Crypto experts blast German e-mail providers’ “secure data storage” claim
http://arstechnica.com/business/2013/08/crypto-experts-blast-german-e-mail-providers-secure-data-storage-claim/
In the wake of the shutdown of two secure e-mail providers in the United States, three major German e-mail providers have banded together to say that theyre stepping forward to fill the gap. Theres just one problem: the three companies only provide security for e-mail in transit (in the form of SMTP TLS) and not actual secure data storage.
GMX, T-Online (a division of Deutsche Telekom), and Web.dewhich serve two-thirds of German e-mail usersannounced on Friday that data would be stored in Germany and the intiative would automatically encrypt data over all transmission paths and offer peace of mind that data are handled in compliance with German data privacy laws. Starting immediately, users who use these e-mail services in-browser will have SMTP TLS enabled, and starting next year, these three e-mail providers will refuse to send all e-mails that do not have it enabled.
"Germans are deeply unsettled by the latest reports on the potential interception of communication data," said René Obermann, CEO of Deutsche Telekom, in a statement. "Our initiative is designed to counteract this concern and make e-mail communication throughout Germany more secure in general. Protection of the private sphere is a valuable commodity."
These companies have dubbed this effort E-mail made in Germany, and tout secure data storage in Germany as a reputable location. In practice, that appears (Google Translate) to simply mean that starting in 2014, these providers will only transport SSL-encrypted e-mails to ensure that data traffic over all of their transmission paths is secure.