Tutanota email only stores its user mails in encrypted form and cannot read them itself. Tutanota is one of the few email providers that encrypt all incomings by default. However, a ruling by the Court is now forcing the company to install a program with which investigators can control individual mailboxes. Tutanota wants to file a complaint against the decision, but this has no suspensive results. If the complaint is successful, the program will not be activated or removed again.
The judgment is noteworthy because it differs from the case law of other courts. In the summer, the German Court decided that Tutanota does not provide or participate in any mobile services in the legal sense – and therefore cannot be obliged to control them. The judges again referred to a landmark judgment of the EU Justice. According to this, mail providers are not communication providers.
The Court nevertheless sees Tutanota as a contributor in the provision of mobile operators. As a result, the company must enable surveillance. However, the judgment that has taken the decision neither gave names nor the mobile provider in which Tutanota is allegedly involved. From the company’s point of view, the judgment is therefore absurd.
The case concerns a blackmail sent to a supplier from a Tutanota mail. Tutanota is now forced to operate a function by the end of the year that enables this mailbox. This should not change anything for other users; their emails should continue to be encrypted by default. Nevertheless, Tutanota sees a one time passing of encryption as an information and security risk for all customers. In addition to Tutanota, some other providers also store all incoming mail in encrypted functions.