Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Communications Privacy Encryption United States

Deutsche Telekom Moves Email Traffic In-Country In Wake of PRISM 180

kdryer39 writes "Germany's leading telecom provider announced on Friday that it will only use German servers to handle any email traffic over its systems, citing privacy concerns arising from the recent PRISM leak and its 'public outrage over U.S. spy programs accessing citizens' private messages.' In a related move, DT has also announced that they will be providing email services over SSL to further secure their customers' communications. Sandro Gaycken, a professor of cyber security at Berlin's Free University, said 'This will make a big difference...Of course the NSA could still break in if they wanted to, but the mass encryption of emails would make it harder and more expensive for them to do so.'"
This discussion has been archived. No new comments can be posted.

Deutsche Telekom Moves Email Traffic In-Country In Wake of PRISM

Comments Filter:
  • This makes sense (Score:5, Insightful)

    by Anonymous Coward on Friday August 09, 2013 @06:21PM (#44526797)

    Germany is one of the hotspots for Boundless Informant [theguardian.com]. It appears that the US spies on Germany as much as it does on China.

    • Re:This makes sense (Score:5, Interesting)

      by ackthpt ( 218170 ) on Friday August 09, 2013 @06:50PM (#44526965) Homepage Journal

      Germany is one of the hotspots for Boundless Informant [theguardian.com]. It appears that the US spies on Germany as much as it does on China.

      The NSA will probably next be cornering the market on high GPU count graphics cards.

      • The NSA will probably next be cornering the market on high GPU count graphics cards.

        I would think the NSA could afford to get proper task specific processing units instead of kludging together something on banks of repurposed NVIDIA hardware.

        • Re:This makes sense (Score:5, Interesting)

          by Fjandr ( 66656 ) on Friday August 09, 2013 @07:28PM (#44527189) Homepage Journal

          Nvidia supercomputing clusters aren't "repurposed" for highly parallel tasks. That's what they're designed for. They don't just produce graphics cards.

        • Re: (Score:2, Funny)

          by Anonymous Coward

          Nonsense, all they have to do is setup some dummy site with some scientific information on it, like it's a bunch of researchers looking for aliens (seti@home) or looking for cures to cancer, etc... and a cute little graphic screensaver client or something people can look at to make them 'feel good' that they are doing 'something useful' - meanwhile it's really all NSA codebreaking that's really going on, and they have one heck of a supercomputer for free (or very little cost).

      • by SuperBanana ( 662181 ) on Friday August 09, 2013 @10:26PM (#44528233)

        The NSA will probably next be cornering the market on high GPU count graphics cards.

        What makes you think they don't have the private keys already, or can't get them?

        At this point it's probably not unreasonable at all to assume that the NSA either has their foot in the door somehow, or simply National Security Letter's the CA into giving them any keys they want. Technically, all they'd need is the CA's keys, as that's all that protects *your* private key when it's in transit to you, since they're already snooping for everything else.

        Really, the current CA system is a dream for the NSA - encryption that is controlled completely by a small group. It's now making a lot of sense why they went after Zimmerman for PGP. The peer-to-peer trust network and person-to-person encryption must've scared the shit out of them.

        While we're on the subject of reasonable assumptions - it seems reasonable to assume that the NSA has worked to insert weaknesses and vulnerabilities in most open-source encryption software. Whether they've been successful or not is what we need to know. Remember the fuss a few years ago with IPSEC, OpenBSD, and the FBI?

        • Remember the fuss a few years ago with IPSEC, OpenBSD, and the FBI?

          And it was much ado about nothing. The good thing about OpenBSD is that they are anal about reviewing their code, and nothing was found.

        • by Anonymous Coward on Saturday August 10, 2013 @03:58AM (#44529321)

          Technically, all they'd need is the CA's keys, as that's all that protects *your* private key when it's in transit to you

          No it's not!

          You have your private key, and public key, which is signed by a CA. The private key never leaves the server. Thats why it's called "PUBLIC key cryptography"

    • Re:This makes sense (Score:5, Informative)

      by fuzzyfuzzyfungus ( 1223518 ) on Friday August 09, 2013 @06:53PM (#44526981) Journal

      Germany is one of the hotspots for Boundless Informant [theguardian.com]. It appears that the US spies on Germany as much as it does on China.

      It makes somewhat less sense given that the US spies on Germany with considerable assistance from the German BND [spiegel.de]...

      I can understand why Germans would Not want their emails passing through American control; but it looks like they'll have to clean house if they want to be able to do that just by going domestic.

