German Officials Think German Citizens Need Less Security, More Encryption Backdoors
from the GET-OFF-THE-WORLD-STAGE dept
There's another player on the world's anti-encryption stage. Some German government officials apparently feel it's OK for people to have encryption, but not secure encryption. The German government is exploring the idea of asking forcing tech companies to backdoor their encrypted communications platforms, presumably for the greater good of insecure humanity.
Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.
According to Der Spiegel this month, the Euro nation's Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people's private enciphered chats to authorities that obtain a court order.
This is a move designed for efficiency, not security. German law enforcement is limited to pulling communications from seized devices currently -- one of the few places where encrypted communications can be found in plain text. Of course, device encryption is a thing these days, so this option is rapidly becoming about as productive as demanding tech companies hand over communications they don't actually store in plain text.
Something's got to give and it seems it won't be the government doing any compromising. But it won't be an easy push for anti-encryption legislators. Opponents within and without the government are expected to push back hard on this dangerous idea.
The new rules are set to be discussed by the members of the interior ministry in an upcoming June conference, and are likely to face stiff opposition not only on privacy grounds, but also in regard to the technical feasibility of the requirements.
As is always the case when encryption is on the line, those pushing for backdoors are claiming this not-all-that-new method of shielding stuff from prying eyes (the government's included) has done little but allow criminals and terrorists to operate with impunity. And as is always the case when these claims are made, zero evidence is presented that supports these theories.
One fact, however, cannot be ignored: a handful of European governments have pitched encryption backdoors over the past several years. But so far, not a single one has managed to actually implement such a mandate.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, encryption, germany
Reader Comments
Subscribe: RSS
View by: Time | Thread
If they honestly think backdoors are a benefit, give them one
Since they feel that backdoors are for the best, they clearly wouldn't mind the public having a backdoor into their most secure networks, the public should have a free look at their files. If that sounds insane, so does the idea of having an insecure network and backdoors into anything. With quantum computing, the most secure networks can be cracked within a day or two. Anyone who claims otherwise needs to be fired since they clearly don't care about the people they work for.
[ link to this | view in chronology ]
Re: If they honestly think backdoors are a benefit, give them on
I'm sorry but this is simply not true, at least not in the broad strokes that the statment paints with.
It IS true that quantum computers, with Shor's algorithm, has the potential to comprimse ECC, and RSA, which are two asymetric encryption algorithms. However see post-quantum cryptography (https://en.wikipedia.org/wiki/Post-quantum_cryptography), which currently a developting field.
Note that, last I checked, there is no publically disclosed quantum computer cabably of launching these attacks.
Also note: while wikipidea can not be considered an authoratative source, for general ideas about what a subject/topic is, it is generally sufficent.
AES, probably the most commonly used symetric algorithm, does not suffer as much from the enhancements of quantom computing (there is an effect but no where near that gained against asymetric algorithms). Typically doubling the key size is sufficent for symetric algorithms to regain their security (so AES-256 would be approximate security, against quantum computers, as AES-128 is against classical attacks).
[ link to this | view in chronology ]
Re: If they honestly think backdoors are a benefit, give them on
The problem is they only intend the backdoor to be applied to citizen's encryption.
Notice they didn't say all encryption just the common chatting apps used by citizens.
[ link to this | view in chronology ]
Rules for thee, not for me.
The backdoor-mandates conversation always goes this way. Our governments don't want true transparency, and they argue national security to hide their communications and evade public oversight.
But then they expect the people to hobble their own communications security so the state can spy on them (again in the name of national security) not addressing that it makes them vulnerable to other aggressors (such as business rivals and corporate espionage groups).
Strong communications security (including robust crypto) is essential for any business in an industry where there are competitors, and rather than stay within the law, we can expect businesses to circumvent it, utilize steganography or ignore the law the way we ignore speed limits and age gates.
[ link to this | view in chronology ]
While we're requiring people to provide things theydon't have...
What do you mean, 'end-to-end encrypted' implies that you don't have the conversation in plain-text? You're required by law to provide it to us, so you better go get it for us! How? We don't care how!
Oh, and while you're at it, you're also legally required to provide us with the Crown Jewels of England and a copy of Homer's Iliad written by the author's own hand.
Now, hop to it!
[ link to this | view in chronology ]
Why don't they just demand that all internet traffic from individuals, along with their phone call meta data and audio, are stored unencrypted, along with a government logon to the database so that it is available to the authorities whenever they feel a need? Better tell the postal and parcel companies that the contents of all packages and letter are to be imaged and stored as well. That way the only people able to conspire to rob and cheat the public will be the politicians, and whoever they extend their protection to.
[ link to this | view in chronology ]
It's easier to just start rooting for the fascists.
[ link to this | view in chronology ]
Everything old is new again
Erich Mielke would be proud of his successors actions.
[ link to this | view in chronology ]
Karmic Cautionary Tale
Perhaps the example of one, modern, first-world nation ravaged by the effects of broken encryption in the context of the contemporary world will shake other governments awake to the dangers.
