summaryrefslogtreecommitdiff
path: root/updates/2019/encrypted-messengers.en.md
blob: 075bd3354dd177e351a7a1fedacfdd17a362f9c3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
title: IT security: CCC against weakening of encryption by law
date: 2019-06-11 20:42:46 
updated: 2019-06-14 16:47:27 
author: linus
tags: update, pressemitteilung, verschlüsselung, bmi

Chaos Computer Club (CCC) signed the open letter against backdoors.

<!-- TEASER_END -->

TO: German Federal Ministry of the Interior, Building and Community

IN COPY: German Federal Foreign Office, German Federal Ministry of
Justice and Consumer Protection, German Federal Ministry of Economic
Affairs and Energy, German Federal Office for Information Security

**Subject: Planned encroachment on encryption of messenger services
would have fatal consequences**

Ladies and Gentlemen,

the Federal Ministry of the Interior, Building and Community (BMI) plans
a change in the law to make it easier for German police and security
authorities to gain access to the digital communication of suspects in
the future, according to media reports. To this end, providers of
messenger services such as Whatsapp, Threema, and iMessage are to be
required by law to modify their encryption technology in such a way that
authorities can record the entire communication of users in cases which
have generated suspicion. ([reported in
Gerrman](https://www.spiegel.de/plus/horst-seehofer-greift-whatsapp-an-a-00000000-0002-0001-0000-000164076162))

We expressly warn against such a step and demand an immediate
renunciation of this or similar political intentions at German and
European level. The proposed reform would precipitously reduce the
security level of millions of German Internet users, create new gateways
for foreign intelligence services and Internet criminals, and massively
damage Germany's international reputation as a leading location for a
secure and data protection-oriented digital economy. Instead of
implementing reform ideas that are years out of date, the German Federal
Ministry of the Interior, Building and Community should, in our view,
take a new security policy path and develop proposals that improve the
work of police and security authorities without downgrading the security
of IT systems and private communications in Germany as a whole.

Our criticism in detail:

## The German Crypto Policy

At the end of May, it became known that the Federal Ministry of the
Interior, Building and Community is planning to extend the existing
Telecommunications Act to encrypted messengers such as WhatsApp, Signal,
Threema, Wire, and Telegram. This means in concrete terms: The operators
of these services must redesign their software in such a way that the
content of messages can be passed on in unencrypted form to security
authorities. Should the operators refuse to do so, their services would
be blocked in Germany. Representatives of the British GCHQ describe in
their “Ghost Proposal”^[\[1\]](#ftnt1){#ftnt_ref1}^ what a technical
implementation of the backdoors in the messenger apps could look like.
This proposal has recently been strongly criticized in an open letter by
an international alliance of industry, academia, and civil
society.^[\[2\]](#ftnt2){#ftnt_ref2}^

The BMI proposal undermines twenty years of successful crypto policy in
Germany.^[\[3\]](#ftnt3){#ftnt_ref3}^ In the cornerstones of the German
Crypto Policy of 1999,^[\[4\]](#ftnt4){#ftnt_ref4}^ the then federal
government agreed on a principle that became known under the maxim
“security through encryption and security despite encryption”. This
principle has since been confirmed several times by the subsequent
federal governments. In 2014, Germany even expressed the ambition to
become the “No. 1 encryption location”^[\[5\]](#ftnt5){#ftnt_ref5}^ in
the world. A break with these commitments would cause lasting damage to
Germany's IT security in administration, industry, and society.

## Impact on IT security

The planned obligation on messenger operators would result in operators
being required to incorporate a vulnerability in their software. This
demands a profound encroachment on the existing complex software systems
of the operators. This vulnerability could be exploited by intelligence
services and criminals to gain access to sensitive information from
individuals, government authorities, and companies. Current
examples^[\[6\]](#ftnt6){#ftnt_ref6}^ show that securing a messenger is
already complex enough, without incorporating additional vulnerabilities
and thus further jeopardizing IT security.

