Forgot your password?
typodupeerror
Government Communications Privacy Security The Internet Your Rights Online

Germany Builds Encrypted, Identity-Confirmed Email 188

Posted by CmdrTaco
from the wo-ist-jones dept.
jfruhlinger writes "Looking to solve the problems of spam, phishing, and unconfirmed email identities, Germany is betting very, very big. The country will pass a law this month creating 'De-mail,' a service in which all messages will be encrypted and digitally signed so they cannot be intercepted or modified in transit. Businesses and individuals wanting to send or receive De-mail messages will have to prove their real-world identity and associate that with a new De-mail address from a government-approved service provider. The service will be enabled by a new law that the government expects will be in force by the end of this month. It will allow service providers to charge for sending messages if they wish. The service is voluntary, but will it give the government too much control?"
This discussion has been archived. No new comments can be posted.

Germany Builds Encrypted, Identity-Confirmed Email

Comments Filter:
  • by Anonymous Coward on Saturday March 05, 2011 @07:59AM (#35388326)

    As far as I've read, they decrypt messages in the middle "to check the messages for viruses".

    • by moonbender (547943) <moonbender@NoSPaM.gmail.com> on Saturday March 05, 2011 @08:26AM (#35388408)

      Yup. Sounds like a bad joke right? A new messaging standard, incompatible with everything else, that doesn't even do end-to-end encryption! It's pathetic. It purports to solve problems that are already pretty much solved -- spam, reliable delivery -- while not solving all the difficult ones and introducing new dangers for the customers, like missing a "registered email". Oh, and you'll be charged per mail! The worst outcome would be if people ended up using it, but at this point I'm guessing it'll be a huge dud; some government entities will support it, as will a few corporations, but that's it.

      • Spam has not been solved, just covered up. It is a pointless waste of incoming bandwidth and server power (if you do your own filtering). This would do nothing to stop spam either, it doesn't matter if you know the identity of the sender if the sender's machine is a zombie. There will always be more idiots with compromised machines.

        • by dgatwood (11270)

          ...it doesn't matter if you know the identity of the sender if the sender's machine is a zombie.

          Depends on how it is designed. If the system required that each server in the chain be a trusted server that signs the message with a valid SSL certificate, then the spammers would have to either buy a cert for each individual zombie (too expensive to be profitable) or tie them all to a single domain name and cert that could then be trivially blocked (either by revoking the cert or by blocking mail from that dom

          • by plover (150551) *

            This is not a problem of encryption or SSL. Zombies can simply bypass all security measures by emulating the end user.

            Think of a zombie that opens up your copy of Outlook Express, fake-clicks "Create new email message", types something about penis enlargement, types in a hundred addresses, then fake-clicks "Send". As far as the entire chain of email is concerned, the email came from somersault@example.com. You (and by you I mean your computer acting on your behalf) sent the spam, so De-mail could block y

            • by dgatwood (11270)

              Zombies can simply bypass all security measures by emulating the end user.

              Not really. An end user's ISP typically has throttling in place such that if the user tries to send millions of emails out in a day, they A. will not go through, and B. will result in the user's account getting disabled rather quickly. If spammers are not able to run their own SMTP servers on zombie machines, spam ceases to be profitable, as it requires being able to send out huge volumes of email in a short period of time, and con

              • by plover (150551) *

                Changing the subject doesn't invalidate my previous point. Your previous comment was talking about spam being thwarted by SSL, but that's what zombies easily bypass. Each zombie could easily send out 100 emails a day and not trigger "suspicion" flags at the ISP level. With a hundred thousand zombies, that's ten million spams that the security software would never catch. And I'd bet that a competent botherder could probably quote each major ISP's spam threshold from memory, so if Comcast's throttle is 1,

                • by dgatwood (11270)

                  Each zombie could easily send out 100 emails a day and not trigger "suspicion" flags at the ISP level.

                  The fact that spam bots can masquerade as the user is largely irrelevant. The reason we have spam is ultimately that there's no good way to verify that a message was sent by a given sender.