<s>Maybe a generous history will record Germany as the brave, self-sacrificing country that destroyed itself to provide the much-needed wake-up call about encryption.</s>
[ link to this | view in chronology ]
Funny you should mention that
Germany already has a cautionary tale regarding the failure of communication security ultimately ensuring the entire nation's downfall.
[ link to this | view in chronology ]
Re: Funny you should mention that
So, you're saying Germany is a land of slow-learners, or we (the rest of the world) misinterpreted their intent the last time the German people immolated themselves in the flames of bad-communication-security choices?
[ link to this | view in chronology ]
The land of slow-learners (and chocolate!)
I'm saying the advocates of hobbling communications security in Germany are failing to remember the lessons of the past. This is not to say that Germany is a monolithic state of slow learners.
If Germany's administrators are learning slowly, they're certainly not unique in doing so. A lot of nations, perhaps all industrialized nations have fielded the question of hobbling communications in the name of national security, or enabling law enforcement to conduct searches more easily. Typically it's struck down, or the perverse effects of the policy are quickly discovered, and that doesn't stop the topic from rising again and again and again.
So there is an argument to be made that human beings in general are slow learners, especially when it comes to intersections between technology and the desire to preserve status-quo power structures.
To be fair, the Zimmerman telegram serves as a study of how crypto weakens with time when there are adversarial interests who want the coded data. It's applicability to the current situation is the concern that criminal interests will seek to find the built-in weaknesses and exploit them for their own gain at the expense of the public. And we tend to underestimate them.
I can't speak for the corruption of German law enforcement or the institutions that support them, but institutions invariably abuse power when given too much latitude to use it. And that is the sort of things that brings ruin to nations.
[ link to this | view in chronology ]
OMFG!!
Lets see..
Australia is doing it..
Germany is going to do it..
YOU THINK the USA isnt??
i wonder about Huawei, and comparing Them with what the USA wants to do...Think Cisco is in on this??
[ link to this | view in chronology ]
Sieg Heil! Heil Hitler!
[ link to this | view in chronology ]
'You first'
Anyone who proposes broken encryption should be faced with a 'put up or shut up' challenge: either all of their personal data(medical, banking, personal email and so on) is protected by deliberately broken encryption for a period of no less than a year after a public announcement of the new encryption they are using, or they publicly admit that the idea is monumentally stupid and dangerous and drop it.
If dangerous fools like that had to deal personally with the fallout from broken encryption then I suspect they would be much less eager to push it, as it's not nearly as fun if they have to pay the price themselves and can't just make everyone else suffer instead.
[ link to this | view in chronology ]
Re: 'You first'
LEt them Dump all our info on the net, into real life...
PLEASE...
Let our personal data and CC# be in the public domain..
They wont be able to Prove who did what EXCEPT..the reasoning to add MORE security, More camera's to Prove you made a purchase(Iv talked to a few people, already) Every purchase, and Every MALL will have tons of camera's..
Even look at HOW to prove a person IS who they think they are...
Anyone for a Tattoo?
[ link to this | view in chronology ]
Encryption Law? Really?..
I don't think these legislators know anything about tech except how to post on Facebook and watch kitty videos on 9gag.
Basically anyone who wants to correspond via internet via encrypted text, voice, or whatever, they can.
Encryption algorithms are public knowledge, easily implemented, and writting an APP is easy and you don't even need to publish it on a Store.
You can, literally, in one day write an encrypted chat, with 1024+ bit encryption key, with multi layer encryption, maybe with multiple encryption keys.
And piéce of resistence, make it P2P based with discovery services in order to not have it stored anywhere.
How are they going to force whatever legislation on companies then?
Pass the communications on TOR or use VPN. How are they going to find the users? Are they fining users?
They don't know the difference between a bit and a byte and want to chip in a conversation they don't understand... But hey, it's politics for you.
And politics always dabbed in shit they don't understand.
[ link to this | view in chronology ]
Re: Encryption Law? Really?..
A friend found a P2P2p chat program for me..NO server..and you must know each persons location and how to get there, once connected, its encrypted..
You an have 8+ people in your chat, and if 1 of them doesnt have 1 persons connection, He cant hear him. its great.
[ link to this | view in chronology ]
Re: Re: Encryption Law? Really?..
Since encryption keys can be generated on the fly and with proper key it can be quick to encrypt/decrypt content.
You can even double-chyper it by encrypting the connection and then the messages. Even a man-in-the-middle attack would be pointless.
[ link to this | view in chronology ]
These countries want back doors. But the simple fact is, anyone with half a brain could then install 3rd party encryption, at least on Android phones that have ZERO back doors and be protected. They can't stop that no matter how much they wish.
They want to hurt 99% of the population to try and catch that other 1%. When will end up happening is the 99% ends up getting harmed far, far worse. It's not worth it.
[ link to this | view in chronology ]