A group of delegates was wondering the same and asked the German federal government about the state of it. The answers they got support the impression that the officials could be equally unsure of the future success.

Data-security

DE-Mail is an attempt by the Government and private companies to make exchanging legal documents over the internet possible and secure. It’s intended to reduce communication cost for companies and administration. However, the project was widely criticised from the beginning as it was lacking end-to-end encryption, costs the same as sending a letter for the user and is not exactly user friendly. Even though some of those flaws were handled DE-mail still hasn’t gained traction in the wider public. In order to shed some light on it a group of delegates wrote an open letter and asked the federal government about the state of the project.

According to official statements there are apparently about a million private customers, some ten thousand SME customers and circa one thousand large corporate customers registered. What they don’t tell is how many of those are actually active users. There is very little visibility of DE-mail to the general public e-mail and data exchange. Another question that wasn’t clearly answered is when the responsible officials expect to reach the “critical mass” of users that they claimed to be necessary to run DE-mail in the long term. This could turn out to be the key problem as user acceptance is critical to drive a project like this. And with no plans to connect the closed system to other services combined with still low usability it is highly unlikely that a paid service will gain further traction any time soon.

Next to the systematic limitations DE-mail is also being criticised for its technology. The latest implementation of ‘Pretty Good Privacy’ program (PGP) now enables end-to-end encryption but has always been said to be very inconvenient and difficult to set up and use. And as long as it is easier for companies and citizens to write a letter and send it via postal service at the same cost there is no real incentive to use a solution like DE-mail. Even though providers responded to this with the statement that they improved the implementation and handling of the technology, they apparently forgot that they only made an inconvenient solution a little less inconvenient – instead of coming up with a proper one from beginning.
Apart from making the exchange of legal documents easier DE-mail is also intended to make it secure. Accordingly in July 2014 the legal relevance of a DE-mail had been defined by law. Which brought a loud outcry and much laughter among security experts as it is basically the same as saying “This product is secure because we say it is secure.” The lack of credibility is even further enhanced by the fact that it is not the actual sender providing the signature but the DE-mail provider. Therefore any mail sent through DE-mail is automatically seen as safe – no matter who actually sent it.

In reaction to these murky and unexciting news from the government the press has little positive to say. But instead of just stating the fact that DE-mail is apparently not successful so far and has various flaws we see it as an occasion to learn from the mistakes.

From experience we can say that a system only finds acceptance and use when it solves an actual problem without creating new ones. Security and user acceptance can’t be demanded by law but is gained by intelligent use of technology and without losing focus of the end user.

You can find the original German request and answers here:

Topics

About this blog

With our software Cryptshare we enable our customers to share e-mails and files of any size securely in an ad-hoc way with a detailed audit trail and a strong ROI.

On our blog we write about email encryption, cybercrime, security gaps, malware, data protection and more. In short, anything about data security.

Follow us