At the same time, this incorporation of vulnerabilities would enable
employees of the operators to view communication content, something
which is currently not possible. This not only increases the potential
for abuse – a central storage of the required cryptographic
keys^[\[7\]](#ftnt7){#ftnt_ref7}^ would also represent a primary target
for attackers, which in the case of a successful attack could lead to
the disclosure of the communication of all (!) users
(Single-Point-of-Failure).

In addition, the new version of the respective messenger app with a
backdoor would have to be installed as a software update. Either all
German users or selected German users would receive this backdoor as an
update. This process would shake consumer confidence in security updates
to the core, and would thus have a lasting negative impact on IT
security in Germany.

Should the messenger operators fail to implement the planned measure,
the Ministry of the Interior plans to block their services in Germany.
This would also be the only way for the authorities to deal with
messengers whose encryption does not require a central operator and in
which no backdoors could be implemented by regulation (e.g. Pretty Good
Privacy, Off-The-Record). This would inevitably mean that there would no
longer be any secure messenger communication within Germany. However, a
technical implementation would be virtually impossible, especially for
open source messenger apps such as Signal. It would require a dedicated
IT infrastructure which deeply encroaches on civil liberties, in order
to rule out the bypassing of these blocks (including blocking Virtual
Private Networks \[VPNs\] and The Onion Router \[TOR\]), as criminals
would be the first to attempt this.^[\[8\]](#ftnt8){#ftnt_ref8}^

However, this would not “only” affect German authorities (e.g. police,
fire brigade, technical relief), companies and citizens in general, but
also people subject to professional confidentiality (e.g. lawyers,
clergymen, physicians, journalists, and parliamentarians) and other
groups of persons who are in particular need of protection.

Meanwhile, former intelligence chiefs are increasingly arguing that in
the age of cyber crime, data leaks, and espionage, the benefits of
comprehensive encryption (without backdoors) more than outweigh the loss
of surveillance capability. Strategic interests such as the stability of
the IT sector and the IT ecosystem outweigh the tactical interests of
prosecutors, such as former NSA chief Michael Hayden and former head of
the British domestic intelligence service
MI5.^[\[9\]](#ftnt9){#ftnt_ref9}^

## Empirical state of knowledge and alternatives

In keeping with the cornerstones of the German Crypto Policy, the German
federal government decided in 1999 not to weaken encryption (including
the installation of backdoors) but to use malware (“State Trojan”) to
obtain data before/after encryption. For understandable reasons, the
German Federal Constitutional Court set high barriers for this measure.
Instead of carrying out an urgently needed needs analysis on the basis
of the existing surveillance measures and the
overall^[\[10\]](#ftnt10){#ftnt_ref10}^ surveillance account demanded
many years ago by the Federal Constitutional Court, a regulation is now
to be implemented that ignores^[\[11\]](#ftnt11){#ftnt_ref11}^ more than
twenty years of scientific findings in IT security research.

The often cited hypothesis that secret services and law enforcement
authorities no longer have access to relevant data due to encryption
(going dark) has not been empirically proven to
date.^[\[12\]](#ftnt12){#ftnt_ref12}^ On the contrary, technological
developments in recent decades have resulted in more data being
available to prosecutors than ever
before.^[\[13\]](#ftnt13){#ftnt_ref13}^ The law enforcement authorities
have so far documented very little regarding the number of cases where
encrypted communication has actually brought investigations to a halt.
Nor is there a complete overview of which alternative possibilities for
collecting the necessary data are already legal in Germany and where
there are still gaps.^[\[14\]](#ftnt14){#ftnt_ref14}^

## International spillover effects

If this proposal were to be implemented, it would also have a negative
impact far beyond Germany's borders. Authoritarian states would refer to
this regulation and request corresponding content data from the
messenger operators with reference to the fact that this is technically
possible, given that it is already being done in Germany. This would
massively affect the communication of human rights activists,
journalists, and other pursued groups ofpeople – groups of people that
German foreign and development aid policy has tried to protect up to now
and supports to the tune of billions of Euros annually. Germany must
also be aware of its responsibility in the world in this area. By
deliberately weakening secure messenger apps, Germany would jeopardize
its credibility in foreign policy as an advocate of a free and open
Internet.^[\[15\]](#ftnt15){#ftnt_ref15}^ The Network Enforcement Act
serves here as a warning of the impact German legislation can have on
the world.^[\[16\]](#ftnt16){#ftnt_ref16}^

## Germany as a business location

Administration, businesses, and consumers must be able to rely on the
fact that the use of digital products and services meets the
requirements for the protection of their data and the integrity of their
systems. For companies in particular, this plays a major role in the
choice of their production location. They establish their headquarters
in those places where they know their trade secrets and customer data
are protected.