      • Re:This makes sense (Score:5, Interesting)

        by Anonymous Coward on Friday August 09, 2013 @07:19PM (#44527133)

        Germany is one of the hotspots for Boundless Informant [theguardian.com]. It appears that the US spies on Germany as much as it does on China.

        It makes somewhat less sense given that the US spies on Germany with considerable assistance from the German BND [spiegel.de]...

        I can understand why Germans would Not want their emails passing through American control; but it looks like they'll have to clean house if they want to be able to do that just by going domestic.

        Notice that they bitch about PRISM... but don't bother mentioning the UK's program, or any of the other monitoring programs run by various governments around the world. The US is hardly the only country doing it, but it's popular to bash on America and it draws attention away from their own spy programs. The purpose of "in-housing" the email is so it's easier for their own agencies to access.

        • The purpose of "in-housing" the email is so it's easier for their own agencies to access.

          Soooo.....why did they enable ssl? - Hardware sales for a relative in the business?

          • Re:This makes sense (Score:5, Informative)

            by icebike ( 68054 ) on Friday August 09, 2013 @07:54PM (#44527413)

            SSL is enabled by flipping a switch, but it offers no real protection when some three letter agency can surf your mail server farm with their fiber back door.

            There is a lot of posturing going on in that article.

            • SSL doesn't even offer protection for transmission against the German government, given that the certificates are issued by Telekom itself.

        • So if we can't block all surveillance programs everywhere simultaneously, we should just throw up our hands and give up?

        • Notice that they bitch about PRISM... but don't bother mentioning the UK's program, or any of the other monitoring programs run by various governments around the world. The US is hardly the only country doing it, but it's popular to bash on America and it draws attention away from their own spy programs. The purpose of "in-housing" the email is so it's easier for their own agencies to access.

          That's because the only people that were in the dark about the various spying programs are the citizens, and most of the Governments have a vested interest in keeping ALL of the programs secret. No country is going to risk the "wrath" of the others when (so far) it's just the whistleblowers actually getting into trouble.


          The only "solution" to avoid being tracked is to stay offline, stay off of the phone, and only conduct conversations face to face within a Faraday cage.

      • by icebike ( 68054 )

        I can understand why Germans would Not want their emails passing through American control; but it looks like they'll have to clean house if they want to be able to do that just by going domestic.

        Yes, at best it sounds like the NSA will have to get get the data from the BND. Big deal! Looks more pre-packaged and easier to handle if you ask me.

        Also the summary has this nugget:

        Of course the NSA could still break in if they wanted to, but the mass encryption of emails would make it harder and more expensive for them to do so.'"

        Except that we all know that SSL protects traffic from one place to another, but not as the email sits on the mail servers. So one tap into their server farm and all the SSL in the world won't help, because its stored in cleartext.

        • With SSL they will not be able to tell on the fly whether the traffic is an email between two parties they are interested in or a cat video unless they are privy to the certs; increasing anonimity while not security does make it a little more expensive to crack.

          • by icebike ( 68054 )

            Unless they have access to the certs.

            Famous last words.

            You do realize that there are cases where federal authorities are demanding exactly that, right?

    • Re: (Score:2, Informative)

      by richlv ( 778496 )

      germans like to keep a short leash on their own, though. try to buy a usb modem with sim card - passport required. wifi at a hotel ? username and password you have to sign for.
      fuck you germany, you are no better despite the fuss angela might throw.

      • I have never had that problem in Germany but I can imagine where a hotel which had that policy is coming from.
        The previous government implemented a law where you can get an "Abmahnung" (cease and desist, you have to pay the lawyers' real or imagined costs) if you have indulged in illegal file-sharing. There is no burden of proof. I got one a couple of years back for allegedly distributing some porno.
        I immediately got a lawyer on to it and defused it a bit but a couple of things came out.

        • It does not matte
        • by richlv ( 778496 )

          I have never had that problem in Germany but I can imagine where a hotel which had that policy is coming from.

          that's not a single hotel. that's all of them. you can also get free wifi in many cafes and fast food places across the europe... except germany.

