How secure is ProtonMail today

EncryptionSecure communication providers warn of back doors

On today's European Data Protection Day, four providers of secure communications are calling on the EU to rethink their “anti-encryption rhetoric”. Encryption backdoors would threaten the data security of millions of Europeans and undermine trust in end-to-end encryption, write the companies ProtonMail, Threema, Tresorit and Tutanota in a joint statement.

Most recently, in December, the EU Council of Ministers called for “lawful access to data” of encrypted news content. Although there are no concrete proposals in the resolution entitled “Security through encryption and security despite encryption”, the EU countries would like the service providers to provide “technical and operational solutions” in order to be able to access secure communication.

Without back doors, however, providers cannot access end-to-end encrypted content, as this is not technically possible. “Installing back doors in encrypted apps is like giving law enforcement agencies a key to every citizen's house,” explain the four affected service providers.

Endless debate

The resolution adopted by the European Council in December follows on from decades of debate. As early as the so-called first “Crypto War” of the 1990s, options were sought to guarantee encryption and still enable access for law enforcement authorities. But what was then, as netzpoltik.org recently wrote, “comparatively factually” considered, seems to be forgotten again today.

In October 2020 the European Council issued “Conclusions on the Extraordinary European Council. Subjects were COVID-19, the internal market and industrial policy, as well as digitization. In this resolution the encryption debate came back to the table. Emphasis was placed on the need to improve the ability to protect against cyber threats “in particular through quantum encryption, and to ensure access to data for judicial and law enforcement purposes”.

At the same time, it was stated that “European values ​​and a high level of data security, data protection and privacy” must be guaranteed. In the latest resolution, the Council of Ministers is much more specific and explicitly mentions end-to-end encryption as an “important instrument” for protecting personal data. In the next sentence, however, it becomes a major challenge in the fight against cyber crime. “Security through encryption and security in spite of encryption” thus appreciates the security of the users, but particularly emphasizes the urgency for instruments for judicial authorities.

Safe procedure

End-to-end encryption is a method that is widely used in everyday communication technology. Messenger such as Signal, WhatsApp or iMessage have been using this technology for years. End-to-end means communication transmission without interruption. Transferred content can only be decrypted and read at the end points, i.e. by the respective communication partner.

The desire of the judicial authorities, for example after the attack in Vienna, to be able to access communications from potential perpetrators, is somewhat understandable. Nevertheless, the much emphasized balance is an impossibility. Once set up, backdoors would generally undermine encryption and also encourage abuse.

Encryption technology is not something to argue about, it is based on mathematics and it is unambiguous. As the communication providers ProtonMail, Threema, Tresorit and Tutanota put in a nutshell in their counter-statement: “The current draft resolution of the EU Council of Ministers is based on a limited understanding of the technical aspects of end-to-end encryption. Because end-to-end encryption is absolute, data is either encrypted or not. "

Commissioner hides behind words

Although nothing has been decided yet, data protectionists and experts advise you to remain vigilant. Although there is no draft law yet, the adoption of the resolution paves the way for a draft by the Commission. The EU interior commissioner responsible, Ylva Johansson, recently expressed ambivalence.

In a letter she informed MEPs at the beginning of January that there were no plans to ban encryption. However, the Commissioner added "to continue to examine, together with Member States, possible legal, operational and technical solutions for lawful access to such data."

Would you like more critical reporting?

Our work at netzpolitik.org is financed almost exclusively by voluntary donations from our readers. With an editorial staff of currently 15 people, this enables us to journalistically work on many important topics and debates in a digital society. With your support, we can clarify even more, conduct investigative research much more often, provide more background information - and defend even more fundamental digital rights!

You too can support our work now with yours Donation.

About the author

Josefine Kulbatzki

Josefine is with us from January to April and is enthusiastic about many different topics relating to digitization, society and politics. At the moment she is working a lot on the regulation of social media in different countries and the big overarching topic "surveillance". Accessible by email - also encrypted, if you wish.
Published 01/28/2021 at 5:13 PM