Online services may (and do) scan all of your messages. Here is how you can protect yourself!

tl;dr: To make sure your messages stay private, you must switch to encrypted services now.

2021-07-27
Beginning of July, the European Parliament has adopted a derogation for the ePrivacy regulation that allows companies to scan all private messages of all EU citizens, including chat messages and emails. The only good news about this is that scanning of private messages is voluntary. We can guarantee that your Tutanota messages remain private and will not be scanned. Here is why this piece of legislation is frighteningly bad.
SIGN UP

Interestingly, if you look at the word derogation it means two things:

  • the act of officially stating that a law or rule no longer needs to be obeyed
  • the act of talking about or treating someone in a way that shows you do not respect him, her, or it

ePrivacy Directive watered down

The EU ePrivacy Directive was an outstanding piece of legislation that protected EU citizens' private data from overly intrusive eavesdropping. Even companies providing communication apps such as messaging apps and email providers were oblidged to respect their users' privacy and keep their users' data safe.

However, this piece of legislation has now been watered down. In its recent derogation, the EU decided that companies may scan all messages of all users all the time.

This is an unprecedented intrusion into users' privacy as it allows a wide form of eavesdropping that it is barely possible to monitor. While there are, of course, rules and regulations for the companies as to how they may scan users' messages and how they must report their findings, there is no guarantee that the data obtained from the automated scanning processes will not be misused, abused or even leaked or stolen.

Reason for derogation

The reason given for this derogation of users' privacy is that European authorities want chat and email providers to scan their content for harmful content, such as child pornography, and report the findings to the authorities.

The question that must be raised here is the question of proportionality: Can it be justified that everyones messages are being scanned all the time to catch a few criminals?

To better judge about this issue, one may also look at statistics from the German authorities as to who is being monitored.

Comparison of the percentage of monitoring orders for child pornography and drug offenses in Germany, 2009-2019.

Comparison of the percentage of monitoring orders for child pornography and drug offenses in Germany, 2009-2019.

These statistics show that most surveillance orders issued to telecommunication providers are ordered to catch criminals for drug-related crimes, not pedophiles.

Opposition to the ePrivacy derogation

Patrick Breyer from the Pirate Party says that

"The adoption of the first ever EU regulation on mass surveillance is a sad day for all those who rely on free and confidential communications and advice, including abuse victims and press sources. The regulation deals a death blow to the confidentiality of digital correspondence. It is a general breach of the dam to permit indiscriminate surveillance of private spaces by corporations – by this totalitarian logic, our post, our smartphones or our bedrooms could also be generally monitored. Unleashing such denunciation machines on us is ineffective, illegal and irresponsible."

"Indiscriminate searches will not protect children and even endanger them by exposing their private photos to unknown persons, and by criminalising children themselves. Already overburdened investigators are kept busy with having to sort out thousands of criminally irrelevant messages. The victims of such a terrible crime as child sexual abuse deserve measures that prevent abuse in the first place. The right approach would be, for example, to intensify undercover investigations into child porn rings and reduce of the years-long processing backlogs in searches and evaluations of seized data."

EDRi, the biggest European network defending rights and freedoms online, says:

"The legislation is a negative evolution in the sense that it will legalise the continuous voluntary scanning of all communications by private companies. The services under the scope of the interim Regulation are as broadly defined as in the ePrivacy Directive, including your Facebook Messenger messages, Tinder chats, emails and any other form of online communication that will come up in the future is potentially under the scope."

What the derogation of ePrivacy means for me

The derogation of the ePrivacy Directive must be worrisome for all of us. It allows private coporations to scan all our message with little to no oversight as to what they do with our private communication data.

What remains for all us to do now is to keep fighting for our right to privacy. The EU plans to replace this interim derogation with a long-term legislation. We must act now to shape this piece of legislation in a way that private communication must remain private.

EDRi recommends that you to contact your country's digital rights organisations and ask how you can help in our joint fight for privacy.

Is Tutanota affected by this law?

No. The scanning that has now been legalized by the EU is voluntary. This means only companies that want to scan their users' messages, may do so. Tutanota is encrypting all your data, we do not want to read your messages. Thus, we will also not scan your emails.

Instead, we focus on protecting your right to privacy.

Stop using Gmail & Co

To protect your privacy now, you must stop using any chat or email service that does not use end-to-end encyrption.

If the derogation of the ePrivacy Directive has had one positive result, it is this: Due to the extensive news coverage about the EU plans, many people have learned that their private messages are already being scanned and monitored. If you are using a service that does not encrypt your messages end-to-end, it is very likely that someone else is reading along.

That is why we recommend that you quit Gmail and other non-encrypted services now!

SIGN UP
Author
Black and white picture of Hanna being shocked a bit.
Hanna is part of the Tuta team since the launch of the secure email client Tutanota in 2014. Over the years she has become an expert in explaining cryptography to the average internet user, making sure that everyone understands why privacy matters and how encryption helps to protect ones data on the web.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
The Russian Hacker Group Sandworm is Back: New Kapeka Malware Secretly Infecting Systems Since 2022
Google Search Is A Problem: How Google Is Crushing Tuta.
20 years ago Gmail revolutionized email. It’s time for a new revolution!
If You Want Privacy, the US Congress Is Saying You Are A Criminal
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate