German companies to automatically encrypt emails
Source: AP
BERLIN (AP) Two of Germany's biggest Internet service providers say they will encrypt customers' emails by default following reports that the U.S. National Security Agency monitors international electronic communications.
Deutsche Telekom AG and United Internet AG say emails sent by their customers will be automatically encrypted starting Friday.
Initially the encryption will only be secure between customers of Deutsche Telekom's T-Online service and United Internet's GMX and WEB.DE services.
The companies claim these three providers account for two-thirds of primary email addresses in Germany.
Read more: http://bigstory.ap.org/article/german-companies-automatically-encrypt-emails
devils chaplain
(602 posts)Cryptoad
(8,254 posts)the NSA doesn't know anything decryption.
So child like!
devils chaplain
(602 posts)Cryptoad
(8,254 posts)are only needed for access thru the "Front Door".
geeez. I am continuely amazed by the lack of IT knowledge.......
devils chaplain
(602 posts)PGP and the like is open source. Where's the backdoor?
Cryptoad
(8,254 posts)You really think cause it is open source it is more secure from being decrypted? Seems I am not the one who is clueless? Especially as far as it come encryption and decryption !
Lugal Zaggesi
(366 posts)German companies can be pressured by Americans, sure, just like UK poodles. Any country that has to allow American military bases on their soil are biotch-slapped by the shrinking "superpower". See "Japan".
But you won't get squat from the Chinese.
Let's see the NSA brute force decrypt a trillion Chinese emails.
Cryptoad
(8,254 posts)what operating systems are performing most of these encrpytions? nuff said!
Lugal Zaggesi
(366 posts)FarrenH
(768 posts)that makes decrypting an intractable mathematical problem without the key. Unless the NSA has overturned complexity theory, how do you see them doing what you claim they can do?
Out of reach of US secret surveillance laws, any hacking would have to involve a man-in-the-middle attack on multiple foreign servers.
Cryptoad
(8,254 posts)naive and shows how little you understand about how the keys are attained.
FarrenH
(768 posts)Last edited Sun Aug 11, 2013, 11:42 AM - Edit history (3)
with statements about the naivity or ignorance of the poster, why not elaborate on the mechanisms you think could easily be exploited to get around it? I'm a programmer and have written encryption code myself. Granted, I'm not a security expert but I have a fairly good understanding of the technology. Don't assume you're talking to people with no technical knowledge. Enlighten me
Bearing in mind, too, that the issue here is mass surveillance involving automatic detection of keywords in large volumes of mail. Arduous processes involving social engineering, et al, are not viable to achieve this even for an organisation with the resources of the NSA.
I'm well aware, for instance, that hackers can target individual computers with keyloggers, et al, or use malware to propagate same, but its relatively easy to guard against simple malware propagation. I can't see that being turned into some kind of reliable, production-line process. I'm not sure how these companies are encrypting mail but since its the provider that's doing it, not end users, I assume the security basics are in place.
Single and detectable hacking instances are not evidence that the process can be industrialized the way the NSA has done in the USA using a combination of technology and privileged access. I know its common cause in the hacking community that anything can be hacked (despite some notable examples of systems that have never been hacked in the face of considerable effort), but having friends who's jobs involved actively responding to breaches at ISPs, I also know that its only a temporary condition for companies that employ skilled staff to actively detect and respond to such breaches. Many former hackers and very good ones at that are employed in the industry.
Being able to breach a system once is not the same as being able to easily sustain an undetected breach for long or even moderate periods of time.
Cryptoad
(8,254 posts)that any OS can be designed that can reproduce any encryption key use by the OS?
FarrenH
(768 posts)Last edited Sun Aug 11, 2013, 06:16 PM - Edit history (2)
I mean, if the implication is that the hacks can somehow be built into the operating system, then obviously a custom built, hardened installation of Linux circumvents that, and those were SOP at a previous company I worked at which was full of security gurus.
FarrenH
(768 posts)ssh-keygen is a utility, not part of the kernel. So if you're using that, it's not the "operating system" that is generating the key - or using it. The only other thing I imagine you might be referring to is a backdoor built into the OS by an OS vendor like Microsoft - a backdoor that sniffs application messaging, key presses and so on and transmits that to some outside party.
But this is precisely why the "open-source" aspect of Linux makes it more, not less secure. Anyone who knows what they're doing can pull down the source code and compile a custom build of the OS kernel themselves. This means they can find back doors in the code and close them before compiling.
ConcernedCanuk
(13,509 posts).
.
.
mine are words that do not exist, and numbers that have nothing to do with my age or birthdate.
My computer cannot be accessed (I hope), without typing in a password, again,a word that does not exist except to me.
However, my passwords are fairly short, as is my memory.
Does the length of the password make a difference?
I'm thinking it does.
CC
Nye Bevan
(25,406 posts)On edit: damn, better change it now.
dipsydoodle
(42,239 posts)dipsydoodle
(42,239 posts)posted in wrong place before.
Response to Bosonic (Original post)
dipsydoodle This message was self-deleted by its author.
snappyturtle
(14,656 posts)Along the same lines is this:
http://www.cnn.com/2013/08/03/world/europe/germany-uk-privacy/index.html
Javaman
(62,435 posts)teabaggers ranted and raved today at the German government about them using "big brother" techniques to control people's emails.
one teabagger was quoted as saying, "I want my email free and 'uncrypted' and away from prying eyes!!!"
the reporter on the scene shook his head in bewilderment.
Paulie
(8,462 posts)The emails themselves will remain unencrypted on the servers. TLS is something but if poorly implemented does little for a man in the middle attack.
Luschnig
(32 posts)This is the first step of ridding the county of American domination. Not only have the Americans been snooping on Germans but also the their puppet regime in Berlin has been snooping on Germans to punish them if they have anti-occupation ideas. Encrypting emails is a first step in liberating Germany.
Bonobo
(29,257 posts)usGovOwesUs3Trillion
(2,022 posts)I believe we are heading to a place were everything will be encrypted by default.
That will keep the totalitarians busy for a few million years
dipsydoodle
(42,239 posts)That's already started.
On the brightside for the time being at least the trans Atlantic trade agreement will likely be a non starter. Europe needs partners it can trust.
FarrenH
(768 posts)of the privacy laws of affected countries and will directly affect American cloud service providers.
http://www.privacysurgeon.org/blog/incision/why-norways-rigorous-stance-on-cloud-computing-highlights-the-crucial-importance-of-strong-privacy-policies/
Egnever
(21,506 posts)Just think of all the pedophiles and other deviants that no longer have to worry about their email.
Damn those totalitarians! Despite the fact you cant point to a single persecuted person.
usGovOwesUs3Trillion
(2,022 posts)Warrants don't go away.
Egnever
(21,506 posts)if theres a warrant its ok?
usGovOwesUs3Trillion
(2,022 posts)Backed up with probable cause, of course.
Check out the 4th amendment, all details are there.
Then let's talk.
Egnever
(21,506 posts)So then I fail to see what all the hubub is about. Was data collected without a warrant?
usGovOwesUs3Trillion
(2,022 posts)As it doesn't meet the standard.
Of course it does for the totalitarian privacy PIRATES.
But not to most reasonable people.
Zorro
(15,691 posts)Doesn't affect metadata collection.
usGovOwesUs3Trillion
(2,022 posts)Content metadata.
Network metadata is like reading the envelope, not as serious as the content.
Huge difference, my friend.