                  The only reason spam is possible with authenticated mail clients is that the ISPs require all outgoing mail to go through their servers, and thus the ISPs are forced to not do comparisons between the ISP's mail drop use

      • by rotide (1015173)

        Until any email to _any_ government agency (applications for services, jobs, taxes, etc, etc, etc) _requires_ you use this service..
        Until any company wishing to do business with the government is _forced_ to use this service to keep their contract..

        There are ways to make sure it's not a "dud", if they are willing to make the laws, and it sounds like they are.

      • YThe worst outcome would be if people ended up using it, but at this point I'm guessing it'll be a huge dud; some government entities will support it, as will a few corporations, but that's it.

        I don't think they will be so lucky. I'd bet the government will require it for some communication and account access. Over time it will become more inconvenient to have multiple email accounts and people will just default to using de-mail.

        • by plover (150551) *

          YThe worst outcome would be if people ended up using it, but at this point I'm guessing it'll be a huge dud; some government entities will support it, as will a few corporations, but that's it.

          I don't think they will be so lucky. I'd bet the government will require it for some communication and account access. Over time it will become more inconvenient to have multiple email accounts and people will just default to using de-mail.

          I can see the commercial sector driving adoption on its own. As a business, I might ask all business to be transacted through De-mail to ensure legitimacy of contracts and payment. Or as an insurer, I might offer reduced rates of coverage to business transactions that take place over De-mail, as I would trust them to have less chance of being fraudulent.

      • by bemymonkey (1244086) on Saturday March 05, 2011 @11:02AM (#35389168)

        Hmmm, I haven't gotten much info about this, but IIRC it's not really about replacing or upgrading E-Mail, but rather about replacing snail-mail entirely. Documents with signatures and so on can now be sent as e-mail instead of in quaint old envelopes...

        • Documents with signatures can already be sent as e-mail!

          • Really? Here in Germany they're not always accepted on the other end. This would allow people to verify that the signed document actually came from the person who supposedly sent it...

            • Really? Here in Germany they're not always accepted on the other end. This would allow people to verify that the signed document actually came from the person who supposedly sent it...

              I didn't say that anybody accepts (or sends out) signed emails. I said it's already possible to sign emails, so there's no reason to come up with an alternate infrastructure. Instead of spending X to get government services and a few companies to use de-mail, they could have spent Y << X to get government services and a few companies to install GPG. Of course that'd result in widely deployed public cryptography -- including strong end-to-end encryption -- something that must not be.

              • Is end-to-end encryption absolutely necessary for sender verification?

                • No. But in pretty much any decently engineered crypto setup, if you can do signing you can also do (end-to-end) encryption. Which is why they didn't create a decently engineered crypto setup.

                  • Then why the fuss? Sure, end-to-end encryption would be nice, but the main purpose (sender verification) is fulfilled, as far as I can tell...

                    • They're spending a lot of money implementing a new technology to accomplish something that old technology would have done cheaper and better, and they're enforcing uptake of the new, inferior technology by legislative means, at the same time obstructing the uptake of the better alternatives.

      • I'd love to have widely adopted secure end-to-end non-reputable email, but I think it will be a cold day in hell before *any* government will support a standard that doesn't permit them to read the email at will.
        • I'd love to have widely adopted secure end-to-end non-reputable email...

          We already have non-reputable email; most of it is known as "spam". I believe you meant non-repudiable.

      • by Candid88 (1292486)

        "It purports to solve problems that are already pretty much solved -- spam, reliable delivery -- while not solving all the difficult ones and introducing new dangers for the customers"

        A strange conclusion. I don't see how spam has been "pretty much solved" at all. Current anti-spam techniques are far from ideal and phishing is an extremely serious, still-emerging, problem. Also, making wild predictions on a technologies uptake upon initial announcement is a complete guessing game. If you could know for sure

      • by Dan541 (1032000)

        In other words it's not actually email but a government controlled message system.We should ask the people of Egypt, Libya, China ect if this is a good idea.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      As a native German, I can confirm this. Encryption is only used for Client Server communication.