          The previous government implemented a law where you can get an "Abmahnung" (cease and desist, you have to pay the lawyers' real or imagined costs) if you have indulged in illegal file-sharing. There is no burden of proof.

          yes, that is a likely primary reason. the result, of course, is complete loss of any anonymity online in germany. and they have the nerve to shun usa on spying :)

  • ...those officials might know more than they let on? After all, this could be a simple contingency plan they've had ready.
  • by BLKMGK ( 34057 ) <morejunk4me@h[ ]ail.com ['otm' in gap]> on Friday August 09, 2013 @06:29PM (#44526851) Homepage Journal

    SSL is a transport crypto, if they "break in" the data is still stored in clear text on the servers. This was a crypto professor?? Wow...

    • It is a crazy statement, the only thing I can think is that the journalist messed up what is actually being done... perhaps there is also encryption happening on the server in addition to SSL, though if you break into the server decrypting the messages on the fly it seems a short skip to get the content anyway... but at least they can't just copy a database file. They have to copy the database file AND a private key that was stored on the same server. :-)

  • by Teun ( 17872 ) on Friday August 09, 2013 @06:30PM (#44526859)
    This could be the beginning of US companies being shunned for what their government is doing.
    Because this message will hit the front pages and prime time news.
    Although many Europeans say they've got nothing to hide they are jstill pissed off about the warrant-less spying an outside, previously considered friendly, force is doing upon them.
    I am really sad about the need for this walling off, it defeats the great idea and ideal of a world-wide network.

    But it seems to be necessary, if only as a message to the perpetrators because we know nothing is unbreakable.

    And please do remember this mail will still be accessible to German courts but now on their own conditions.

    • by Spottywot ( 1910658 ) on Friday August 09, 2013 @06:57PM (#44527001)
      There is a certain amount of dick waving about this, but the more companies and countries that embarrass America and the NSA the better.
      • by Teun ( 17872 )
        Let's hope this will make the public more aware of spying in general, German parliamentarians have already requested information about their own services.
    • by stenvar ( 2789879 ) on Friday August 09, 2013 @07:30PM (#44527207)

      This could be the beginning of US companies being shunned for what their government is doing.

      That's not "the beginning", it's a long, drawn-out process of European politicians and European corporations throwing whatever shit they can at the US in order to try to get Europeans to use European servers and services. They want that both because it means more revenue for them, and because it's easier for European governments to spy on their own citizens if they use European servers.

      And please do remember this mail will still be accessible to German courts but now on their own conditions.

      Are you really so naive that you think "courts" are involved? German government agencies have nearly free reign in what they access within Germany and what they do with it. You're probably still better off using a US server; the NSA may be listening in to everything you say, but the German government will have a much harder time to get at that information.

      • This could be the beginning of US companies being shunned for what their government is doing.

        That's not "the beginning", it's a long, drawn-out process of European politicians and European corporations throwing whatever shit they can at the US in order to try to get Europeans to use European servers and services. They want that both because it means more revenue for them, and because it's easier for European governments to spy on their own citizens if they use European servers.

        e

        And it has of course nothing to do with the fact that American privacy standards and consumer protection standards are way below the European or that American companies behave as if they are only bound by American law (if at all).

        You're over simplifying things.

        • And it has of course nothing to do with the fact that American privacy standards and consumer protection standards are way below the European

          That's not "a fact". Privacy laws in Europe are only stronger with respect to private companies, they are much weaker with respect to governments.

          that American companies behave as if they are only bound by American law (if at all)

          Another "fact" you make up out of thin air.

    • Ironic. I wonder how much of the intel goes directly to US corporations?
  • Pointless (Score:2, Insightful)

    by nurb432 ( 527695 )

    All governments monitor their citizens.

    • Re:Pointless (Score:5, Interesting)

      by hydrofix ( 1253498 ) on Friday August 09, 2013 @07:02PM (#44527025)
      German companies now rate U.S. as the second worst risk [ft.com] to industrial espionage, only second to China. Even Russia is considered a more trustworthy IT partner than the Americans. It's not only the private citizens who care for some privacy.
    • by Teun ( 17872 )
      Sure but the point is this is to hinder a foreign intervention into matters the local security forces should and can deal with but now according to the laws of the land.
    • by msobkow ( 48369 )

      The American people should be so proud. Their government has managed to surpass China's internet monitoring through automation. Next steps: Censorship and pre-crime arrests.

      • by msobkow ( 48369 )

        Oops. I forgot. They already have "pre-crime" arrests: extraordinary rendition for suspected terrorists.

        • I think civil forfeiture [newyorker.com] is the flavor of "pre-crime" that is the bigger problem in terms of likelihood of it affecting the average person (although I don't deny that extraordinary rendition is also a problem).
    • All governments monitor their citizens.

