Dear Mr. Sunak, will you block access to encryption, just like Russia & Iran?
Tutanota: We will not 'walk out' of UK like Signal. Nor will we comply with any request to bypass our encryption.
Signal would walk, but we will not
Three days ago, the encrypted messaging app Signal said they would ‘walk’ from UK if the Online Safety Bill undermined encryption.
However, ‘walking out’ is not the solution here.
We at Tutanota say the opposite: We will not ‘walk’ from the UK. If Prime Minister Rishi Sunak and his government want to stop people in the UK to use strong encryption - like that provided by our secure email service Tutanota - he must block access to Tutanota - just like Russia and Iran are already doing.
By doing so, the UK would put itself on the same level as authoritarian regimes like Russia, Iran, North Korea and China who are known for setting up Great Firewalls to limit their people’s access to the internet and to online services. These countries actively block access to encrypted services, cutting off their citizens from having a private and confidential communication online.
Status of the Online Safety Bill
The Online Safety Bill has already been passed by the House of Commons in the UK Parliament. Now it is up for decision in the House of Lords.
Matthias Pfau, co-founder of Tutanota, comments:
“It is really worrying what is going on in the UK - once the greatest democracy in the world. The British government still believes they can have a ‘magical key’ to access encrypted communication - completely ignoring the technical background and what cryptography experts have said again and again: You can’t backdoor encryption and make sure that this backdoor is not going to be abused by malicious actors.”
A backdoor for the good guys only is simply not possible. Encryption is either securing everyone or it is broken for everyone.
We have repeatedly criticized the Online Safety Bill because we understand the threats resulting from undermining encryption.
Tutanota will not implement a backdoor
That’s why we at Tutanota will never implement a backdoor to our encryption.
The code of Tutanota is open source. The encryption is published transparently so that everybody can check that all data stored in Tutanota is encrypted on the user’s device before it is being sent to the server.This is what strong encryption is supposed to do, and we will not undermine this.
If the UK government really wants to follow through with their plans, they need to set up a Great Firewall - just like China - to block their citizens from accessing encrypted services like Tutanota.
Crypto wars
As worrying as the situation in the UK is right now, to us the Online Safety Bill is just another chapter in the ongoing crypto wars. Many politicians in the EU, the USA, UK and Australia would like to force encrypted services to backdoor their encryption – which would give access to law enforcement, but also to malicious attackers.
What many do not see is that these “malicious attackers” can be very powerful. They can be state actors like China and Russia trying to get their hands on sensitive government or trade secrets in the Western world. When we undermine encryption ourselves, we open our doors wide to highly capable attackers - instead of defending our digital world from these attackers.
To understand the risks when we undermine encryption, we should take a look at the biggest backdoor fails in history.
The question with backdoors is not just “will they help to catch criminals”. The question we must look at very carefully is also: “Will they help criminals?”
When backdooring encryption, we take away the opportunity to use the internet securely for everyone. This is a risk, we at Tutanota are not willing to take.
It is simply not possible to get more security by weakening security.