German government publishes law to guarantee 'right to encryption'
The Federal Ministry for Digital and Transport Affairs (BMDV) has drawn up a draft bill that will make end-to-end encryption mandatory for messengers and cloud services in the future.
While governments around the world are planning to undermine strong encryption with client-side scanning, the German government now steps up for protecting citizen’s right to privacy. This comes at no surprise as Germany is known for its strong data protection laws, which are also one of the reasons why Tuta is based in Germany.
Beginning 2024, German net activists from Netzpolitik.org have published the draft law that aims at making end-to-end encryption mandatory for messenger, email and cloud service providers.
You can read the full text of the law here (in German).
The newly published draft law follows the 2021 coalition agreement of the German government of SPD, FDP and the Greens. Back then the plan to introduce a right to encryption was met with great approval, especially among security experts and net activists.
Applauding the new law
We at Tuta are excited to see this draft bill being published in Germany – where we are based – exactly at the time when we are celebrating ten years of Tuta (formerly Tutanota). Ten years ago the world’s first end-to-end encrypted email provider was launched in Germany.
Read more on the launch of Tuta(nota) and our road to success.
Now Germany could be the first country worldwide to enshrine the right to encryption into federal law.
This is amazing news not just for us as an encrypted email service, but much more so for all citizens and businesses: Once this draft law of the German government is being passed, they will finally get a guarantee for the secrecy of digital communication.
This would be huge improvement when it comes to cybersecurity, and one much needed in times where cyberthreats, malicious attacks, (state-sponsored) surveillance, and industrial espionage is constantly growing.
The draft law in wording
The new law sets a new standard: People should be able to use end-to-end encryption “wherever it is technically possible”. In the text it is explained why this clear requirement to cloud providers is necessary: “Although end-to-end encryption is now the industry standard, individual messenger services do not use end-to-end encryption or only use it for certain functions, without this being justified by technical restrictions.”
The draft law pushes for strong end-to-end cryptography to guarantee the secrecy of communication: “It is an essential contribution to guaranteeing the fundamental rights to telecommunications secrecy and the confidentiality and integrity of information technology systems and to cybersecurity”.
The digital policy spokesperson for the FDP parliamentary group, Maximilian Funke-Kaiser, tells Netzpolotik.org that the law is a necessary measure to prevent future attacks on online confidentiality with legislative approaches like Chat Control:
“We are granting users of messenger, email and cloud services the right to always transmit their communication and data end-to-end encrypted and obliging providers to offer this option. In this way, we increase acceptance for the use of encryption technologies and protect the digital privacy of every single citizen.”
While the bill is still a draft and has not yet passed the German Parliament, there is reason to celebrate: For once politicians want to strengthen encryption, not undermine it.
Yet, the fight is not over. Now we must make our voice heard so that the bill actually gets passed as planned in April 2025.
Read the full text of the law (in German).