      I don't think it's a matter of "whether", but a matter of "to what extent".

    • by copponex ( 13876 ) on Friday August 09, 2013 @08:58PM (#44527759) Homepage

      ATF uses fake drugs, big bucks to snare suspects [usatoday.com]

      It's the drugs â" though non-existent â" that make that possible because federal law usually imposes tougher mandatory sentences for drugs than for guns. The more drugs the agents say are likely to be in the stash house, the longer the targets' sentence is likely to be. Conspiring to distribute 5 kilograms of cocaine usually carries a mandatory 10-year sentence â" or 20 years if the target has already been convicted of a drug crime.

      That fact has not escaped judges' notice. The ATF's stings give agents "virtually unfettered ability to inflate the amount of drugs supposedly in the house and thereby obtain a greater sentence," a federal appeals court in California said in 2010. "The ease with which the government can manipulate these factors makes us wary." Still, most courts have said tough federal sentencing laws leave them powerless to grant shorter prison terms.

      To the ATF, long sentences are the point. Fifteen years "is the mark," Smith said.

      "You get the guy, you get him with a gun, and you can lock him up for 18 months for the gun. All you did was give this guy street creds," Smith said. "When you go in there and you stamp him out with a 15-to-life sentence, you make an impact in that community." ...
      [A defendant's] lawyer, Michael Falconer, said he wouldn't be opposed to the drug-house stings if he thought the ATF could make sure they were aimed only at people who were already ripping off drug dealers. "But on some level," he said, "it's Orwellian that they have to create crime to prevent crime."

      You know what the US government won't do for that same individual? Ensure they have a decent education, a basic level of care for their mental and physical health, a safe neighborhood, and a real shot at becoming a contributing member of society even though that would cost less than convicting them of thoughtcrime and throwing them in prison for fifteen years. Instead we pay for some kitted out machine gun-toting pigs to play cowboy rather than policing the streets like officers. Not incidentally, they're too chickenshit to get out of their cars in a lot of those neighborhoods. Yet they still collect their paycheck and their pension, live way out in the suburbs to avoid the desperation they help create with their cowardice, and pat themselves on the back for being heroes.

      Now imagine you're an immigrant, or an Iraqi, Yemeni, Afghani, or Syrian. You're worth even less than a citizen. You're trash. You're not even a speedbump on the way to some policy goal rooted in geopolitical theories that have been dead to the rest of the world since the 80s. The kind of policy that sends a million troops and five trillion dollars to a sanctioned, isolated nation, and ends up destabilizing the entire region, massively aiding Iran, and stoking tensions between Shia and Sunni, all while avoiding a single hint of punishment for Saudi Arabia or Pakistan where all of the funding and most of the terrorists for 9/11 came from. Oh, and as a plus: where al Qaeda was unheard of before, they now have another weak state to operate from [nytimes.com]. Brilliant.

      That's why the rest of the world despises the American government. It's not our freedom. It's our complete lack of principle, abject hypocrisy, and massive state violence that they hate. And with our apathetic political landscape, they're beginning to tire of Americans individually for being lazy, ignorant, wasteful, and greedy. We just sit here and take it; a nation of lolling toddlers waiting on the next innovation in fast food and reruns of Pawn Stars while our wealth is squandered in military adventurism that has killed millions of innocent people in only five decades.

      PRISM is just icing on the rotting carcass that once wa

      • You know what the US government won't do for that same individual? Ensure they have a decent education, a basic level of care for their mental and physical health, a safe neighborhood, and a real shot at becoming a contributing member of society even though that would cost less than convicting them of thoughtcrime and throwing them in prison for fifteen years. Instead we pay for some kitted out machine gun-toting pigs to play cowboy rather than policing the streets like officers.

        Note: You're looking at costs from what the people pay in taxes. You need to realize you're looking at it the wrong way. People aren't the focus of benefit. People are farmed, the more the better according to our rulers. The privatization of prisons, the military and loads of other programs directly benefits the rulers: Corporations. The government does not work for the people anymore. It works for the corporations.

        Which is why I find this PRISM shit so silly. You think corporations don't want to

      • The Decline? are you a NOFX fan? https://www.youtube.com/watch?v=hyH4CgHVpgA [youtube.com]
    • by gmuslera ( 3436 )
      Is up to the country if decide to monitor their own citizens or not. The big problem are the governments that monitor the citizens of all the other countries (besides their own ones)
  • by MrEricSir ( 398214 ) on Friday August 09, 2013 @07:05PM (#44527047) Homepage

    Does this affect Deutsche Telekom subsidiaries such as T-Mobile USA?

