diff options
Diffstat (limited to 'updates/2019')
-rw-r--r-- | updates/2019/encrypted-messengers.en.md | 298 |
1 files changed, 298 insertions, 0 deletions
diff --git a/updates/2019/encrypted-messengers.en.md b/updates/2019/encrypted-messengers.en.md new file mode 100644 index 00000000..075bd335 --- /dev/null +++ b/updates/2019/encrypted-messengers.en.md | |||
@@ -0,0 +1,298 @@ | |||
1 | title: IT security: CCC against weakening of encryption by law | ||
2 | date: 2019-06-11 20:42:46 | ||
3 | updated: 2019-06-14 16:47:27 | ||
4 | author: linus | ||
5 | tags: update, pressemitteilung, verschlüsselung, bmi | ||
6 | |||
7 | Chaos Computer Club (CCC) signed the open letter against backdoors. | ||
8 | |||
9 | <!-- TEASER_END --> | ||
10 | |||
11 | TO: German Federal Ministry of the Interior, Building and Community | ||
12 | |||
13 | IN COPY: German Federal Foreign Office, German Federal Ministry of | ||
14 | Justice and Consumer Protection, German Federal Ministry of Economic | ||
15 | Affairs and Energy, German Federal Office for Information Security | ||
16 | |||
17 | **Subject: Planned encroachment on encryption of messenger services | ||
18 | would have fatal consequences** | ||
19 | |||
20 | Ladies and Gentlemen, | ||
21 | |||
22 | the Federal Ministry of the Interior, Building and Community (BMI) plans | ||
23 | a change in the law to make it easier for German police and security | ||
24 | authorities to gain access to the digital communication of suspects in | ||
25 | the future, according to media reports. To this end, providers of | ||
26 | messenger services such as Whatsapp, Threema, and iMessage are to be | ||
27 | required by law to modify their encryption technology in such a way that | ||
28 | authorities can record the entire communication of users in cases which | ||
29 | have generated suspicion. ([reported in | ||
30 | Gerrman](https://www.spiegel.de/plus/horst-seehofer-greift-whatsapp-an-a-00000000-0002-0001-0000-000164076162)) | ||
31 | |||
32 | We expressly warn against such a step and demand an immediate | ||
33 | renunciation of this or similar political intentions at German and | ||
34 | European level. The proposed reform would precipitously reduce the | ||
35 | security level of millions of German Internet users, create new gateways | ||
36 | for foreign intelligence services and Internet criminals, and massively | ||
37 | damage Germany's international reputation as a leading location for a | ||
38 | secure and data protection-oriented digital economy. Instead of | ||
39 | implementing reform ideas that are years out of date, the German Federal | ||
40 | Ministry of the Interior, Building and Community should, in our view, | ||
41 | take a new security policy path and develop proposals that improve the | ||
42 | work of police and security authorities without downgrading the security | ||
43 | of IT systems and private communications in Germany as a whole. | ||
44 | |||
45 | Our criticism in detail: | ||
46 | |||
47 | ## The German Crypto Policy | ||
48 | |||
49 | At the end of May, it became known that the Federal Ministry of the | ||
50 | Interior, Building and Community is planning to extend the existing | ||
51 | Telecommunications Act to encrypted messengers such as WhatsApp, Signal, | ||
52 | Threema, Wire, and Telegram. This means in concrete terms: The operators | ||
53 | of these services must redesign their software in such a way that the | ||
54 | content of messages can be passed on in unencrypted form to security | ||
55 | authorities. Should the operators refuse to do so, their services would | ||
56 | be blocked in Germany. Representatives of the British GCHQ describe in | ||
57 | their “Ghost Proposal”^[\[1\]](#ftnt1){#ftnt_ref1}^ what a technical | ||
58 | implementation of the backdoors in the messenger apps could look like. | ||
59 | This proposal has recently been strongly criticized in an open letter by | ||
60 | an international alliance of industry, academia, and civil | ||
61 | society.^[\[2\]](#ftnt2){#ftnt_ref2}^ | ||
