
German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more.
Officials are expected to submit their proposed law for debate this week, according to local news outlet RedaktionsNetzwerk Deutschland (RND).
Difficulties in investigating modern crime, terrorist attacks
The man supporting this proposal is Thomas de Maizière, Germany's Interior Minister, who cites the difficulty law enforcement agents have had in past months investigating the recent surge of terrorist attacks and other crimes.
The Interior Minister says that police officers are having a hard time investigating cases because smart devices are warning owners before officers could do anything about it. The Minister cites the cases of smart cars that alert an owner as soon as the car is shaken, even a little bit. He says he'd like police to be able to intercept that warning and stop it when investigating a case.
De Maizière claims that companies have a "legal obligation" to introduce backdoors for the use of law enforcement agencies and he also wants to require the industry to disclose its "programming protocols" for future analysis. This latter clause could allow German officials to force companies to disclose details about their encrypted communication practices.
German officials want "Hack Back" clause
Furthermore, the new law would also give German officials powers akin to the "Hack Back" bill proposed in the US, allowing authorities the power to hack any remote computer. The Minister says this is important to "shut down private computers in the event of a crisis," such as is the case with botnet takedowns.
But privacy advocates who also read the new law proposal say the text also contains verbiage that would allow the German state to intercept any traffic on the Internet [1, 2], effectively setting up a surveillance state with full snooping powers over everyone's online communications. Experts called for caution before approving the new law, which could be abused in its current state.
German authorities anticipated such reaction and said that any access to such data would be allowed only after law enforcement have obtained a court order. But the problem with encryption backdoors is not how you access them, but that they exist in the first place and that they could be abused by ill-intent actors as well.
Concerted efforts to weaken encryption across the globe
The law proposal is not a surprise for people who've been keeping an eye on such things. There are concerted efforts going on in Germany, France, and the UK to introduce legislation for mandatory encryption backdoors. In fact, de Maizière and his French counterpart even signed a joint letter they sent to the European Commission that supported encryption backdoors.
Similarly, the fight for encryption backdoors has been recently reopened in the US as well, after a series of comments made by US Deputy Attorney General Rod Rosenstein.
While the EU was very clear it does not intend to support the introduction of laws that allow for generic encryption backdoors, in March 2017, the European Commission offered its support for a plan that would allow law enforcement to access data exchanged via encrypted instant messaging services, such as WhatsApp, Telegram, Signal, and others.
Comments
TheRealFartman - 6 years ago
What's the worst that could happen? (this is important to "shut down private computers in the event of a crisis,") In other words, complete government control of your communications.
tonychantun - 6 years ago
That's the way Germans like, Adolf Hitler style
Occasional - 6 years ago
As far as "taking down botnets" isn't cutting the internet connection that's important? I'll leave it to those more familiar with the technical aspects to weigh in on the practicality and effectiveness of taking targets offline, without requiring a backdoor. My understanding is that even if the C&C is kept online, it can't control nodes it can't reach, or receive data from offline devices.
As a general principal: always choose the least intrusive, least destructive, least vulnerable to abuse option in these situations. I'd rather my devices were offline than to have others accessing data and able to control their operation.
ShortSightedPrecient - 6 years ago
So... "what's the worst that could happen?" How about the bad-dudes learn the access credentials for the back-door. Presumably they will be hard-wired into the device.
Game over!
Further, how mind-numbingly stupid is the desire to "hack back?" The vast majority of attacks are redirected via innocent devices... good luck tracking back through the multiple links! This isn't a US crime show where such things are suddenly easy!
Warthog-Fan - 6 years ago
Let's see....hundreds of thousands of "migrants" enter Germany. Crime rate and terrorism soar. The solution....spy on everyone. Yeah, that should solve the problem. Looks like George Orwell was only off by 33 years.
tonychantun - 6 years ago
Everything prepared for an easy work for next Adolf Hitler, seems that Germany never change
5h4rkByt3 - 6 years ago
So can we hold the government responsible if our devices are compromised by black hats through their backdoors?