mailbox.org transparency report 2023: 33.8 % of requests were inadmissible

In our transparency report, we disclose the type and scope of requests for information that mailbox.org has received from public authorities. In the previous year 2023, the total number of requests has increased. However, more than one-third of all requests had errors.

A total of 45 out of the 133 requests we received from public authorities in 2023 were rejected because of errors that made them legally inadmissible. Compared to the previous year, the proportion of unlawful requests that were ultimately rejected did increase: from 12.7 % in 2022 to 33.8 % in 2023.

The use of e-mails and the most common reason for rejection

Many authorities have now also recognised that requests for information by fax and e-mail in plain text are no longer accepted. After all, in 2023, most requests for information were made by encrypted e-mail, which we were then able to assess properly. Nevertheless, 27.1 % of enquiries were still received by plain text email and 6.0 % by fax. However, this form of transmission has no longer been permitted by the Federal Network Agency since 2023 for security reasons. We hope that the investigating authorities will soon all comply with this instruction.

A brief comparison to the year before

  1. The total number of enquiries rose from 55 (2022) to 133 (2023).
  2. Only 66.2 % of requests were submitted correctly, compared to 74.6 % in 2022.
  3. We received most requests by email, encrypted with PGP.

Requests sent to mailbox.org in the year 2023

Total number of requests: 133
From German authorities: 130
From foreign authorities: 2
From foreign non-EU authorities: 1

Organisations
Criminal investigative authorities: 133
Customs authorities: 0
Intelligence services: 0

Request type
Contact data requests: 130
Inbox confiscations: 3
Traffic data requests: 0
Telecommunications interceptions: 0

Our reports from previous years can be found in the section transparency reports.

 

 

How we deal with requests

mailbox.org follows a standardised process when dealing with requests for information from official authorities. Each request will be comprehensively reviewed and assessed by our data protection officer and a lawyer, and then either processed or rejected accordingly. When a request gets rejected, the submitting authority may correct any errors and then resubmit for another review. Data will only be released by us if a related request is actually lawful and formally correct.

Data that authorities may be interested in
  1. Contact data: This includes the name, address and phone number of the account holder, as well as details about their contract with us.
  2. E-mail data: Access to all e-mails currently held in an account's mailbox.
  3. Traffic data: The IP addresses associated with mail server logins when fetching, reading, or sending e-mails.
  4. Telecommunications interception data: Obtained through the temporary surveillance of all ongoing e-mail communication of an account.
  • zurück
  • nach Oben