62 | |||
63 | The BMI proposal undermines twenty years of successful crypto policy in | ||
64 | Germany.^[\[3\]](#ftnt3){#ftnt_ref3}^ In the cornerstones of the German | ||
65 | Crypto Policy of 1999,^[\[4\]](#ftnt4){#ftnt_ref4}^ the then federal | ||
66 | government agreed on a principle that became known under the maxim | ||
67 | “security through encryption and security despite encryption”. This | ||
68 | principle has since been confirmed several times by the subsequent | ||
69 | federal governments. In 2014, Germany even expressed the ambition to | ||
70 | become the “No. 1 encryption location”^[\[5\]](#ftnt5){#ftnt_ref5}^ in | ||
71 | the world. A break with these commitments would cause lasting damage to | ||
72 | Germany's IT security in administration, industry, and society. | ||
73 | |||
74 | ## Impact on IT security | ||
75 | |||
76 | The planned obligation on messenger operators would result in operators | ||
77 | being required to incorporate a vulnerability in their software. This | ||
78 | demands a profound encroachment on the existing complex software systems | ||
79 | of the operators. This vulnerability could be exploited by intelligence | ||
80 | services and criminals to gain access to sensitive information from | ||
81 | individuals, government authorities, and companies. Current | ||
82 | examples^[\[6\]](#ftnt6){#ftnt_ref6}^ show that securing a messenger is | ||
83 | already complex enough, without incorporating additional vulnerabilities | ||
84 | and thus further jeopardizing IT security. | ||
85 | |||
86 | At the same time, this incorporation of vulnerabilities would enable | ||
87 | employees of the operators to view communication content, something | ||
88 | which is currently not possible. This not only increases the potential | ||
89 | for abuse – a central storage of the required cryptographic | ||
90 | keys^[\[7\]](#ftnt7){#ftnt_ref7}^ would also represent a primary target | ||
91 | for attackers, which in the case of a successful attack could lead to | ||
92 | the disclosure of the communication of all (!) users | ||
93 | (Single-Point-of-Failure). | ||
94 | |||
95 | In addition, the new version of the respective messenger app with a | ||
96 | backdoor would have to be installed as a software update. Either all | ||
97 | German users or selected German users would receive this backdoor as an | ||
98 | update. This process would shake consumer confidence in security updates | ||
99 | to the core, and would thus have a lasting negative impact on IT | ||
100 | security in Germany. | ||
101 | |||
102 | Should the messenger operators fail to implement the planned measure, | ||
103 | the Ministry of the Interior plans to block their services in Germany. | ||
104 | This would also be the only way for the authorities to deal with | ||
105 | messengers whose encryption does not require a central operator and in | ||
106 | which no backdoors could be implemented by regulation (e.g. Pretty Good | ||
107 | Privacy, Off-The-Record). This would inevitably mean that there would no | ||
108 | longer be any secure messenger communication within Germany. However, a | ||
109 | technical implementation would be virtually impossible, especially for | ||
110 | open source messenger apps such as Signal. It would require a dedicated | ||
111 | IT infrastructure which deeply encroaches on civil liberties, in order | ||
112 | to rule out the bypassing of these blocks (including blocking Virtual | ||
113 | Private Networks \[VPNs\] and The Onion Router \[TOR\]), as criminals | ||
114 | would be the first to attempt this.^[\[8\]](#ftnt8){#ftnt_ref8}^ | ||
115 | |||
116 | However, this would not “only” affect German authorities (e.g. police, | ||
117 | fire brigade, technical relief), companies and citizens in general, but | ||
118 | also people subject to professional confidentiality (e.g. lawyers, | ||
119 | clergymen, physicians, journalists, and parliamentarians) and other | ||
120 | groups of persons who are in particular need of protection. | ||
