惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

雷峰网
雷峰网
宝玉的分享
宝玉的分享
I
InfoQ
P
Privacy International News Feed
V
V2EX
IT之家
IT之家
S
SegmentFault 最新的问题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V2EX - 技术
V2EX - 技术
C
CERT Recently Published Vulnerability Notes
C
Check Point Blog
The Register - Security
The Register - Security
爱范儿
爱范儿
博客园 - 三生石上(FineUI控件)
AWS News Blog
AWS News Blog
M
MIT News - Artificial intelligence
C
Cyber Attacks, Cyber Crime and Cyber Security
F
Fortinet All Blogs
B
Blog
N
Netflix TechBlog - Medium
B
Blog RSS Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Last Week in AI
Last Week in AI
T
Threatpost
Forbes - Security
Forbes - Security
U
Unit 42
A
Arctic Wolf
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Palo Alto Networks Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Recorded Future
Recorded Future
L
Lohrmann on Cybersecurity
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Proofpoint News Feed
月光博客
月光博客
Spread Privacy
Spread Privacy
MongoDB | Blog
MongoDB | Blog
Jina AI
Jina AI
I
Intezer
V
Visual Studio Blog
阮一峰的网络日志
阮一峰的网络日志
The Hacker News
The Hacker News
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
L
LangChain Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园_首页
MyScale Blog
MyScale Blog
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
量子位

Posteo.de - Newsroom

Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de
Email green, secure, simple and ad-free - posteo.de
2014-01-30 · via Posteo.de - Newsroom

Posteo on the myths of the SINA box

Created at 29.January 2014, 18:00 | Category: Blog

Dear Posteo users,

This blog entry is about a topic that has made many of you anxious, and about which we are currently receiving enquiries. The question concerns when and how German email providers give out data to investigative authorities when a judicial ruling exists for the surrender or surveillance of an email account.

Computer magazine c’t states in its current edition (4/2014):

“Email providers with more than 10,000 customers must operate a so-called SINA box, which can channel the email traffic of all users without the provider or the user being aware.”

This is incorrect. It is not possible for German authorities to access users’ emails without the knowledge of the provider. In addition, a SINA box has no access to a provider’s systems.
We asked the editors to issue a correction. They then acknowledged the error and published a correction on the c’t blog. Because we can not individually answer all the questions we are receiving, we inform here exactly what the situation is with the SINA box:

So far, there is no SINA box at Posteo.
The (German) Telecommunications Monitoring Ordinance (Telekommunikations-Überwachungsverordnung, TKÜ) requires telecommunication providers with at least 10,000 users to install a special computer (the SINA box). We can not say exactly how many users our service has, because we don’t collect our users’ personal information. We only know the number of email accounts.

We will, at some point, have to acquire a SINA box – but we leave estimating when this might be to our experienced lawyers, who have negotiated SINA solutions for various telecommunications organisations with the Federal Network Agency. This is more of a financial nuisance. It will not impair the security of our users’ data. We have become convinced of this following an intensive debate on this topic (with lawyers and authorities, among others), and we can assure you of it.

A SINA box is a computer that establishes an encrypted connection to authorised authorities – a so-called VPN. We would have no access to the SINA box, but neither would the authorities have any access to our servers or network traffic via the SINA box. The authority would have no access to our servers whatsoever. We would, however, have the possibility to save the content of an email account on an authority’s server via the SINA box, if a judge had ordered the surrender or surveillance of the account.

We would then have no access to this data – only the authority would. The only data found on that computer would be that which we (Posteo) had deposited there, however.
————
Please note: c’t magazine writes that the email traffic of all users can be channeled over the SINA box without the provider or user noticing. This is incorrect.
————
The authority’s computer (behind the SINA box) would, like the SINA box itself, be connected neither with our servers, nor would it allow access to our servers. For the authority, the point is to establish a completely isolated system, such that third parties have no way to intercept data that we are required to provide manually. If a judicial ruling exists, we need to provide copies of the data via this computer, for example, transfer by FTP access (one-way).

Even without a SINA box, we are – in the event of a judicial ruling – already required to surrender an email account’s data, which we also point out in our privacy policy. Every email provider in Germany is required to do this, no matter how small.

The legislator has set the hurdle for surrender of content very high: Your emails are governed by secrecy of telecommunications. Because we never surrender email accounts of our own free will (§ 94 Abs. 1 StPO), instead always formally objecting, the lawful seizure of a Posteo account must always be ordered by a judge (§ 94 Abs. 2 StPO, § 98 Abs. 1 S. 1 and Abs. 2 S. 1 StPO). The command to lawfully surveil an email account can only be obtained in cases of specific, severe crimes, and not for infringements, among other things. The legal ruling on this can be found, for example here. The judicial ruling must be presented to us (the provider) and will be checked by our lawyers for scope and formal correctness before we provide any data.

After submission of a judicial ruling, the provider therefore delivers the data itself. The user must not be informed about the order for lawful interception. This is prohibited; we would make ourselves liable for prosecution.

At present, for example, we would have to send a DVD containing the email account contents to the authority – via the SINA box, the authority would obtain the data more quickly and securely. Otherwise, there is no difference to the previous procedure. In addition, there is no possibility for the authorities to access our users’ data.

We would like to release a transparency report on the number of requests from authorities as soon as possible. This would certainly counter general uncertainty. Unfortunately, it is not yet fully clear if this is permitted under German law. It is possible that we could make ourselves liable for prosecution by publishing a transparency report. We are currently obtaining a legal opinion on this. We will shortly provide a page with information about common legal questions.

We hope we have provided some clarity with this piece.

Best regards,

The Posteo team