[higherpurpose]

I doubt any system designed in such a way that the provider simply can't access the information, could be forced by authorities to provide some kind of backdoor into it, if it's a somewhat lawful country, and not one such as North Korea or whatever. Whether companies can be intimidated into doing it is a whole other story, but legally, I doubt any democratic government should be able to force them to do that.

[mike-cardwell]

Hushmail is a similar service, but uses a java applet for the client side crypto. It's my understanding that they have been legally compelled at least once to deliver a backdoored applet to the client in order to access the clear text email. I think they're Canadian. I don't have references to hand, but a Google search should turn some stuff up.

Whilst yu, "doubt any democratic government should be able to force them to do that", I on the other hand suspect that most (if not all) democratic governments have ways of doing exactly this.

[akerl_]

Except those two things are mutually exclusive: A provider that can put a backdoor in can access the data, they're just choosing not to right now. Relevant example:

http://www.daemonology.net/blog/2012-01-19-playing-chicken-w...

[ianopolous]

Here's an example of that for PrivateSky: http://www.ibtimes.co.uk/gchq-forced-privatesky-secure-email...

[aswerty]

PrivateSky looks like it had the same failing as LavaBit in that the service provider actually had access to the decryption key for your email. So encryption in these services was vulnerable to a court order imposed on the service provider to use or share the key.

I'm not saying Tutanota don't have an issue like this but their main selling point appears to be that this isn't the case.