121 | |||
122 | Meanwhile, former intelligence chiefs are increasingly arguing that in | ||
123 | the age of cyber crime, data leaks, and espionage, the benefits of | ||
124 | comprehensive encryption (without backdoors) more than outweigh the loss | ||
125 | of surveillance capability. Strategic interests such as the stability of | ||
126 | the IT sector and the IT ecosystem outweigh the tactical interests of | ||
127 | prosecutors, such as former NSA chief Michael Hayden and former head of | ||
128 | the British domestic intelligence service | ||
129 | MI5.^[\[9\]](#ftnt9){#ftnt_ref9}^ | ||
130 | |||
131 | ## Empirical state of knowledge and alternatives | ||
132 | |||
133 | In keeping with the cornerstones of the German Crypto Policy, the German | ||
134 | federal government decided in 1999 not to weaken encryption (including | ||
135 | the installation of backdoors) but to use malware (“State Trojan”) to | ||
136 | obtain data before/after encryption. For understandable reasons, the | ||
137 | German Federal Constitutional Court set high barriers for this measure. | ||
138 | Instead of carrying out an urgently needed needs analysis on the basis | ||
139 | of the existing surveillance measures and the | ||
140 | overall^[\[10\]](#ftnt10){#ftnt_ref10}^ surveillance account demanded | ||
141 | many years ago by the Federal Constitutional Court, a regulation is now | ||
142 | to be implemented that ignores^[\[11\]](#ftnt11){#ftnt_ref11}^ more than | ||
143 | twenty years of scientific findings in IT security research. | ||
144 | |||
145 | The often cited hypothesis that secret services and law enforcement | ||
146 | authorities no longer have access to relevant data due to encryption | ||
147 | (going dark) has not been empirically proven to | ||
148 | date.^[\[12\]](#ftnt12){#ftnt_ref12}^ On the contrary, technological | ||
149 | developments in recent decades have resulted in more data being | ||
150 | available to prosecutors than ever | ||
151 | before.^[\[13\]](#ftnt13){#ftnt_ref13}^ The law enforcement authorities | ||
152 | have so far documented very little regarding the number of cases where | ||
153 | encrypted communication has actually brought investigations to a halt. | ||
154 | Nor is there a complete overview of which alternative possibilities for | ||
155 | collecting the necessary data are already legal in Germany and where | ||
156 | there are still gaps.^[\[14\]](#ftnt14){#ftnt_ref14}^ | ||
157 | |||
158 | ## International spillover effects | ||
159 | |||
160 | If this proposal were to be implemented, it would also have a negative | ||
161 | impact far beyond Germany's borders. Authoritarian states would refer to | ||
162 | this regulation and request corresponding content data from the | ||
163 | messenger operators with reference to the fact that this is technically | ||
164 | possible, given that it is already being done in Germany. This would | ||
165 | massively affect the communication of human rights activists, | ||
166 | journalists, and other pursued groups ofpeople – groups of people that | ||
167 | German foreign and development aid policy has tried to protect up to now | ||
168 | and supports to the tune of billions of Euros annually. Germany must | ||
169 | also be aware of its responsibility in the world in this area. By | ||
170 | deliberately weakening secure messenger apps, Germany would jeopardize | ||
171 | its credibility in foreign policy as an advocate of a free and open | ||
172 | Internet.^[\[15\]](#ftnt15){#ftnt_ref15}^ The Network Enforcement Act | ||
173 | serves here as a warning of the impact German legislation can have on | ||
174 | the world.^[\[16\]](#ftnt16){#ftnt_ref16}^ | ||
175 | |||
176 | ## Germany as a business location | ||
177 | |||
178 | Administration, businesses, and consumers must be able to rely on the | ||
179 | fact that the use of digital products and services meets the | ||
180 | requirements for the protection of their data and the integrity of their | ||