      There are further flaws in the concept. For example, our government lately decided that de-mail addresses do not have to be visually distinguishable from other mail addresses (i.e. de-mail addresses do not share a common tld, nor do the tlds have to contain something like "de-mail"). Instead, they came up with the idea that email client vendors could implement a mechanism for telling users whether an email addre

    • Spam sent from zombies will be encrypted and signed with the certificate of the zombied computer. so how does this help?

  • So why didn't we read about this on slashdot before? Or did I miss something?

    • by ludwigf (1208730)

      Wikipedia: "The project was announced in 2008"

      Google: couldn't find a coverage of de-mail on /. before

      Living in Germany I've heard about it several times before.

  • by Mortiss (812218) on Saturday March 05, 2011 @08:04AM (#35388340)
    I can encrypt on my own and Gmail already does a fine job removing spam. I don't need a Government oversight and much less a possibility of paying per message for this "privilege".
    • by Lennie (16154)

      It is not even encrypted. Just a the mailservers use encryption for the transport and the system is seperate from the normal internet mailservers.

      My guess is, it is SMTP-authentication over SSL/TLS for sending mail so they know exactly who send it (atleast which e-mail client).

    • by Kvasio (127200)

      nobody prohibits you from using your gmail account, this is just that when dealing with state offices (e.g. tax office, land registry, local authorities, voting), their registered email would be useful.

    • by b4upoo (166390)

      You may be able to encrypt beyond the government's ability to decrypt But how can you handle a court forcing you to reveal the contents? Worse yet I would not be so certain that simply using encryption may in itself be enough to attract one of our current star chamber types of discovery.
      Freedom of speech is not lost at the moment it is squelched. The freedom to speak dies the moment you u

      • You may be able to encrypt beyond the government's ability to decrypt But how can you handle a court forcing you to reveal the contents?

        IANAL, but at least in the USA, the fifth amendment protects you against self-incrimination. I do not think you can be compelled to divulge an encryption key if doing so would provide any evidence you committed a crime. Any decent lawyer and/or the ACLU's could probably prevail with this argument in court.

        The trick, of course, is that the prosecution will typically give another party who has access to the encrypted data immunity from prosecution, so the 5th amendment does not apply. Then that party can be c

  • by Anonymous Coward on Saturday March 05, 2011 @08:05AM (#35388342)

    They put a price on every email.

    The system will not provide end-to-end encryption: Mail will only be encrypted to and from the mail service providers.

    While the accounts are free, individual mails will cost money.

    Mail delivered to these accounts will count as delivered to the recipient, so any respite associated with the delivery starts running. Don't read your email regularly - miss deadlines.

    Did I mention that mails cost money?

    I have recommended to everyone who has asked me to stay away from this system if at all possible. Don't even get an account.

    • by rmstar (114746)

      Mail delivered to these accounts will count as delivered to the recipient, so any respite associated with the delivery starts running. Don't read your email regularly - miss deadlines.

      How is this different from mail delivered to your snailmail box? "I wasn't at home" has not been a particularly good excuse for a very long time.

      The lack of end-to-end encryption is another matter entirely, and a rather obvious strategy to ensure that the government can eavesdrop. So much is clear.

      • by crtreece (59298)
        Anything sent via snailmail that is expected to be time sensitive and/or legally binding would require a signature, it would not just be left in the mailbox.

        Or it would be sent via FedEx or UPS, again requiring a signature.

        Not so sensitive items, bills and such, don't require a signature, but you're still on the hook. Mail carrier left the door to the mailbox open, and your mortgage payment invoice got blown down the road? You are still on the hook for the payment.

      • by mxs (42717)

        Mail delivered to these accounts will count as delivered to the recipient, so any respite associated with the delivery starts running. Don't read your email regularly - miss deadlines.

        How is this different from mail delivered to your snailmail box? "I wasn't at home" has not been a particularly good excuse for a very long time.

        Actually that is a very, very good excuse when you require proof of delivery/acceptance -- since those are usually signed-for. Recipient not there to sign ? No proof of personal delivery. The difference with DE-Mail is that messages count delivered when they hit your service provider, no matter whether you read your account or not. This can have far-reaching consequences under German law.

        The lack of end-to-end encryption is another matter entirely, and a rather obvious strategy to ensure that the government can eavesdrop. So much is clear.

