German Officials Think German Citizens Need Less Security, More Encryption Backdoors

from the GET-OFF-THE-WORLD-STAGE dept

There's another player on the world's anti-encryption stage. Some German government officials apparently feel it's OK for people to have encryption, but not secure encryption. The German government is exploring the idea of asking forcing tech companies to backdoor their encrypted communications platforms, presumably for the greater good of insecure humanity.

Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.

According to Der Spiegel this month, the Euro nation's Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people's private enciphered chats to authorities that obtain a court order.

This is a move designed for efficiency, not security. German law enforcement is limited to pulling communications from seized devices currently -- one of the few places where encrypted communications can be found in plain text. Of course, device encryption is a thing these days, so this option is rapidly becoming about as productive as demanding tech companies hand over communications they don't actually store in plain text.

Something's got to give and it seems it won't be the government doing any compromising. But it won't be an easy push for anti-encryption legislators. Opponents within and without the government are expected to push back hard on this dangerous idea.

The new rules are set to be discussed by the members of the interior ministry in an upcoming June conference, and are likely to face stiff opposition not only on privacy grounds, but also in regard to the technical feasibility of the requirements.

As is always the case when encryption is on the line, those pushing for backdoors are claiming this not-all-that-new method of shielding stuff from prying eyes (the government's included) has done little but allow criminals and terrorists to operate with impunity. And as is always the case when these claims are made, zero evidence is presented that supports these theories.

One fact, however, cannot be ignored: a handful of European governments have pitched encryption backdoors over the past several years. But so far, not a single one has managed to actually implement such a mandate.

Filed Under: backdoors, encryption, germany


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 3 Jun 2019 @ 9:52am

    If they honestly think backdoors are a benefit, give them one

    Since they feel that backdoors are for the best, they clearly wouldn't mind the public having a backdoor into their most secure networks, the public should have a free look at their files. If that sounds insane, so does the idea of having an insecure network and backdoors into anything. With quantum computing, the most secure networks can be cracked within a day or two. Anyone who claims otherwise needs to be fired since they clearly don't care about the people they work for.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Jun 2019 @ 10:13am

      Re: If they honestly think backdoors are a benefit, give them on

      With quantum computing, the most secure networks can be cracked within a day or two.

      I'm sorry but this is simply not true, at least not in the broad strokes that the statment paints with.

      It IS true that quantum computers, with Shor's algorithm, has the potential to comprimse ECC, and RSA, which are two asymetric encryption algorithms. However see post-quantum cryptography (https://en.wikipedia.org/wiki/Post-quantum_cryptography), which currently a developting field.

      Note that, last I checked, there is no publically disclosed quantum computer cabably of launching these attacks.

      Also note: while wikipidea can not be considered an authoratative source, for general ideas about what a subject/topic is, it is generally sufficent.

      AES, probably the most commonly used symetric algorithm, does not suffer as much from the enhancements of quantom computing (there is an effect but no where near that gained against asymetric algorithms). Typically doubling the key size is sufficent for symetric algorithms to regain their security (so AES-256 would be approximate security, against quantum computers, as AES-128 is against classical attacks).

      reply to this | link to this | view in chronology ]

    • identicon
      bob, 3 Jun 2019 @ 10:58am

      Re: If they honestly think backdoors are a benefit, give them on

      The problem is they only intend the backdoor to be applied to citizen's encryption.

      Notice they didn't say all encryption just the common chatting apps used by citizens.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 3 Jun 2019 @ 11:41am

        Rules for thee, not for me.

        The backdoor-mandates conversation always goes this way. Our governments don't want true transparency, and they argue national security to hide their communications and evade public oversight.

        But then they expect the people to hobble their own communications security so the state can spy on them (again in the name of national security) not addressing that it makes them vulnerable to other aggressors (such as business rivals and corporate espionage groups).

        Strong communications security (including robust crypto) is essential for any business in an industry where there are competitors, and rather than stay within the law, we can expect businesses to circumvent it, utilize steganography or ignore the law the way we ignore speed limits and age gates.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jun 2019 @ 10:15am

    While we're requiring people to provide things theydon't have...

    Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.

    What do you mean, 'end-to-end encrypted' implies that you don't have the conversation in plain-text? You're required by law to provide it to us, so you better go get it for us! How? We don't care how!

    Oh, and while you're at it, you're also legally required to provide us with the Crown Jewels of England and a copy of Homer's Iliad written by the author's own hand.

    Now, hop to it!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jun 2019 @ 10:17am

    Why don't they just demand that all internet traffic from individuals, along with their phone call meta data and audio, are stored unencrypted, along with a government logon to the database so that it is available to the authorities whenever they feel a need? Better tell the postal and parcel companies that the contents of all packages and letter are to be imaged and stored as well. That way the only people able to conspire to rob and cheat the public will be the politicians, and whoever they extend their protection to.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jun 2019 @ 10:43am

    It's easier to just start rooting for the fascists.

    reply to this | link to this | view in chronology ]

  • icon
    Dan Neely (profile), 3 Jun 2019 @ 11:02am

    Everything old is new again

    Erich Mielke would be proud of his successors actions.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jun 2019 @ 12:07pm

    Karmic Cautionary Tale

    Perhaps the example of one, modern, first-world nation ravaged by the effects of broken encryption in the context of the contemporary world will shake other governments awake to the dangers.

