won't avoid snooping, right?

    You COULD mandate end-to-end encryption if you were really that worried about it. That probably also wouldn't avoid snooping, but it'd make it a bit more difficult. We should probably also move away from using the browser as a mail client. But you're not really worried about snooping, are you? You're just worried about US snooping.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  2. Lest anyone forget by cold+fjord · · Score: 4, Insightful

    The German Prism: Berlin Wants to Spy Too
    French officials can monitor internet users in real time under new law

    And some of the reports of "NSA spying" were in fact NSA being given phone data from European agencies.

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  3. Re:Huh? by Rosco+P.+Coltrane · · Score: 4, Funny

    You mean if one were to send an email from Munich to Paris, it'd cross the Atlantic and come back?

    Depends... Sometimes the German Army brings it directly in person.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  4. Let's be realistic. by Arancaytar · · Score: 5, Insightful

    If you're sending an email from anywhere to anywhere, odds are that at least one or both of you are using an email account with one of the big US-based internet companies (Google, Yahoo, Microsoft, etc.). Or you don't even bother with email and use Facebook instead.

    So your message is very likely to not only cross the Atlantic, but also get stored and backed up redundantly in several datacenters including servers in the US. This has nothing to do with internet architecture, just market forces and poor consumer options.

    Internet routing only begins to matter to email security if your email account is hosted privately or by a local organization - and even then, you're better off securing the email by encryption than trying to compartmentalize a network that was designed from the beginning to ignore physical locations and borders.

  5. Yes, and changing that is not an option by saibot834 · · Score: 4, Interesting

    You mean if one were to send an email from Munich to Paris, it'd cross the Atlantic and come back?

    NSA aside, that's a pretty sucky setup.

    It's how the Internet works. To quote directly from the experts: A target's phone call, e-mail or chat will take the cheapest path, not the physically most direct path.

    Physical distance is not as important as congestion on the routes. So it might very well be that your data takes a much longer path that what you'd think, simply because it uses the fastest way, not the shortest.

    Angela Merkel's approach is pretty idiotic, and it cannot fix the problems. First of all, most emails are routed through the US either because the sender or the recipient has an American email provider (Germans love Gmail, too). Secondly, even if that is not the case, can you be sure that the NSA doesn't spy on traffic in Frankfurt? It wouldn't surprise me.

    Only true end-to-end encryption can be a solution. The government in Germany is currently pushing for DE-Mail, which relies on transport encryption only. So that means that your email provider can still snoop and so can the German government, which is probably the reason why they designed it like that in the first place. End-to-end encryption would have been possible, especially since the German government is spending much money rolling out their own PKI, with keys for every citizen right on their new national ID card.

    There's a presentation about DE-Mail from last December's Chaos Communication Congress, it's worth watching (video also has an audio track with English translations).

  6. Re:As a Canadian by FireFury03 · · Score: 4, Interesting

    It's even a law in Canada to prohibe company with data on canadians people to avoid any storage/transport of these data using any IT infrastrure in the USA.

    The data protection act has restrictions on exporting data... In my experience pretty much everyone is ignoring those restrictions when it comes to migrating to "cloud" services, and that's not going to stop until people start getting hit by big fines.

    --
    http://blog.nexusuk.org