Australia’s war on encryption shocked the world. While many considered this backwards thinking, Germany seems to be considering following Australia’s lead.
With data breaches and data leaks happening on a seemingly daily basis, you’d think governments would be moving to try and strengthen security. Unfortunately, Germany appears to be moving in the opposite direction by mulling the idea of actively decreasing the effectiveness of security.
Citing a German report from Der Spiegel, The Register is noting that there are moves being made that would eventually require encryption to contain backdoors. From the report:
According to Der Spiegel this month, the Euro nation’s Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people’s private enciphered chats to authorities that obtain a court order.
This would expand German law, which right now only allows communications to be gathered from a suspect’s device itself, to also include the companies providing encrypted chat services and software. True and strong end-to-end encrypted conversations can only be decrypted by those participating in the discussion, so the proposed rules would require app makers to deliberately knacker or backdoor their code in order to comply. Those changes would be needed to allow them to collect messages passing through their systems and decrypt them on demand.
Up until now, German police have opted not to bother with trying to decrypt the contents of messages in transit, opting instead to simply seize and break into the device itself, where the messages are typically stored in plain text.
The new rules are set to be discussed by the members of the interior ministry in an upcoming June conference, and are likely to face stiff opposition not only on privacy grounds, but also in regards to the technical feasibility of the requirements.
The news somewhat confirms our fears about what happened in Australia. We were actually expecting the war on encryption to spread to another one of the 5 eyes nations, but Germany isn’t that far off from our analysis back then.
Back in August, Australia began mulling the idea of creating anti-encryption laws. The laws being proposed would require backdoors to all encryption over the Internet that flows through the country.
With Australia actively proposing this, the five eyes nations began pushing for other countries to weaken online encryption as well.
Some likely thought that this proposal was so ridiculous that it wouldn’t actually end up passing such laws. Unfortunately, as time went on, the Australian political moves became more serious. Eventually, various companies openly contemplated fleeing the country for the sake of their credibility and survival.
While some companies actively said that they wouldn’t comply with the laws, the gravity of the situation became an international incident. Observers in New Zealand pointed out that thanks to cloud computing, Australia’s anti-encryption moves would become a security nightmare for New Zealander’s personal information. This is because so much data flows between the two nations including government data.
Despite universal outcry, Australian politicians ignored all concerns and the will of the people to pass the anti-encryption laws in a rushed process. The development represents one of the biggest legisilative security disasters ever seen. By January, organizations began pushing for amendments to at least reverse some of the damage caused by the laws. Organizations like Mozilla and FastMail proposed amendments to have at least court oversight over the breaking of encryption. Unfortunately, many lawmakers wound up being unsympathetic to the destruction of Australia’s security community as they quickly began demanding backdoor access to various communication services.
While most lawmakers seem to be on board with the idea of killing countless small businesses, the Australian Green Party did say that if they were in power, they would repeal the anti-encryption laws.
With knowing so much about what happened in Australia, at least Germany isn’t going into this debate cold. It’s more than possible for German’s to research what kind of disaster they are in for. There is one positive thing to note, if any positive can be made at all, it’s that Germany is at least on board with the idea of court oversight. That’s not a luxury Australia has as authorities can pretty much do what they please with anything that’s encrypted. It’s a minor improvement, but again, we are talking about a law that has the power of ruining the technology industry of an entire country in the first place. Ideally, no country should even consider going down this road.
We’ll monitor the situation in Germany and bring you any developments as we find them.
Drew Wilson on Twitter: @icecube85 and Facebook.