Sabotage and industrial espionage caused 43 billion Euro damage to the
industrial sector alone in 2016/2017.^[\[17\]](#ftnt17){#ftnt_ref17}^ It
can be assumed that a weakening of encryption will further increase
these figures, as built-in backdoors can also be abused by foreign
intelligence services and criminals. If Germany wants to be an
innovation-friendly and competitive business location, technical
backdoors that allow access for third parties must continue to be
excluded.

In addition, Germany is also a location for IT security companies with,
among other things, a focus on encryption technologies. The
trustworthiness of these companies in particular would be massively
jeopardized by the planned intentions. This would weaken Germany as a
location for the IT security industry as a whole, which directly
contradicts the industrial policy goals of Germany and Europe.

We expressly warn against the planned intentions of the German Federal
Ministry of the Interior, Building and Community to regulate messenger
services and demand an immediate abandonment of this and similar
political intentions at German and European level. In addition, an
official assessment from the following bodies would be required: :

-   The Federal Ministry for Economic Affairs and Energy (BMWi) (focus:
    possible damage to German industry and the digital economy),
-   of the German Federal Foreign Office (focus: Spillover effects,
    especially in authoritarian states, loss of Germany’s reputation as
    an established constitutional state),
-   German Federal Ministry of Justice and Consumer Protection (focus:
    loss of consumer confidence),
-   Federal Office for Information Security (focus: jeopardizing IT
    Security in Germany for the state, industry, and society).

Yours sincerely

[**German version**](/de/updates/2019/encrypted-messengers)

