Hear this story and other latest updates on our Privacy First Podcast Episode here:

A ruling by the Regional Court of Cologne has now forced the Hanover-based company to install a function that enables investigators to monitor individual mailboxes and read mails in plain text.

Tutanota intends to appeal against the decision, but this has no suspensive effect. "We therefore already had to start developing the monitoring function," a spokeswoman explained to c't in mid-November. If the appeal is successful, the function will not be activated or removed.

The Cologne ruling deviates from the case law of other courts. For example, the Regional Court of Hanover decided that Tutanota does not provide or participate in "telecommunication services" in the legal sense - and therefore cannot be obliged to perform telecommunication surveillance. The Hanoverian judges again referred a ruling of the European Court of Justice (ECJ) of 2019, according to which e-mail services are not communication services.

LKA wants to monitor post office box

In this case it is about an extortion mail that was sent from a Tutanota mailbox to an automotive supplier. Tutanota is now forced to program a function by the end of the year that will enable the State Office of Criminal Investigation of North Rhine-Westphalia to monitor this mailbox.

Tutanota responded by saying, "The encrypted data can't be decrypted by us as only the user holds the key for decryption. This ruling requires Tutanota to hand out newly incoming and outgoing non-encrypted emails of one suspected criminal before these are being encrypted.

The ruling does not affect any other mail account. It also does not affect already encrypted data or emails that are sent with end-to-end encryption."