        Yes, and the lies and bullshit they spew when defending this are even more so. Too bad too few people will get the messag

        • by rmstar (114746)

          Recipient not there to sign ? No proof of personal delivery.

          IIRC, this is not true. In particular the kind of mails that involve legal proceedings can be considered as delivered even if you weren't there. It sometimes is even written explicitly on top that for legal purposes you were there personally. German laws are strange.

          • by mxs (42717)

            Recipient not there to sign ? No proof of personal delivery.

            IIRC, this is not true. In particular the kind of mails that involve legal proceedings can be considered as delivered even if you weren't there. It sometimes is even written explicitly on top that for legal purposes you were there personally. German laws are strange.

            There was a reason I put in "personal" there ;-) You can get products like proof of delivery (Einschreiben Einwurf) which do not prove you personally received it, but which do prove that the letter was delivered to the address given. Then there is a product with proof of PERSONAL delivery (Einschreiben eigenhändig), which proves the recipient has personally received the piece of mail (but which also requires the recipient to sign for it of their own volition).

            You are however correct that under German l

  • From the sound of it, it'll almost inevitably end up costing money. With that in mind and by the powers vested in me by absolutely nobody in particular, I hereby dub it "feemail".

    (One *could* say that it is supposed to be a kinder, more respectable alternative to the rough-and-tumble wild west of existing (e)mail, but then there are those who think it's just a prettier version that will inevitably cost a bunch of money.)

  • by fortfive (1582005) on Saturday March 05, 2011 @08:13AM (#35388376)

    ...when she sent me an forward claiming the government was going to start charging for email!

  • by bl8n8r (649187) on Saturday March 05, 2011 @08:17AM (#35388388)

    Why would I volunteer to use a government sponsored program that I may get charged for when I can just use Enigmail in Thunderbird, or gpg the message otherwise?

    Second problem: "It will allow service providers to charge for sending messages".

    Major fail. It sounded almost good until I read that.

    • I imagine people will use it for the same reason people use Hushmail: ignorance.
      • by peragrin (659227)

        well that and ease of use.

        Setting up openPGP is a pain for someone who has never had to deal with it before, and not mention then you have to have the other end using the same encryption.

        while it makes sense, people aren't very smart about these techie things and really don't want to think about it.

        I don't encrypt my email simply because 99.9999999999999% of end users don't know what it is or how to decrypt it, or even which tools to decrypt it with.

        • by Velex (120469)

          This is the fault of email client developers. I haven't used KMail in quite some time (I've since switched to a GTK/XFCE desktop so Claws-Mail is the client of choice these days), but when I had a KDE 3.x desktop, I remember that I was struck by how seamless KMail made GnuPG, even S/MIME. If all email clients made GnuPG as seamless as KMail, you'd see more use of encryption.

          Really, encryption need not be difficult, not much more difficult than typing https or getting redirected to https when you just t

          • by Chaonici (1913646)

            I completely agree. Lack of widespread email encryption is likely the fault of webmail developers and Microsoft (with regards to Outlook) not supporting the encryption in their interfaces. And of course they wouldn't- it's completely contrary to the interests of a large corporation to give its customers privacy.

            On the other hand, I use Evolution for my email, and it supports GPG out of the box. When writing a message it's a simple matter of checking a box in a menu at the top to encrypt it; two boxes for si

        • by Dan541 (1032000)

          I don't encrypt email for the same reason. It's secure enough for it's purpose. Certainly allot more secure than regular postal mail sitting in a letter box next to the road. Email encryption really needs to become integrated as a standard within the clients. I think encryption as a whole will become much more widespread over time; especially with today's governments.

      • by Dr. Evil (3501)

        What's wrong with Hushmail?

        It provides SSL encryption on servers protected by Canadian laws, including Canadian privacy laws. While they respect U.S. court orders, there's no reason to believe that such orders could be executed in secret outside an investigation of a crime recognized by both Canada and the U.S.

        PGP is stronger, but a people aren't using it, so practical applications are limited.

