In Tuta’s October 21st, 2025 blog[1] they talk about a U.S. “Government encryption backdoor”.
Beginning of this year, this government backdoor was debated heavily and for a short while it looked like Section 702 could expire at the end of December 2024, but US officials reauthorized it for two more years. So the government backdoor to encryption in the US still exists.
What specific back door are they referencing, I’ve found no further specifics in the blog?
This doesn’t imply any backdoor to encryption.
There is no mention of encryption, only that of the NSA being allowed to collect data about foreign and domestic persons’ communications.
I missed it being an encryption backdoor somehow. I’m not sure if that’s really accurate, but my understanding is that it is a backdoor in the sense that it provides a loophole for spying on Americans “incidentally” and without warrants.
I’m not aware of any technical or explicit encryption backdoor there, but I might just be uninformed.
Yeah, I’ll wait some time before pinging Tuta’s account here in the case that anyone spots some obvious mention that we’ve missed.
Though, in the case of public key cryptography, maybe you could extrapolate that a man in the middle attack could be conducted? But that feels like a stretch.
Yeah, the law in question also mainly talks about using data from existing (software company’s?) databases but I wouldn’t put it past the NSA to be intercepting HTTPS traffic armed with a Root CA’s private key but that’s a whole other discussion.
Tuta has made a mistake with this statement and should issue a correction. Given they are a German company this is likely a language issue or just a good old fashioned typo.
In any case, it is factually incorrect as written.
@Tuta_Official was “Government encryption backdoor” mistake in your latest blog[1] or did you just mean that the U.S. government has access to a lot of data about people?
IMO, the folks here are being very generous toward Tuta. The inaccuracies and misleading text surrounding Section 702 in that blog post suggest a misunderstanding of basic concepts and lack of editorial oversight. This is very disappointing and damaging to Tuta’s reputation as a serious secure service provider. I hope they fix this soon so as to limit the damage.
I try to extend a lot of grace for a mistake, especially from folks with otherwise good reputations.
The real test is how they react once the mistake is brought to their attention. If they acknowledge it and correct it; that’s fantastic. If they double down….well then they fail the test and lose all credibility.
I once told Tuta about a mistake they did
They acknowledged it
But they didn’t change it
Maybe they are careful now after that but
At best they just barely passed the test, at worst they would have already lost the credibility
I decided to reach out directly to get this settled as I would love to see what they really meant and I can easily envision them not visiting this forum and seeing this thread.
But they didn’t change it
I referenced this thread suggesting that they can reply publicly here if they wish.
Either this was written by AI, or is just very rushed.Another mistake here
At present, Chat Control has been put on hold in the EU Commission since Hungary could not get a majority due to opposition from the Netherlands.
I don’t remember if this statement was true before, but in any case Hungary presided the council back in 2024. That’s why it seems written by AI, with outdated knowledge.