Follow-up to Secure Email and Posteo.de.
I researched the email security market a bit more, and it shows that good old hushmail is probably the most secure system you can get. They offer basic security measures like TLS encryption for POP/SMTP connections and SSL encrypted browsing, but imho no ISP should bother offering email service if they are not able to set up an SSL certificate. The most promising feature is the end-to-end encryption of messages between two hushmail users. Hushmail states that these emails are stored encrypted on their servers and are decrypted each time the user logs in with his/her password. The password is not stored on the server, so anyone who gains access to the server does not gain direct access to plain text emails. That’s really nice, and helps protect against short-term security breaches. But it does not protect anyone from government surveillance.
To be more precise, the Hushmail privacy page states:
An encrypted email message cannot be decrypted without the passphrase, and in the normal course of operations, we do not store passphrases. However, we may be required to store a passphrase for an account identified in a court order enforceable in British Columbia, Canada.
Sadly, I don’t know much about Canadian law, but I do know quite a bit about the German. The communication surveillance act requires every telecommunication provider to arrange eavesdropping facilities, in case the police wants to investigate a serious crime. In general, this must be approved by the criminal court, but the approval can be granted after the fact if the prosecutor decides that prompt action is required. So we Germans apparently have the same problem as the Canadians: If some government agency wants to intercept our email traffic, they can. Even at Hushmail. At least in Germany, every provider who claims not to cooperate with law enforcement is either lying to you, or criminal.
The conclusion I draw from this is that server side decryption puts the ISP under pressure, because they have to hand out passwords and other private data, and should thus be avoided. But a simple change of the Hushmail scheme would change a lot security-wise:
- transfer the public key to the server, let the user store the private key
- encrypt every incoming mail that is not already encrypted with the user’s public key
- let the user decrypt client-side (e.g. in Thunderbird)
All emails stored on the server are now encrypted, and the information necessary for decryption never enters the server, and thus cannot be sniffed. Neither by a compromised server, nor by court order. Noone can ask for private data when there’s none around.