    <s>Maybe a generous history will record Germany as the brave, self-sacrificing country that destroyed itself to provide the much-needed wake-up call about encryption.</s>

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 3 Jun 2019 @ 2:15pm

      Funny you should mention that

      Germany already has a cautionary tale regarding the failure of communication security ultimately ensuring the entire nation's downfall.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Jun 2019 @ 1:26pm

        Re: Funny you should mention that

        So, you're saying Germany is a land of slow-learners, or we (the rest of the world) misinterpreted their intent the last time the German people immolated themselves in the flames of bad-communication-security choices?

        reply to this | link to this | view in chronology ]

        • icon
          Uriel-238 (profile), 4 Jun 2019 @ 2:35pm

          The land of slow-learners (and chocolate!)

          I'm saying the advocates of hobbling communications security in Germany are failing to remember the lessons of the past. This is not to say that Germany is a monolithic state of slow learners.

          If Germany's administrators are learning slowly, they're certainly not unique in doing so. A lot of nations, perhaps all industrialized nations have fielded the question of hobbling communications in the name of national security, or enabling law enforcement to conduct searches more easily. Typically it's struck down, or the perverse effects of the policy are quickly discovered, and that doesn't stop the topic from rising again and again and again.

          So there is an argument to be made that human beings in general are slow learners, especially when it comes to intersections between technology and the desire to preserve status-quo power structures.

          To be fair, the Zimmerman telegram serves as a study of how crypto weakens with time when there are adversarial interests who want the coded data. It's applicability to the current situation is the concern that criminal interests will seek to find the built-in weaknesses and exploit them for their own gain at the expense of the public. And we tend to underestimate them.

          I can't speak for the corruption of German law enforcement or the institutions that support them, but institutions invariably abuse power when given too much latitude to use it. And that is the sort of things that brings ruin to nations.

          reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 3 Jun 2019 @ 1:21pm

    OMFG!!

    Lets see..
    Australia is doing it..
    Germany is going to do it..
    YOU THINK the USA isnt??

    i wonder about Huawei, and comparing Them with what the USA wants to do...Think Cisco is in on this??

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jun 2019 @ 3:49pm

    Sieg Heil! Heil Hitler!

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 3 Jun 2019 @ 5:46pm

    'You first'

    Anyone who proposes broken encryption should be faced with a 'put up or shut up' challenge: either all of their personal data(medical, banking, personal email and so on) is protected by deliberately broken encryption for a period of no less than a year after a public announcement of the new encryption they are using, or they publicly admit that the idea is monumentally stupid and dangerous and drop it.

    If dangerous fools like that had to deal personally with the fallout from broken encryption then I suspect they would be much less eager to push it, as it's not nearly as fun if they have to pay the price themselves and can't just make everyone else suffer instead.

    reply to this | link to this | view in chronology ]

    • icon
      ECA (profile), 3 Jun 2019 @ 11:25pm

      Re: 'You first'

      LEt them Dump all our info on the net, into real life...
      PLEASE...
      Let our personal data and CC# be in the public domain..
      They wont be able to Prove who did what EXCEPT..the reasoning to add MORE security, More camera's to Prove you made a purchase(Iv talked to a few people, already) Every purchase, and Every MALL will have tons of camera's..
      Even look at HOW to prove a person IS who they think they are...
      Anyone for a Tattoo?

      reply to this | link to this | view in chronology ]

  • icon
    Infosspy (profile), 4 Jun 2019 @ 4:20am

    Encryption Law? Really?..

    I don't think these legislators know anything about tech except how to post on Facebook and watch kitty videos on 9gag.

    Basically anyone who wants to correspond via internet via encrypted text, voice, or whatever, they can.

    Encryption algorithms are public knowledge, easily implemented, and writting an APP is easy and you don't even need to publish it on a Store.

    You can, literally, in one day write an encrypted chat, with 1024+ bit encryption key, with multi layer encryption, maybe with multiple encryption keys.

    And piƩce of resistence, make it P2P based with discovery services in order to not have it stored anywhere.

    How are they going to force whatever legislation on companies then?

    Pass the communications on TOR or use VPN. How are they going to find the users? Are they fining users?

    They don't know the difference between a bit and a byte and want to chip in a conversation they don't understand... But hey, it's politics for you.

    And politics always dabbed in shit they don't understand.

    reply to this | link to this | view in chronology ]

    • icon
      ECA (profile), 4 Jun 2019 @ 8:02pm

      Re: Encryption Law? Really?..

      A friend found a P2P2p chat program for me..NO server..and you must know each persons location and how to get there, once connected, its encrypted..
      You an have 8+ people in your chat, and if 1 of them doesnt have 1 persons connection, He cant hear him. its great.

      reply to this | link to this | view in chronology ]

      • icon
        Infospy (profile), 17 Jun 2019 @ 6:01am

        Re: Re: Encryption Law? Really?..

        Since encryption keys can be generated on the fly and with proper key it can be quick to encrypt/decrypt content.

        You can even double-chyper it by encrypting the connection and then the messages. Even a man-in-the-middle attack would be pointless.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jun 2019 @ 9:09am

    These countries want back doors. But the simple fact is, anyone with half a brain could then install 3rd party encryption, at least on Android phones that have ZERO back doors and be protected. They can't stop that no matter how much they wish.

    They want to hurt 99% of the population to try and catch that other 1%. When will end up happening is the 99% ends up getting harmed far, far worse. It's not worth it.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.