In a move which would make Markus Wolf smile from his grave, there is a proposed law being formulated within Germany to force manufacturers of devices which store information or over which you may exchange information to have a backdoor. A backdoor into your smartphone? Your car? Your laptop? Yes, a means for law enforcement to obtain information from your device for “investigations.” And as a cleared government employee or contractor who is traveling to Germany, you might want to factor the possibility of a backdoor into all of your IT devices into what you carry to Germany in the form of communications, and how you use them.
The law, a draft proposal from acting Interior Minister Thomas de Maiziere, according to German news entity Redaktionsnetzwerk Deutschland, carries the title (loosely translated by machine) “Action required by third parties to create covert means for information collection according to §§ 100c and 100f Code of Criminal Procedure.”
A stasi legacy for your smartphone
Within Germany, the legacy of the German Democratic Republic (GDR) and their secret police (Stasi) percolates up when one hears de Maiziere’s suggestions. Markus Wolfe’s notorious Stasi during the apex of the Cold War had thousands of human sources and the ability to reach out and listen in on any telephone conversation into, out of, or within the GDR.
This proposal feels a lot like déjà vu for some Germans. T-shirts are already being sold by with “Stasi 2.0 – Nein Danke” (Stasi 2.0 No Thank You) imprinted.
But de Maiziere’s argument is not new, in fact it echoes the message from U.S. Deputy Attorney General Rod J. Rosenstein, U.S. Department of Justice (DOJ) in an October 2017 series of speeches where he touted the evolution of “responsible encryption” which involves “secure encryption that allows access only with judicial authorization.” Both Rosenstein and de Maiziere’s argument is that technology is hampering law enforcement.
The smorgasbord of technologies identified by de Maiziere goes beyond the responsible encryption discussion. One example is the tamper alarms on automobiles which text owners when their vehicle has been touched. de Maiziere argues they are stifling lawforce ability to covertly search vehicles. The new law requires manufacturers to “disclose their programming protocols.” Think of all the IoT devices in your home – cameras, toasters, refrigerators, thermostats, Smart TVs – you’ll have a better understand of the broad span of the German proposal.
It’s doubtful either de Maiziere or Rosenstein intend for their suggestions to be construed as creating the means for law enforcement to have supernumerary powers, as both are quick to highlight that all entries by law enforcement would be under the auspices of the courts. But BoingBoing points out that “Any powers the current government creates for itself today may be in the hands of literal Holocaust-denying fascists before 2018 is out, depending on whether Merkel can form a government or will be forced to call another election.”
With the effort afoot in Germany and the idea already floated in the U.S., it is not surprising that efforts are now underway in both UK and France to mandate backdoors into encryption. Indeed, de Maiziere, in a joint letter with France’s minister of the interior, Bruno Le Roux, called for an EU-wide law requiring lawful intercept via backdoors into encrypted communications under the umbrella of fighting terrorism for all members of the Schengen accord.
Making a Decision on Privacy and Encryption
Germany’s situation will be decided by German legislators. The UK and France, similarly, will wait for their parliamentarians to do the deciding. The EU-wide consideration of such should serve to bring pan-European privacy advocates to the forefront of those opposing the adoption of backdoors into encrypted communications.
Before you travel, make sure you know what the situation is and what “may” be shared with the country’s counterintelligence services. As the FBI and DSS warn us constantly in our travel abroad, you should prepare to be the target of a hostile intelligence service.