Germany's Interior Minister Horst Seehofer purportedly wants to force messaging providers such as WhatsApp, Telegram, and Threema to provide plain text chats to law enforcement agencies on a court order as reported by Der Spiegel and from a number of other German news outlets. This means that the leader of the Christian Social Union (CDU) basically wants to ban messaging end-to-end encryption since for keeping cleartext logs of encrypted chats the apps would either have to be injected with some sort of backdoor or the encryption removed altogether. Seehofer is also known for his "zero tolerance" policy toward criminals and for calling for "video surveillance at every hot spot in the country" according to Deutsche Welle.
Seehofer's proposal"Messenger services such as WhatsApp or Telegram should be obliged to record the communications of their customers and to send them to authorities - in a readable form, ie unencrypted," as Der Spiegel reports [automated translation]. Also, "providers who do not fulfill this obligation should be banned by order of the Federal Network Agency for Germany" with the new rules to be enacted by the end of the year.
The proposal also says that the freedom to use messaging encryption has to be "reconciled with the unavoidable needs of security agencies" to have access to communications when mandated by a court.
According to the German Ministry of the Interior, Building and Community proposal, messaging apps can use encrypted communication by default but they would also have to ensure "state-of-the-art access to the contents of communication as a legally regulated exemption for their users".
The ongoing war against encryptionThis is not unprecedented for Germany given that two years ago, during early-December , German authorities were also working on a new law that would force device manufacturers to add backdoors within products to be used by law enforcement agencies during legal inquiries.
While anti-encryption laws are not something new, with Australia — a member of the Five Eyes intelligence alliance — being the most recent example and China, Syria, Russia, and Iran being other prominent precedents, enforcing a ban on end-to-end encryption is virtually impossible. Despite this, such law proposals will pop up once in a while and are definitely not a surprise for anyone seeing the amount of German, French, and British lobbying for mandatory encryption backdoor legislation that has been observed lately. For instance, the German and French Ministers of the Interior sent a joint letter to the European Commission in support of encryption backdoors back in 2017.
In the EU and across the pondAcross the ocean, in the U.S., similar efforts have been made by U.S. Deputy Attorney General Rod Rosenstein as shown by his remarks on encryption at the United States Naval Academy on October 10, 2017.
"Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety," said Rosenstain. "Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones that permit criminals and terrorists to operate without detection by police and without accountability by judges and juries."
Governments in the G7 and around the world need to resist this seemingly benign request from their law enforcement establishments, and resolve instead to make sure that their citizens have the best tool to protect them: strong encryption, from end to end, deployed widely, to defend the society against its attackers.
Also, "There is no constitutional right to sell warrant-proof encryption. If our society chooses to let businesses sell technologies that shield evidence even from court orders, it should be a fully-informed decision."
During March 2017 , EU Justice Commissioner Vera Jourova also announced that the European Commission wants to allow law enforcement to get access to messages sent using encrypted IM services. BleepingComputer has reached out to the Press and Information Office of the German Federal Government for comment but had not heard back at the time of this publication. This article will be updated when a response is received
This article is organized into four parts: (1) reviewing the benefits and risks of an EA encryption system from a policy viewpoint; (2) providing a skeletal definition of the security guarantees that EA encryption should provide in order to mitigate the policy risks; (3) listing several possible capabilities that an EA system might provide in an attempt to identify a minimum viable product together with law enforcement; and (4) constructing policy to revive research into EA’s technology challenges, an area that has been mostly dormant for two decades.
Related Articles:Google Under GDPR Probe After Ad Exchange Privacy Complaint Google Tracks Purchases For Paying G Suite Users, Doesn’t Show It
Microsoft Edge to Make it Easier to Clear Your Browsing Data Google is using Your Gmail Account to Track Your Purchases Google Payment Privacy Settings Hidden Behind Special URL