Experts Call Bullshit on German Plan To Encrypt Email

German hackers have poured scorn on Deutsche Telekom's plan to offer "secure email", describing it as little more than a marketing gimmick.

Deutsche Telekom and partner United Internet are rolling out SSL-encrypted connections between users' computers and the companies' mail servers as part of the "Email made in Germany" offer. …

Messages sent to mail servers outside Germany will not be encrypted in transit, at least initially, which means the data can be intercepted by network taps, installed in the internet's arteries worldwide, that are run by the NSA and the UK's eavesdropping centre, GCHQ.

Any service offered within Germany will be subject to EU data retention laws and rules allowing cops and g-men to lawfully intercept or seize data (see El Reg's recent analysis of the Lavabit and Silent Mail shutdowns for details). Metadata collection is unavoidable in the EU and US, so all the "Email Made in Germany" scheme offers is some protection against crooks snooping on email exchanges, rather than anything genuinely spy-proof.