A Federal Court in Germany has ordered an encrypted email service provider to monitor messages of accounts implicated in a blackmail case. The encrypted email provider in question here is Tutanota. The court has ordered that it must monitor messages of two accounts implicated in the case for three months.
The decision uphold the ruling of the Regional Court of Cologne which had previously ordered Tutanota to provide the said emails. Tutanota had asked the Federal Court to re-examine the Regional Court’s decision, stating that Tutanota doesn’t consider itself a telecommunication service, and hence cannot be asked to monitor the communication under German law.
However, the Federal Court ruling means that it will have to monitor the encrypted emails henceforth. It will also have to provide a copy of the emails, both incoming and outgoing, from the implicated accounts.
Tutanota warned that the ruling could set a precedent for broader surveillance for users and other such email providers.
“We consider this decision to be absurd,” Tutanota told CyberScoop. It further added:
“This ruling shows again how important end-to-end encryption is. All data transmitted without end-to-end encryption can be accessed by third parties.”
It also stated that it cannot decrypt the data that has already been encrypted.
End-to-end Encryption and new Intermediary Guidelines
The decision comes right before India’s new Intermediary guidelines come into effect. The new intermediary guidelines mandate significant social media intermediaries to reveal the “originator of messages“.
However, intermediaries can be asked to do so only as per an order passed by a competent court or as per an order under Section 69 of the IT Act read with Information Technology (Procedure and Safeguards for interception, monitoring and decryption of information) Rules, 2009. Further, the government or courts can pass such an order only for actions in cases with a prescribed imprisonment of not less than five years.