Subject: Planned encroachment on encryption of messenger services would have fatal consequences

Ladies and Gentlemen,

the Federal Ministry of the Interior, Building and Community (BMI) plans a change in the law to make it easier for German police and security authorities to gain access to the digital communication of suspects in the future, according to media reports. To this end, providers of messenger services such as Whatsapp, Threema, and iMessage are to be required by law to modify their encryption technology in such a way that authorities can record the entire communication of users in cases which have generated suspicion. (reported in Gerrman)

We expressly warn against such a step and demand an immediate renunciation of this or similar political intentions at German and European level. The proposed reform would precipitously reduce the security level of millions of German Internet users, create new gateways for foreign intelligence services and Internet criminals, and massively damage Germany's international reputation as a leading location for a secure and data protection-oriented digital economy. Instead of implementing reform ideas that are years out of date, the German Federal Ministry of the Interior, Building and Community should, in our view, take a new security policy path and develop proposals that improve the work of police and security authorities without downgrading the security of IT systems and private communications in Germany as a whole.

Our criticism in detail:

The German Crypto Policy

At the end of May, it became known that the Federal Ministry of the Interior, Building and Community is planning to extend the existing Telecommunications Act to encrypted messengers such as WhatsApp, Signal, Threema, Wire, and Telegram. This means in concrete terms: The operators of these services must redesign their software in such a way that the content of messages can be passed on in unencrypted form to security authorities. Should the operators refuse to do so, their services would be blocked in Germany. Representatives of the British GCHQ describe in their “Ghost Proposal”^[1] what a technical implementation of the backdoors in the messenger apps could look like. This proposal has recently been strongly criticized in an open letter by an international alliance of industry, academia, and civil society.^[2]

The BMI proposal undermines twenty years of successful crypto policy in Germany.^[3] In the cornerstones of the German Crypto Policy of 1999,^[4] the then federal government agreed on a principle that became known under the maxim “security through encryption and security despite encryption”. This principle has since been confirmed several times by the subsequent federal governments. In 2014, Germany even expressed the ambition to become the “No. 1 encryption location”^[5] in the world. A break with these commitments would cause lasting damage to Germany's IT security in administration, industry, and society.

Impact on IT security

The planned obligation on messenger operators would result in operators being required to incorporate a vulnerability in their software. This demands a profound encroachment on the existing complex software systems of the operators. This vulnerability could be exploited by intelligence services and criminals to gain access to sensitive information from individuals, government authorities, and companies. Current examples^[6] show that securing a messenger is already complex enough, without incorporating additional vulnerabilities and thus further jeopardizing IT security.

At the same time, this incorporation of vulnerabilities would enable employees of the operators to view communication content, something which is currently not possible. This not only increases the potential for abuse – a central storage of the required cryptographic keys^[7] would also represent a primary target for attackers, which in the case of a successful attack could lead to the disclosure of the communication of all (!) users (Single-Point-of-Failure).

In addition, the new version of the respective messenger app with a backdoor would have to be installed as a software update. Either all German users or selected German users would receive this backdoor as an update. This process would shake consumer confidence in security updates to the core, and would thus have a lasting negative impact on IT security in Germany.

Should the messenger operators fail to implement the planned measure, the Ministry of the Interior plans to block their services in Germany. This would also be the only way for the authorities to deal with messengers whose encryption does not require a central operator and in which no backdoors could be implemented by regulation (e.g. Pretty Good Privacy, Off-The-Record). This would inevitably mean that there would no longer be any secure messenger communication within Germany. However, a technical implementation would be virtually impossible, especially for open source messenger apps such as Signal. It would require a dedicated IT infrastructure which deeply encroaches on civil liberties, in order to rule out the bypassing of these blocks (including blocking Virtual Private Networks [VPNs] and The Onion Router [TOR]), as criminals would be the first to attempt this.^[8]

However, this would not “only” affect German authorities (e.g. police, fire brigade, technical relief), companies and citizens in general, but also people subject to professional confidentiality (e.g. lawyers, clergymen, physicians, journalists, and parliamentarians) and other groups of persons who are in particular need of protection.

Meanwhile, former intelligence chiefs are increasingly arguing that in the age of cyber crime, data leaks, and espionage, the benefits of comprehensive encryption (without backdoors) more than outweigh the loss of surveillance capability. Strategic interests such as the stability of the IT sector and the IT ecosystem outweigh the tactical interests of prosecutors, such as former NSA chief Michael Hayden and former head of the British domestic intelligence service MI5.^[9]

Empirical state of knowledge and alternatives

In keeping with the cornerstones of the German Crypto Policy, the German federal government decided in 1999 not to weaken encryption (including the installation of backdoors) but to use malware (“State Trojan”) to obtain data before/after encryption. For understandable reasons, the German Federal Constitutional Court set high barriers for this measure. Instead of carrying out an urgently needed needs analysis on the basis of the existing surveillance measures and the overall^[10] surveillance account demanded many years ago by the Federal Constitutional Court, a regulation is now to be implemented that ignores^[11] more than twenty years of scientific findings in IT security research.