------------------------------------------------------------------------

## Links:

-   [\[1\]](#ftnt_ref1){#ftnt1} [Ian Levy, Crispin Robinson: Principles
    for a More Informed Exceptional Access
    Debate](https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate)
-   [\[2\]](#ftnt_ref2){#ftnt2} [Coalition Letter: Open Letter to
    GCHQ](https://newamericadotorg.s3.amazonaws.com/documents/Coalition_Letter_to_GCHQ_on_Ghost_Proposal_-_May_22_2019.pdf)
-   [\[3\]](#ftnt_ref3){#ftnt3} [Sven Herpig, Stefan Heumann: Encryption
    Debate in
    Germany](https://carnegieendowment.org/2019/05/30/encryption-debate-in-germany-pub-79215)
-   [\[4\]](#ftnt_ref4){#ftnt4} [Die Raven-Homepage: Eckpunkte der
    deutschen
    Kryptopolitik](https://hp.kairaven.de/law/eckwertkrypto.html) (The
    Cornerstones of German Crypto Policy)
-   [\[5\]](#ftnt_ref5){#ftnt5} [Die Bundesregierung: Digitale Agenda
    2014 -
    2017](https://www.bmwi.de/Redaktion/DE/Publikationen/Digitale-Welt/digitale-agenda.pdf?__blob%253DpublicationFile%2526v%253D3)
-   [\[6\]](#ftnt_ref6){#ftnt6} [Jürgen Schmidt: Kritische
    Sicherheitslücke gefährdet Milliarden
    WhatsApp-Nutzer](https://www.heise.de/security/meldung/Kritische-Sicherheitsluecke-gefaehrdet-Milliarden-WhatsApp-Nutzer-4186365.html)
    (Critical vulnerability threatens billions of WhatsApp users) und
    [Marius Mestermann: Ernster iPhone-Bug: Apple schaltet
    FaceTime-Gruppenanrufe
    ab](https://www.spiegel.de/politik/deutschland/nachrichten-am-morgen-die-news-in-echtzeit-a-1249669.html)
    (Apple turns off FaceTime group calls)
-   [\[7\]](#ftnt_ref7){#ftnt7} This is one possible implementation of
    these backdoors. There are also other implementation possibilities,
    but these are technically no less problematic.
-   [\[8\]](#ftnt_ref8){#ftnt8} [Matthias Schulze: Überwachung von
    WhatsApp und Co. Going dark? (Monitoring of WhatsApp and
    Co.)](http://percepticon.de/2019/06/04-going-dark/)
-   [\[9\]](#ftnt_ref9){#ftnt9} [Michael Hayden: The Pros and Cons of
    Encryption](https://www.youtube.com/watch?v%253D6HNnVcp6NYA) and
    [The Guardian: Ex-MI5 Chef warns against crackdown on encrypted
    messaging
    apps](https://www.theguardian.com/technology/2017/aug/11/ex-mi5-chief-warns-against-crackdown-encrypted-messaging-apps)
-   [\[10\]](#ftnt_ref10){#ftnt10} [Constanze Kurz:
    Überwachungsgesamtrechnung: Vorratsdatenspeicherung ist der Tropfen,
    der das Fass zum Überlaufen
    bringt](https://netzpolitik.org/2015/ueberwachungsgesamtrechnung-vorratsdatenspeicherung-ist-der-tropfen-der-das-fass-zum-ueberlaufen-bringt/)
    (Overall Surveillance Account: Blanket Data Retention is the Straw
    that Broke the Camel’s Back)
-   [\[11\]](#ftnt_ref11){#ftnt11} [Danielle Kehl, Andi Wilson, Kevin
    Bankston: Doomed to repeat history? Lessons from the Crypto Wars of
    the
    1990s](https://static.newamerica.org/attachments/3407-doomed-to-repeat-history-lessons-from-the-crypto-wars-of-the-1990s/Crypto%252520Wars_ReDo.7cb491837ac541709797bdf868d37f52.pdf)
-   [\[12\]](#ftnt_ref12){#ftnt12} [Matthias Schulze, Going Dark?
    Dilemma zwischen sicherer, privater Kommunikation und den
    Sicherheitsinteressen von
    Staaten.](http://www.bpb.de/apuz/259141/going-dark?p%253Dall)
    (Dilemma between secure, private communication and the security
    interests of states.)
-   [\[13\]](#ftnt_ref13){#ftnt13} [Peter Swire, The FBI Doesn’t Need
    More Access: We’re Already in the Golden Age of
    Surveillance](https://www.justsecurity.org/17496/fbi-access-golden-age-surveillance/)
    and [Matthias Schulze: Clipper Meets Apple vs. FBI—A Comparison of
    the Cryptography Discourses from 1993 and
    2016](https://www.cogitatiopress.com/mediaandcommunication/article/view/805)
-   [\[14\]](#ftnt_ref14){#ftnt14} [Sven Herpig: A Framework for
    Government Hacking in Criminal
    Investigations](https://www.stiftung-nv.de/sites/default/files/framework_for_government_hacking_in_criminal_investigations.pdf)
-   [\[15\]](#ftnt_ref15){#ftnt15} [Matthias Schulze: Verschlüsselung in
    Gefahr](https://www.swp-berlin.org/publikation/verschluesselung-in-gefahr/)
    (Encryption in danger) and [Cathleen Berger: Is Germany
    (involuntarily) setting a global digital
    agenda?](https://medium.com/@_cberger_/is-germany-involuntarily-setting-a-global-digital-agenda-21c7eb735e26)
-   [\[16\]](#ftnt_ref16){#ftnt16} [Reporter ohne Grenzen: Russland
    kopiert Gesetz gegen
    Hassbotschaften](https://www.reporter-ohne-grenzen.de/russland/alle-meldungen/meldung/russland-kopiert-gesetz-gegen-hassbotschaften/)
    (Russia copied law against hate messages)
-   [\[17\]](#ftnt_ref17){#ftnt17} [bitkom: Spionage, Sabotage und
    Datendiebstahl – Wirtschaftsschutz in der
    Industrie](https://www.bitkom.org/sites/default/files/file/import/181008-Bitkom-Studie-Wirtschaftsschutz-2018-NEU.pdf)
    (Espionage, sabotage and data theft – economic protection in
    industry)