  • What's stopping the NSA from man in the middling all this SSL traffic? They have the fibre providers rooted, I find it hard to believe that they don't have to print certs like the treasury prints money. I seem to recall China doing something similar with one of their root CAs a couple of years back.
    • Because very quickly somebody would compare SSL certs exchanged through a different path, notice the discrepancy, and the whole thing would blow wide open. Or are you assuming they have nabbed DT's private key? Or cracked their public key?
  • by AHuxley ( 892839 ) on Friday August 09, 2013 @07:52PM (#44527397) Journal
    "95% of intra-German Internet communications are routed via a switch in Frankfurt."
    From the EU "Temporary Committee on the ECHELON Interception System"
    http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A5-2001-0264+0+DOC+PDF+V0//EN&language=EN [europa.eu]
    How will SSL be "harder and more expensive" for the NSA/GCHQ if a friendly German agency just hands over the keys again?
    Seems like the West German post war telco system was designed to track Soviet/East German contacts via a few central locations.
    Why would the US need to "break in" if they where in on the design and have a great generational working relationship with German telcos and intelligence agency staff?
    i.e. "still doesn't prevent governments from getting information"
    • Geesh, all your rational reasoning is going to spoil the incentives to switch services and pay a lot of money to host with these companies. You are spoiling capitalism here..

  • Perhaps it's time for mail clients to make a comeback.

    With end-to-end encryption, such as PGP, GPG or S/MIME, users control their own security and don't have to trust anyone in between, so all the ISPs could know (and leak to whoever wants to spy on their users) is the email addresses in the routing, not the email contents. These problems were all solved many years ago. Sure, mail clients aren't as convenient as webmail, but if there's a concerted attack by our ISPs on our private communications, the least we can do is fight back.

    There are secure mail clients for pretty much every OS. So no easy browser access, but that's the cost of controlling your own communications.

    • Good luck with that.

      Even back before local mail clients started to fall by the wayside, setting up [P]GP[G] generally involved a lot of not very user-friendly hoop-jumping. Then, after you finally got it to work (or you went with one of the niche mail clients whose only real functionality was the encryption), you had to deal with keys.

      By the time you got your keys ready to go, and assuming you could find someone who could/would sign it, etc... you most likely realized that 100% of the people you were likely

    • by Max_W ( 812974 )
      I think it is a very good idea. I would add that an e-mail client, say, "Thunderbird", allows to use several e-mail accounts.

      This way not all e-mail messages are readily available for an snooping on one server.
  • Next make sure that all citizens have a public IP, can put a server there, and even provide an SSL certificate and generic dns name so they can put their own secure servers if they want. Teach to trust noone, and they will be free.
  • They hadn't already enabled SSL? This is a travesty. SSL should be enabled to protect against opportunistic hackers at public wi-fi networks etc. It will also protect against more advanced enemies like the mafia (the mafia would probably use trojans or hardware wiretaps, if they actually do tech stuff).

    SSL isn't that great vs. big governments anyway: anyone with any valid CA cert can spoof a valid cert for any site. It does, however, mean that they can't passively tap the stream, they have to use a man in t

  • The present Germany includes the former Deutsche Democratic Republic (aka 'East Germany) which was one of the more totalitarian states ever devised by man. The DDR took surveillance of its citizens to extreme levels including listening to and recording all phone calls and other communications but also including the development of a nationwide network of citizens who spied on their neighbors (and each other) and reported to the East German police on every activity. The point here is that many/most German
  • I honestly didn't expect things to change as quickly as all that. And in actuality, I rather expected (though didn't express) the US government backpedal and cease most of the offending activity. In fact, I rather hoped the defunding of the NSA went through. It did not and I am sure that had a lot to do with the accelleration of efforts to "route around the damage."

    I think it's time we either change our national anthem or change our nation. "Land of the free and home of the brave" we are neither.

    And whi

  • While the original article doesn't clearly point to a German article on this, I assume this is about the while DE-Mail/e-Post crap that Telekom/United Internet and German Post has set up ... the problem here is, that neither of their services provide a clean end-to-end encryption. While the communication between the providers (like German Telekom) and the end user at both ends of the email communication may be encrypted, mails are decrypted at the provider in order to "scan for viruses and malware", of cour

If you can't get your work done in the first 24 hours, work nights.

Working...