The often cited hypothesis that secret services and law enforcement authorities no longer have access to relevant data due to encryption (going dark) has not been empirically proven to date.^[12] On the contrary, technological developments in recent decades have resulted in more data being available to prosecutors than ever before.^[13] The law enforcement authorities have so far documented very little regarding the number of cases where encrypted communication has actually brought investigations to a halt. Nor is there a complete overview of which alternative possibilities for collecting the necessary data are already legal in Germany and where there are still gaps.^[14]

International spillover effects

If this proposal were to be implemented, it would also have a negative impact far beyond Germany's borders. Authoritarian states would refer to this regulation and request corresponding content data from the messenger operators with reference to the fact that this is technically possible, given that it is already being done in Germany. This would massively affect the communication of human rights activists, journalists, and other pursued groups ofpeople – groups of people that German foreign and development aid policy has tried to protect up to now and supports to the tune of billions of Euros annually. Germany must also be aware of its responsibility in the world in this area. By deliberately weakening secure messenger apps, Germany would jeopardize its credibility in foreign policy as an advocate of a free and open Internet.^[15] The Network Enforcement Act serves here as a warning of the impact German legislation can have on the world.^[16]

Germany as a business location

Administration, businesses, and consumers must be able to rely on the fact that the use of digital products and services meets the requirements for the protection of their data and the integrity of their systems. For companies in particular, this plays a major role in the choice of their production location. They establish their headquarters in those places where they know their trade secrets and customer data are protected.

Sabotage and industrial espionage caused 43 billion Euro damage to the industrial sector alone in 2016/2017.^[17] It can be assumed that a weakening of encryption will further increase these figures, as built-in backdoors can also be abused by foreign intelligence services and criminals. If Germany wants to be an innovation-friendly and competitive business location, technical backdoors that allow access for third parties must continue to be excluded.

In addition, Germany is also a location for IT security companies with, among other things, a focus on encryption technologies. The trustworthiness of these companies in particular would be massively jeopardized by the planned intentions. This would weaken Germany as a location for the IT security industry as a whole, which directly contradicts the industrial policy goals of Germany and Europe.

We expressly warn against the planned intentions of the German Federal Ministry of the Interior, Building and Community to regulate messenger services and demand an immediate abandonment of this and similar political intentions at German and European level. In addition, an official assessment from the following bodies would be required: :

• The Federal Ministry for Economic Affairs and Energy (BMWi) (focus: possible damage to German industry and the digital economy),
• of the German Federal Foreign Office (focus: Spillover effects, especially in authoritarian states, loss of Germany’s reputation as an established constitutional state),
• German Federal Ministry of Justice and Consumer Protection (focus: loss of consumer confidence),
• Federal Office for Information Security (focus: jeopardizing IT Security in Germany for the state, industry, and society).

Yours sincerely

German version

Links:

• [1] Ian Levy, Crispin Robinson: Principles for a More Informed Exceptional Access Debate
• [2] Coalition Letter: Open Letter to GCHQ
• [3] Sven Herpig, Stefan Heumann: Encryption Debate in Germany
• [4] Die Raven-Homepage: Eckpunkte der deutschen Kryptopolitik (The Cornerstones of German Crypto Policy)
• [5] Die Bundesregierung: Digitale Agenda 2014 - 2017
• [6] Jürgen Schmidt: Kritische Sicherheitslücke gefährdet Milliarden WhatsApp-Nutzer (Critical vulnerability threatens billions of WhatsApp users) und Marius Mestermann: Ernster iPhone-Bug: Apple schaltet FaceTime-Gruppenanrufe ab (Apple turns off FaceTime group calls)
• [7] This is one possible implementation of these backdoors. There are also other implementation possibilities, but these are technically no less problematic.
• [8] Matthias Schulze: Überwachung von WhatsApp und Co. Going dark? (Monitoring of WhatsApp and Co.)
• [9] Michael Hayden: The Pros and Cons of Encryption and The Guardian: Ex-MI5 Chef warns against crackdown on encrypted messaging apps
• [10] Constanze Kurz: Überwachungsgesamtrechnung: Vorratsdatenspeicherung ist der Tropfen, der das Fass zum Überlaufen bringt (Overall Surveillance Account: Blanket Data Retention is the Straw that Broke the Camel’s Back)
• [11] Danielle Kehl, Andi Wilson, Kevin Bankston: Doomed to repeat history? Lessons from the Crypto Wars of the 1990s
• [12] Matthias Schulze, Going Dark? Dilemma zwischen sicherer, privater Kommunikation und den Sicherheitsinteressen von Staaten. (Dilemma between secure, private communication and the security interests of states.)
• [13] Peter Swire, The FBI Doesn’t Need More Access: We’re Already in the Golden Age of Surveillance and Matthias Schulze: Clipper Meets Apple vs. FBI—A Comparison of the Cryptography Discourses from 1993 and 2016
• [14] Sven Herpig: A Framework for Government Hacking in Criminal Investigations
• [15] Matthias Schulze: Verschlüsselung in Gefahr (Encryption in danger) and Cathleen Berger: Is Germany (involuntarily) setting a global digital agenda?
• [16] Reporter ohne Grenzen: Russland kopiert Gesetz gegen Hassbotschaften (Russia copied law against hate messages)
• [17] bitkom: Spionage, Sabotage und Datendiebstahl – Wirtschaftsschutz in der Industrie (Espionage, sabotage and data theft – economic protection in industry)