The German encrypted email service Tutanota has released its iOS app, weeks after its Android app came out. The delay in the release of the iOS app was apparently due to the need for those publishing open-source apps of this kind to first notify the NSA and the U.S. Commerce Department of their existence — it seems Apple is more strict about making sure this measure has been taken.
Tutanota, already available as a free webmail service and paid-for Outlook plugin, uses encryption based on open-source implementations of algorithms using 128-bit AES and 2048-bit RSA, though PGP compatibility should also be introduced somewhere down the line.
It automatically encrypts and decrypts the emails that users send to other Tutanota users. If a Tutanota user sends an email to someone not using the system, it can also be sent encrypted (the email is encrypted in the sender’s client and she has the only key) but the password will need to be shared with the recipient via phone, in person or using some other method. Unencrypted emails sent to a Tutanota user are also encrypted with the recipient’s public key once they reach the company’s German servers.
Currently, the downside is that users have to use a “tutanota.de” email address, which isn’t necessarily an attractive option for everyone, but company founder Matthias Pfau told me the firm will soon add other domain options. Those wanting to use their own domains will also get to do so at some point, but that will be a paid-for premium feature.
Pfau said the iOS and Android apps had been submitted to their respective app stores at the same time, but [company]Apple[/company] requires suppliers of open-source security software using cryptographic functions with asymmetric algorithms to — as U.S. export regulations dictate — notify the Commerce Department’s Bureau of Industry and Security (BIS) and the NSA’s ENC Encryption Request Coordinator of what they’re putting out there. This seems to be about notification only, rather than seeking approval from these agencies as such.
I wasn’t previously aware of this requirement, but here’s what the rules say (PDF) about “publicly available encryption source code”:
You must notify BIS and the ENC Encryption Request Coordinator via e-mail of the Internet location (e.g., URL or Internet address) of the publicly available encryption source code or provide each of them a copy of the publicly available encryption source code. If you update or modify the source code, you must also provide additional copies to each of them each time the cryptographic functionality of the source code is updated or modified. In addition, if you posted the source code on the Internet, you must notify BIS and the ENC Encryption Request Coordinator each time the Internet location is changed, but you are not required to notify them of updates or modifications made to the encryption source code at the previously notified location.
Anyhow, should you use Tutanota? Well, the fact that you need a special email address is in itself a limiting factor: chances are people know your existing email address and will default to using that. There are several encryption systems out there that rely on pre-shared passwords (such as OX Guard) and, while they do avoid the difficulties of dealing with the PGP key system, unless you can exchange passwords in person you’re arguably less secure than if you were using PGP – it really depends on whether you’re under heavy targeted surveillance.
In theory, you don’t need to trust Tutanota to use its system, as you would hold your key (and the company wouldn’t be able to remind you of it if you lose it). The company has had a security scare in the past, with a researcher finding a cross-site scripting vulnerability, but that flaw was patched up and Tutanota subsequently went open-source and published its code. That means it can be freely audited, though it doesn’t necessarily mean that it has been thoroughly audited. Pfau told me a couple bugs had been flagged this way, but they had nothing to do with the service’s security.