Last year, the email provider mailbox.org had to increasingly deal with requests for information from law enforcement authorities, of which over a third (33.8 percent) were incorrect. This emerges from the 2023 transparency report that the Berlin company published on Tuesday. The total number of official requests for information rose sharply to a total of 133 in 2023 compared to 55 in the previous year. At the same time, the provider classified 45 requests as illegal and did not respond to them. In 2022, the company rejected 14 more, which at the time corresponded to around a quarter of the total requests.
Advertisement
Since the beginning of 2023, authorized authorities have been required to submit requests via a special email-based transmission method (email ESB) or PGP encrypted channels. Requests by fax and email with plain text are no longer permitted. Nevertheless, according to the figures now presented at mailbox.org, over 27 percent of all inquiries were still received via unencrypted email and six percent via fax. This non-legally compliant approach was also the most common reason for rejected requests in 2023. The requirement for email services to only communicate with the authorities via secure channels has been in effect for years, explained managing director Peer Heinlein. The fact that there is now a balance between the two sides again contributes to the best possible protection for users.
The 133 inquiries all came from law enforcement authorities, 130 of which were based in Germany. Two requests came from other EU states and one from a third country. Customs or secret services did not contact mailbox.org. 130 requests concerned inventory data such as telephone number, name and address of the owner, information about the contract and tariff features. In three cases, the investigators wanted to confiscate all emails in the account's mailbox. Telecommunications were to be monitored five times for a certain period of time. All incoming and outgoing emails must be recorded and forwarded to the authorities. The company did not receive any requests for connection data such as IP addresses in 2023.
Every request is reviewed by a lawyer
According to its own information, Mailbox.org has a standardized process for processing and responding to requests for information from the authorities. Every request is extensively checked, evaluated and answered or rejected accordingly by the company data protection officer and lawyer. In the event of a rejection, the authority can correct your application. In any case, data would “only be released upon legitimate and error-free request.”
In June 2019, mailbox.org temporarily suspended processing requests for telecommunications surveillance due to a lack of legal basis. This was preceded by a ruling by the European Court of Justice (ECJ) in connection with Gmail: Google's webmail service did not see itself as a telecommunications service and was ruled in favor in Luxembourg. This means that the company does not have to provide any interfaces for data access by prosecutors. Heinlein welcomed the fact that at least more authorities have now become aware of the new legal situation, according to which inquiries can only be secured additionally or made by post. In 2021, unencrypted requests still accounted for 61.8 percent.
(olb)