        • by Chaonici (1913646)

          From a security-conscious standpoint, the fact that Hushmail has the capability to read their users' emails is a concern. Never mind that they only said they'd do it if the government told them to (which should be no real comfort at all). As we've been saying to the FBI recently, any backdoor at all could potentially make the entire system worthless because there's no way to guarantee control of who uses it.

          PGP, on the other hand, has no central authority that can give up your communications. No need to tru

        • What's wrong with Hushmail?

          This:

          protected by ... laws

          I might as well not even bother with encryption if I am going to turn to "laws" to protect me. Hushmail is snake oil cryptography, which is what I said when it was first described to me years before the DEA bust.

          U.S. court orders

          Court orders should not result in plaintext being produced by a third party, regardless of why the orders were issued.

          PGP is stronger, but a people aren't using it,

          Then people should be educated, not given snake oil.

          • by Dr. Evil (3501)

            "I might as well not even bother with encryption if I am going to turn to "laws" to protect me. Hushmail is snake oil cryptography, "

            I disagree here. While it's true that you can't expect any service provider to protect you more than the laws permit, if you choose those laws, the situation and the country very carefully, you can ensure that the service provider has more to lose than you do.

            The idea that a company is going to break the law arbitrarily with your data is paranoia. Your landlord could bug

            • Email is different from physical home security and to compare the two I think is a bit of a red haring. That DEA case referenced where Hushmail hacked their user to get the password to decrypt their private key and stored messages shows a fundamental weakness in their system's design. I would never leave my private key on someone's server, even if it's encrypted. It's just too tempting for a government agent to strong-arm the provider into doing exactly what hushmail did. Court order? Sure, they complied w
    • The point is that mails sent through De-mail have legal binding, so you can use as proof at court.

    • by mxs (42717)

      Why would I volunteer to use a government sponsored program that I may get charged for when I can just use Enigmail in Thunderbird, or gpg the message otherwise?

      Second problem: "It will allow service providers to charge for sending messages".

      Major fail. It sounded almost good until I read that.

      As a sender, you get to deliver stuff to DE-Mail addresses and they count as legally delivered. This is going to be very good to have for collection agencies or governmental agencies. Senders also get to save a bit compared to paper delivery while legally on the same footing. Senders also get proof of identity for the recipient. Senders get to spout bullshit about using the latest and most secure email standard ever.

      Recipients get shafted, in more ways than one.

  • by jmak (409787) on Saturday March 05, 2011 @08:27AM (#35388412)

    And it's been a failure, for a number of reasons:

    - it cost a fortune to deploy
    - one message costs an equivalent of about 1 USD, which means no one uses it except for communicating with the government
    - it relies on a proprietary (although free as beer) rather obscure application for Windows, fortunately a non-profit foundation later developed a cross-platform library for accessing the mailbox
    - once you register into the system, any official letter you get is automatically considered delivered, so you cannot deny receiving it, that's why any sane lawyer will discourage from getting such an account ever unless you are obligated to

    Obviously, because so much money already burnt, the mailbox system is here to stay.

  • Obligatory (Score:5, Insightful)

    by moonbender (547943) <moonbender@NoSPaM.gmail.com> on Saturday March 05, 2011 @08:33AM (#35388438)

    Your post^Whuge government engineering proposal advocates a

    ( ) technical (x) legislative (x) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    (x) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    ( ) It will stop spam for two weeks and then we'll be stuck with it
    (x) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (x) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    (x) Huge existing software investment in SMTP
    (x) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    (x) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    (x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    (x) Countermeasures should not involve sabotage of public networks
    (x) Countermeasures must work if phased in gradually
    (x) Sending email should be free
    (x) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    (x) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    ( ) Sorry dude, but I don't think it would work.
    (x) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

    • by Yvanhoe (564877)
      Yeah, funny, but done correctly it would be a system parallel to the regular emails, that would be used to send official mails like taxes declaration or agreement of a contract. The governement would not have to be able to read the content of the email. I think this is not about fighting spam, but fighting scams.