181 | systems. For companies in particular, this plays a major role in the | ||
182 | choice of their production location. They establish their headquarters | ||
183 | in those places where they know their trade secrets and customer data | ||
184 | are protected. | ||
185 | |||
186 | Sabotage and industrial espionage caused 43 billion Euro damage to the | ||
187 | industrial sector alone in 2016/2017.^[\[17\]](#ftnt17){#ftnt_ref17}^ It | ||
188 | can be assumed that a weakening of encryption will further increase | ||
189 | these figures, as built-in backdoors can also be abused by foreign | ||
190 | intelligence services and criminals. If Germany wants to be an | ||
191 | innovation-friendly and competitive business location, technical | ||
192 | backdoors that allow access for third parties must continue to be | ||
193 | excluded. | ||
194 | |||
195 | In addition, Germany is also a location for IT security companies with, | ||
196 | among other things, a focus on encryption technologies. The | ||
197 | trustworthiness of these companies in particular would be massively | ||
198 | jeopardized by the planned intentions. This would weaken Germany as a | ||
199 | location for the IT security industry as a whole, which directly | ||
200 | contradicts the industrial policy goals of Germany and Europe. | ||
201 | |||
202 | We expressly warn against the planned intentions of the German Federal | ||
203 | Ministry of the Interior, Building and Community to regulate messenger | ||
204 | services and demand an immediate abandonment of this and similar | ||
205 | political intentions at German and European level. In addition, an | ||
206 | official assessment from the following bodies would be required: : | ||
207 | |||
208 | - The Federal Ministry for Economic Affairs and Energy (BMWi) (focus: | ||
209 | possible damage to German industry and the digital economy), | ||
210 | - of the German Federal Foreign Office (focus: Spillover effects, | ||
211 | especially in authoritarian states, loss of Germany’s reputation as | ||
212 | an established constitutional state), | ||
213 | - German Federal Ministry of Justice and Consumer Protection (focus: | ||
214 | loss of consumer confidence), | ||
215 | - Federal Office for Information Security (focus: jeopardizing IT | ||
216 | Security in Germany for the state, industry, and society). | ||
217 | |||
218 | Yours sincerely | ||
219 | |||
220 | [**German version**](/de/updates/2019/encrypted-messengers) | ||
221 | |||
222 | ------------------------------------------------------------------------ | ||
223 | |||
224 | ## Links: | ||
225 | |||
226 | - [\[1\]](#ftnt_ref1){#ftnt1} [Ian Levy, Crispin Robinson: Principles | ||
227 | for a More Informed Exceptional Access | ||
228 | Debate](https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate) | ||
229 | - [\[2\]](#ftnt_ref2){#ftnt2} [Coalition Letter: Open Letter to | ||
230 | GCHQ](https://newamericadotorg.s3.amazonaws.com/documents/Coalition_Letter_to_GCHQ_on_Ghost_Proposal_-_May_22_2019.pdf) | ||
231 | - [\[3\]](#ftnt_ref3){#ftnt3} [Sven Herpig, Stefan Heumann: Encryption | ||
232 | Debate in | ||
233 | Germany](https://carnegieendowment.org/2019/05/30/encryption-debate-in-germany-pub-79215) | ||
234 | - [\[4\]](#ftnt_ref4){#ftnt4} [Die Raven-Homepage: Eckpunkte der | ||
235 | deutschen | ||
236 | Kryptopolitik](https://hp.kairaven.de/law/eckwertkrypto.html) (The | ||
237 | Cornerstones of German Crypto Policy) | ||
238 | - [\[5\]](#ftnt_ref5){#ftnt5} [Die Bundesregierung: Digitale Agenda | ||
239 | 2014 - | ||
240 | 2017](https://www.bmwi.de/Redaktion/DE/Publikationen/Digitale-Welt/digitale-agenda.pdf?__blob%253DpublicationFile%2526v%253D3) | ||
241 | - [\[6\]](#ftnt_ref6){#ftnt6} [Jürgen Schmidt: Kritische | ||
242 | Sicherheitslücke gefährdet Milliarden | ||
243 | WhatsApp-Nutzer](https://www.heise.de/security/meldung/Kritische-Sicherheitsluecke-gefaehrdet-Milliarden-WhatsApp-Nutzer-4186365.html) | ||
244 | (Critical vulnerability threatens billions of WhatsApp users) und | ||
