And here we are again: Despite all the assurances from the German Ministry of the Interior of the intention to strengthen encryption, once again the attempt is being made to do exactly the opposite. The reason, according to the Minister of the Interior, De Maizière is that “terrorists are sometimes technologically more advanced than the secret services”.
A joke? No, it’s meant in earnest. Terrorists apparently use modern message services for their communication and these are increasingly encrypted in such a way that access to the content is impossible for the secret services. As a result of the end-to-end encryption being used, the operators of the services find themselves unable to provide authorities with access to the data being transferred. Which is good, one could say, because the whole purpose of end-to-end encryption is specifically to protect the communication and data of users so that even the operators of the service cannot access them.
However, the German and French Ministers of the Interior want to change this: In future, short message services should be required to support security services with their investigations. They should in future also be forced, when applicable to decrypt messages. Without weakening encryption, this won’t work.
However, if the encryption were to be so weakened through, for example, the building in of back doors or the storage of duplicate keys that authorities were enabled access to data, this would have unwanted consequences:
- Avowedly technically literate terrorists use other means to communicate securely. The weakening of encryption would therefore miss its target, namely the prosecution of terrorists and the prevention of acts of terror through the tapping of communication.
- The rest of the population can be more easily surveilled – not only by secret services, but also, in particular, the service operators and anyone that – authorized or not – has access to their systems
In all processes that weaken encryption, the question arises as to how unauthorized persons can be prevented from exploiting the weakness for their own purposes. A duplicate key, for example, would need to be stored not only by the respective national authorities, but also by the authorities of all other potentially involved countries. Even with regard to terror prevention this would be problematic – what about, for example, countries that are under suspicion of supporting terrorists? The list of these countries is quite long – and not unified from country to country.
These and other questions cannot be solved and we’ve know that for more than twenty years. In the nineties, the attempt to prohibit strong encryption and only permit weak encryption was in the end abandoned for this very reason.
Why this nonsense is, after decades, dicussed again and again is therefore incomprehensible. Perhaps it’s as a result of a lack of comprehension of the technical basis. It is therefore good news that our secret services are increasing the recruitment of staff with competence in the area of cybersecurity. The need is clear.