      Ultimately, the main problem I see with this is that many people will have trouble with keyloggers and rootkits, but having a centralized governement sponsored identity checker for crypto message
      • Cryptographically signing emails has been possible for decades. The government could have lead by example by simply doing that on a wide scale, encouraging businesses to do the same. For instance, after buying stuff online, you unfailingly get an invoice per mail, something I think businesses are pretty much required to do (if they don't snailmail it, of course); why not just require them to sign it for it to be a valid invoice. Of course, signing and encrypting go hand in hand, and LEO and the interior int

        • by sjames (1099)

          They could also just sign people's keys for them and require sufficient proof of ID at the time to make it official.

  • by itsme1234 (199680) on Saturday March 05, 2011 @08:57AM (#35388530)

    ... they better forget it.
    It costs from 55 eurocents to send one "email" (to multiple euros if you want confirmation, even if there is no snail-mail/paper involved). The interface is arcane with no 3rd party integration, of course there's no end-to-end encryption (and the "mails" are way less legally protected than normal post) and there are some really nasty conditions attached:
    - you have to check your mail EVERY WORKING DAY (that includes Saturdays, not that it matters)
    - you can't delegate this "check mail" duty to anybody (note that there isn't anything wrong in letting your wife/neighbour/etc in charge of your physical mailbox if you trust them).

  • There is a reason I do not want my online profile linked to my real life person. Or at least as little as possible.

    It is also the reason I did not participate in a GPG signing, as I would then have to identify myself with my real life name. Thanks but no thanks. (Could be that other signings are different. No idea.)

    If it needs be, I can drop my online alias and create a new one. e.g. if in 20 years people want to kill me because of something I said that is acceptable now. My boss looking for whatever inform

  • Charge one penny per sent message. That is all we need to do to stop spam. So simple.

    If anyone wants security, there is S/MIME, widely available and widely supported.

    • by mxs (42717)

      It's beautiful how you came up with that simple idea all of your own, and so elegant ! Implementation is not something to worry about, that's for the people who don't have ideas, they can do that easy work. Go plebs, implement !

      I deduct points for not mentioning CompuServe and it not having any spam. I mean come on, that was so easy to reference !

      • by mjwalshe (1680392)
        yep i used to work for telecom gold (dialcom) on the billing side (I wrote the core of the x.400 billing system) and you don't want to go back to that era 20p a mail plus tiered data charges on top of that.
      • I did not say that it was my idea. And you are right: implementing it - getting ISPs and users to accept this - is the hard part!
        • by mxs (42717)

          It's the impossible part. It simply is not feasible. As such, the "idea" is a dud and timewaster.

          • The implication then, is that reflection on what should be is a waste of time.

            Good thing that Gandhi did not feel that it would be a waste of time to even contemplate ways to evict the British.

            The US political system is very messed up. Any concept for how to truly fix it is inconceivably difficult to implement. Therefore, according to your thinking, let's not even think about it, since it is a waste of time. Let's only think about what is easy to do.

            • by mxs (42717)

              The implication then, is that reflection on what should be is a waste of time.

              Good thing that Gandhi did not feel that it would be a waste of time to even contemplate ways to evict the British.

              The US political system is very messed up. Any concept for how to truly fix it is inconceivably difficult to implement. Therefore, according to your thinking, let's not even think about it, since it is a waste of time. Let's only think about what is easy to do.

              That's an interesting reading of what I said, albeit entirely untrue. The implication is not that we should not try to better ourselves, the implication is that we should not go the way of knee-jerk thinking that sees a very simple solution to a very hard problem and makes that simple solution be the silver bullet. Making email cost money is a very elegant and simple solution with one caveat -- it does not work. This has nothing to do with Gandhi or not trying to find a good solution to the spam problem (co

              • I am sorry for misinterpreting your intention. I actually thought about it after I posted my response. I realized too late that you were only saying that the "pay for email" solution was un-implementable. And I agree with you completely about the sound bite culture that we live in. I am not quite as sure though that a solution cannot always be reduced to its essential ideas and expressed concisely: I don't know. Perhaps.
    • by Stormy Dragon (800799) on Saturday March 05, 2011 @10:48AM (#35389064) Homepage

      1 penny where?