245 | [Marius Mestermann: Ernster iPhone-Bug: Apple schaltet | ||
246 | FaceTime-Gruppenanrufe | ||
247 | ab](https://www.spiegel.de/politik/deutschland/nachrichten-am-morgen-die-news-in-echtzeit-a-1249669.html) | ||
248 | (Apple turns off FaceTime group calls) | ||
249 | - [\[7\]](#ftnt_ref7){#ftnt7} This is one possible implementation of | ||
250 | these backdoors. There are also other implementation possibilities, | ||
251 | but these are technically no less problematic. | ||
252 | - [\[8\]](#ftnt_ref8){#ftnt8} [Matthias Schulze: Überwachung von | ||
253 | WhatsApp und Co. Going dark? (Monitoring of WhatsApp and | ||
254 | Co.)](http://percepticon.de/2019/06/04-going-dark/) | ||
255 | - [\[9\]](#ftnt_ref9){#ftnt9} [Michael Hayden: The Pros and Cons of | ||
256 | Encryption](https://www.youtube.com/watch?v%253D6HNnVcp6NYA) and | ||
257 | [The Guardian: Ex-MI5 Chef warns against crackdown on encrypted | ||
258 | messaging | ||
259 | apps](https://www.theguardian.com/technology/2017/aug/11/ex-mi5-chief-warns-against-crackdown-encrypted-messaging-apps) | ||
260 | - [\[10\]](#ftnt_ref10){#ftnt10} [Constanze Kurz: | ||
261 | Überwachungsgesamtrechnung: Vorratsdatenspeicherung ist der Tropfen, | ||
262 | der das Fass zum Überlaufen | ||
263 | bringt](https://netzpolitik.org/2015/ueberwachungsgesamtrechnung-vorratsdatenspeicherung-ist-der-tropfen-der-das-fass-zum-ueberlaufen-bringt/) | ||
264 | (Overall Surveillance Account: Blanket Data Retention is the Straw | ||
265 | that Broke the Camel’s Back) | ||
266 | - [\[11\]](#ftnt_ref11){#ftnt11} [Danielle Kehl, Andi Wilson, Kevin | ||
267 | Bankston: Doomed to repeat history? Lessons from the Crypto Wars of | ||
268 | the | ||
269 | 1990s](https://static.newamerica.org/attachments/3407-doomed-to-repeat-history-lessons-from-the-crypto-wars-of-the-1990s/Crypto%252520Wars_ReDo.7cb491837ac541709797bdf868d37f52.pdf) | ||
270 | - [\[12\]](#ftnt_ref12){#ftnt12} [Matthias Schulze, Going Dark? | ||
271 | Dilemma zwischen sicherer, privater Kommunikation und den | ||
272 | Sicherheitsinteressen von | ||
273 | Staaten.](http://www.bpb.de/apuz/259141/going-dark?p%253Dall) | ||
274 | (Dilemma between secure, private communication and the security | ||
275 | interests of states.) | ||
276 | - [\[13\]](#ftnt_ref13){#ftnt13} [Peter Swire, The FBI Doesn’t Need | ||
277 | More Access: We’re Already in the Golden Age of | ||
278 | Surveillance](https://www.justsecurity.org/17496/fbi-access-golden-age-surveillance/) | ||
279 | and [Matthias Schulze: Clipper Meets Apple vs. FBI—A Comparison of | ||
280 | the Cryptography Discourses from 1993 and | ||
281 | 2016](https://www.cogitatiopress.com/mediaandcommunication/article/view/805) | ||
282 | - [\[14\]](#ftnt_ref14){#ftnt14} [Sven Herpig: A Framework for | ||
283 | Government Hacking in Criminal | ||
284 | Investigations](https://www.stiftung-nv.de/sites/default/files/framework_for_government_hacking_in_criminal_investigations.pdf) | ||
285 | - [\[15\]](#ftnt_ref15){#ftnt15} [Matthias Schulze: Verschlüsselung in | ||
286 | Gefahr](https://www.swp-berlin.org/publikation/verschluesselung-in-gefahr/) | ||
287 | (Encryption in danger) and [Cathleen Berger: Is Germany | ||
288 | (involuntarily) setting a global digital | ||
289 | agenda?](https://medium.com/@_cberger_/is-germany-involuntarily-setting-a-global-digital-agenda-21c7eb735e26) | ||
290 | - [\[16\]](#ftnt_ref16){#ftnt16} [Reporter ohne Grenzen: Russland | ||
291 | kopiert Gesetz gegen | ||
292 | Hassbotschaften](https://www.reporter-ohne-grenzen.de/russland/alle-meldungen/meldung/russland-kopiert-gesetz-gegen-hassbotschaften/) | ||
293 | (Russia copied law against hate messages) | ||
294 | - [\[17\]](#ftnt_ref17){#ftnt17} [bitkom: Spionage, Sabotage und | ||
295 | Datendiebstahl – Wirtschaftsschutz in der | ||
296 | Industrie](https://www.bitkom.org/sites/default/files/file/import/181008-Bitkom-Studie-Wirtschaftsschutz-2018-NEU.pdf) | ||
297 | (Espionage, sabotage and data theft – economic protection in | ||
298 | industry) | ||