Fighting for privacy: How encryption & data protection laws safeguard your emails.

Why are data protection laws important?

Tutanota encrypts your entire mailbox end-to-end so that no-one but yourself has access to your private emails. Tutanota protects your personal data to the maximum. Find out why we believe that everybody's right to privacy matters and why it is time to fight for it.

As there is no law against whispering into someone's ear to hold a private conversation, in our opinion the same must be true for an online conversation. Tutanota's automatic end-to-end encryption allows you to do just that: Hold a private conversation online with our anonymous email service.

Due to the encryption in Tutanota no one can access your stored data, not even we can access your encrypted data. However, we do have access to metadata - sender and recipient of an email, date of emails sent. So even though we have very little data, it is important to know what German authorities can and cannot ask for, and under what circumstances.

Mass surveillance vs. individual investigation

In democratic societies such as Germany, the law must allow the authorities to investigate criminals while at the same time protect citizens' right to privacy and freedom of speech. However, in recent years, we regularly hear calls from politicians - also German politicians - to limit citizens' right to privacy for increased state surveillance powers to counter terrorism. Even though mass surveillance has been proven useless to fight terror, there are still politicians calling for surveillance laws.

Fortunately there are also many institutions, particularly in Germany as we have experienced the injustice of living under all-round surveillance in East Germany, who do understand the necessity of privacy in a democratic society and its impact on freedom of speech.

German constitution guarantees right to privacy

Firstly, the right to privacy is guaranteed by the German constitution and, thus, regularly being defended by the Federal Constitutional Court in Germany. For instance, in 2008 German politicians introduced a data retention law.

The Federal Constitutional Court declared this law as unconstitutional in 2010. In 2015, a new data retention law was introduced. The law explicitly states that the German data retention does not include email communication. Politicians hope that by excluding emails from the data retention law it will not be declared unconstitutional this time. The Federal Constitutional Court has yet to decide about this. However, the data retention law is not being enforced because of a court ruling that the law violates EU law.

Data Protection laws in Germany

In Germany there are several laws that force companies like Tutanota to protect their users' data from illegal access. Data privacy regulations in the European Union (EU) are among the strictest in the world, and among all European member states, Germany has one of the strongest policies: the Federal Data Protection Act (Bundesdatenschutzgesetz).

This law protects users of Internet services. It puts the user in charge of what should be done with their data: Companies (=we) are not allowed to collect any personal information without express permission from an individual (=you), (i.e. name, date of birth, IP address). In Germany there is no law that could force us to submit to a gag order or to implement a backdoor.

It is also noteworthy that the previous German Federal Data Protection Act already covered a lot of aspects of the new European General Data Protection Regulation (GDPR), which came into effect on May 25th 2018. European privacy rights are some of the best in the world. The GDPR requires that companies protect personal information they handle. Any sharing of personal information such as a private home address, bank details, or CVs of applicants could lead to fines under GDPR. It is recommended to protect emails containing personal information with proper end-to-end encryption.

Find out here how Tutanota can help you to make your company use GDPR-compliant emails with built-in automatic encryption.

However, there are laws that allow authorities like the police forces to ask for data of suspects of a crime. There are three different kinds of data the authorities can ask for.

1. Inventory data

Personal data such as name, address and payment data are inventory data. In Germany, email service providers have an exceptional status when it comes to the storage of inventory data. Unlike telecommunications companies, email providers are not obliged to store inventory data (§ 111 TKG).

Thus, Tutanota can not be forced to collect and store inventory data. This is why we are able to not ask for any identifiable information upon registration so that you can use our secure mail service anonymously with a free account.

German law even explicitly calls on operators of data processing systems (§ 3a of the German Federal Data Protection Act) to avoid storing personal data whenever possible. § 3a of the Federal Data Protection Act – Data avoidance and data minimization:

"The collection, processing and use of personal data and the selection and design of data processing systems must follow the goal of collecting, processing and using as little personal data as possible. In particular, personal data are to be made anonymous or pseudonymous to the extent that this is possible according to the intended purpose."

When Can Inventory Data Be Requested?

If the data is available to a German mail provider, §113 TKG rules that the provider has to make the data accessible to German authorities if they deliver a request. Several authorities are allowed to ask for inventory data. Legitimate reasons for such requests are the persecution of criminal offences or the defense of public safety or order.

2. Traffic data

Traffic data consists of

• email addresses of sender and recipient
• IP address of the Tutanota client
• delivery time

Just like content data, traffic data is subject to the secrecy of telecommunications. Only German judges are allowed to request traffic data. This is only possible in case of serious criminal acts like murder, child pornography, robbery, bomb threats and blackmail (see § 100a StPO).

By default, we don't record IP addresses of our users. Therefore, IP addresses can only be recorded for a single user account after we received a valid German court order for a real time monitoring (TKÜ), but not for the past. There is no data retention law for email providers in Germany.

3. Content data

This term refers to your emails: subject, body and attachments. All emails in Tutanota are stored end-to-end encrypted and only you hold the decryption keys.

Just like traffic data, content data can only be requested by a German judge (§ 94, para. 2 of the StPO, § 98, para. 1, sent. 1 or para. 2, sent. 1 of the StPO) in case of serious criminal acts (see above for examples).

The German judge can either issue a seizure of a mailbox or a real time monitoring of the mailbox (TKÜ), or both. A seizure order under criminal law (§ 94, para. 2 of the StPO, § 98, para. 1, sent. 1 or para. 2, sent. 1 of the StPO) refers to the encrypted mailbox content. An order for real time monitoring of a mailbox refers to all emails received and sent from the relevant mailbox starting with the time of the order until a specified date (usually three months).

In case of real time monitoring (TKÜ), we have to provide contents of emails. Emails that are sent end-to-end encrypted with Tutanota can only be delivered in encrypted form. Emails that are sent unencrypted are delivered in plain text if they arrive after we have received a valid German court order for a real time monitoring (TKÜ). Plain text emails that have arrived before that have already been encrypted on the server and cannot be decrypted by us.

Conclusion

Privacy is a basic human right and we at Tutanota fight to protect your privacy with encryption. We successfully defend your private communication against mass surveillance and illegal access by state agencies and attackers alike.

In addition, in Germany there is no law that could force us to submit to a gag order or to implement a backdoor. We strongly believe that adding an encryption backdoor would extremely weaken everybody's security and, therefore, this must never be allowed. For that reason, Tutanota is open source so that security experts can verify that the code is portecting your encrypted mailbox to the maximum.

Please also take a look at our Transparency Report.