      If the sender's e-mail server is charging the penny, how does the recipient's server verify that the penny has actually been collected? If it means only accepting e-mail from servers at known ISP's you're going to break most business e-mail servers. Also, it's essentially just a white list, so why not just implement a white list and forget about the money.

      If the recipient's e-mail server is charging the penny, how do you verify who sent the e-mail so you know who to charge? Also, even if you do get rid of spam, you just created a new replacement fraud. The spammers infect a million computers and get them each to send one e-mail to random addresses at the spammer's e-mail server. Viola, the spammer gets to collect $10,000.00 How many people are going to notice their e-mail bill is off by a couple of pennies that month?

      This is setting aside that the financial system isn't really prepared to handle billions of one penny transactions every day. You can aggregate, I suppose, but who verifies all the e-mail servers are doing their bookkeeping properly?

      • by Tom (822)

        That problem has been solved 20 years ago. Some nifty crypto does the trick. There are, in fact, plenty of decentralized electronic currency implementations around. Their problem is that nobody uses them.

      • You are right, that implementing this would require embedding a financial transaction protocol within the TCP infrastructure. Still, that could be used for other purposes and might be quite useful.
      • I agree with you there are better things than charging a penny. We can already see what happens when you do with SMS and VoIP.

        For example, people are hacking VoIP lines and then making fraudulent calls to numbers with large termination rates. The guy at the other end gets his cut and disappears.

        People are also attacking smartphones and doing similar things - signing up for premium SMS services, etc.

        However, we already do have financial systems which are prepared to handle billions of one penny transactio

    • Charge one penny per sent message. That is all we need to do to stop spam. So simple.

      If anyone wants security, there is S/MIME, widely available and widely supported.

      Ooh look -- My new email business is to batch zip all incomming / outgoing emails, send / recieve the batches, and unpack them at the other end.

      Peering agreements between mail-batch-zip providers will allow all email to traverse freely once again.

      If you have any questions, click the "reply" link and fill out the form. You may be charged 1 cent to hit "submit" (unless you are already a customer of Slashdot's mail-batch-zip service).

  • named PEC: (http://tools.ietf.org/html/draft-gennai-smime-cnipa-pec-08 [ietf.org]> ) which has the same legal validity as certified mail.
    There's also a variant (CEC-PAC) to communicate with government offices only.
  • Yet another example of either clueless politicians, attempting to do "a good thing" all the while creating on over regulated, technically inferior system, or the clever attempt to get yet another way of snooping on the people while making them "feel good and safe" ...
    The good thing at the moment is that it's not mandatory to have or use the POS email service. At the prices currently discussed(55 âcent per email - same as for a regular letter!), I doubt it will find many people who are interested in usi

  • Legally a mail in that system has arrived at your place, even if you cannot get it because you are on vacation or your computer/internet broke down. That's a big legal problem obviously.

  • There are already standards for authenticating the sender of mail and encrypting the contents of those mails, it would be far better to encourage use of these existing standards rather that come up with something completely new and incompatible with everything else.

  • sounds like DBP has manged to looby for a return to the 70's and 80's with the ptt running the countrys email system
  • This is a completely retarded idea. It was thought up by people who think email works like the postal service. What it does great is accumulate control and bureaucracy where it is not needed; what it does badly is any kind of security.

    If the federal government of Germany wanted to actually effectively help people secure their online communication, they would certify actual end-to-end encryption and electronic signature programs for official use, and provide some kind of root CA (or the PGP equivalent). Inst

    • The idea that this idea is retarded, is retarded.
      Simply put, when you add a pay per use campaign on emails, not only does it give you more of a paper trail, it allows the people sending out spam to know they are infected, and after a few times of being charged by their ISP for this extra email, of which I agree should be a cap so as not to offend too much those owners, maybe say a cap of 25$ a month for all the emails their infected pcs put out.....then they could be made to know that this will occur every

  • after 10 years of posting about this, the germans come out with it, its about bloody time!, now we will see a sharp decline in spam emails....just you wait and see. Siting past posts does nothing for my karma, but if you want to see some of them, just check some rants and raves from my past about email spamming.

Many people are unenthusiastic about their work.

Working...