Federal Office for Information Security (BSI)

BSI Magazine

Editorial BSI Magazine 2018/02

The secrecy of correspondence is a precious good. Protected by the German Constitution, it is just as inviolable as the secrecy of post and telecommunications.
We make use of this fundamental right as a matter of course and protest when it is violated. But we also adhere to the simple rules that help to preserve it. Hardly anyone would think of sending confidential information on a postcard.

In reality, however, an unencrypted e-mail is just the same: Anyone who gets their hands on it can read it. Dealing with confidential information in the digital world is often quite different than dealing with it in the real world. Often – iIn our private lives as well as at work – we deal with e-mails as if we were sending holiday greetings by postcard.

Encrypted communication is an important basis for the success of secure digitalisation in government, business and society. However, although providers now offer a wide range of encryption solutions, these have hardly been used to date. The main reason for this is that everyday use is too complicated for many people. Above all, the complexity of applying for and managing a key poses an obstacle to widespread use. This is where the BSI’s easyGPG project comes in, which we present to you in detail in this issue of the BSI Magazine starting on page 39. The BSI is also involved in the topic of e-mail security throughout Europe: You’ll read about how we establish modern security standards for e-mail transport together with European partners starting on page 10.

At the same time as increasing user-friendliness, confidence in the security of e-mail communication must be stabilized. The vulnerabilities discovered in 2018 in S/MIME and OpenPGP, the two most widely used standards for e-mail encryption, have caused concern among many users. In the long run, an adaptation of the known encryption standards and new investments in cryptography will be necessary. The BSI, as the national cyber security authority, has offered its support in this regard. We are expressly adhering to our goal of making Germany the number 1 encryption location. How we deal with public key cryptography for the age of quantum computers, for example, can be read from p. 22.

The expansion of the BSI as a national cyber security authority and central competence centre for information security, as planned by the Federal Government, is also a prerequisite for our being able to play an even stronger role when it comes to encryption.

Beyond the topic of e-mail security, this issue of the BSI magazine once again presents a broad spectrum of topics, including the security of online payment services as well as cooperation with our Dutch partners from the NCSC and digital consumer protection.
I hope you enjoy reading this issue!

Sincerely Yours,

Arne Schönbohm,
President of the Federal Office
for Information Security (BSI)