I interviewed Hanna Bozakov, Head of Marketing for secure email service Tutanota, about internet security, online privacy, the legality of encryption, and how Tutanota works to protect you. According to their homepage, "Tutanota is the world's most secure email service, easy to use and private by design".
The Tutanota Team
Why should anybody be worried about security online? The vast majority of us are not criminals or terrorists.
Privacy is a fundamental Human Right, and it is so for a reason. Everybody needs a way to communicate confidentially online, just like everyone sometimes feels the need to whisper with friends and family. Private communication is also much needed in any democracy to enable a free and open political discussion without having to fear of being judged for ones opinion. This is crucial to make a democracy work.
Isn't the use of cryptography for civilian communication illegal? If not, why are countries like the US and Russia trying to ban it?
No, it is not illegal in Germany, and also not illegal in the USA. Russia tries to ban encrypted services, but it doesn't have a constitution that guarantees freedom of speech and privacy.
If secure email is so important, why was there never an affordable and successful option before?
The internet is still young, only a couple of decades. When the internet started, people weren't worried too much about security, but more about functionality. This is changing as data breaches and data leaks are rising worldwide and putting our online data at risk of being abused.
When would you offer search filters like "has:attachment" within your email?
We don't give exact ETAs (the approximate date a software feature is expected to launch) for features as the development must remain flexible. The next features we want to add are calendar invites, conversation view and email import. We probably will improve the search when we add the search feature to the calendar as well.
What is Post-Quantum Cryptography, and do you offer it?
Post-quantum cryptography refers to a new encryption method that is so complicated to break that even quantum computers with their immense computing power will be unable to decrypt data that has been encrypted with post-quantum secure algorithms. We plan to add such algorithms to Tutanota and have started a research project to achieve this.
Outside encrypted mail, what else can we do to increase our chances of being safe on the internet?
One of the main problems online for the average user is not government surveillance or malicious attackers snooping on their data, but companies - Big Tech - collecting and profiling you for marketing purposes. That's why we recommend that everyone stops using Google & Co as much as possible.
What is to prevent the German government (or any other government, really) from forcing you to handover your encryption keys so they can read my email?
We don't have the encryption keys so we can't hand them out. It's also important to note that Germany does not have data retention laws on email as this would be against our constitution. Most countries, like France and Switzerland, have data retention laws for email, which means the providers there must store all your data for months.