German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more.
Officials are expected to submit their proposed law for debate this week, according to local news outlet RedaktionsNetzwerk Deutschland (RND).
The man supporting this proposal is Thomas de Maizière, Germany’s Interior Minister, who cites the difficulty law enforcement agents have had in past months investigating the recent surge of terrorist attacks and other crimes.
The Interior Minister says that police officers are having a hard time investigating cases because smart devices are warning owners before officers could do anything about it. The Minister cites the cases of smart cars that alert an owner as soon as the car is shaken, even a little bit. He says he’d like police to be able to intercept that warning and stop it when investigating a case.
De Maizière claims that companies have a “legal obligation” to introduce backdoors for the use of law enforcement agencies and he also wants to require the industry to disclose its “programming protocols” for future analysis. This latter clause could allow German officials to force companies to disclose details about their encrypted communication practices.
Furthermore, the new law would also give German officials powers akin to the “Hack Back” bill proposed in the US, allowing authorities the power to hack any remote computer. The Minister says this is important to “shut down private computers in the event of a crisis,” such as is the case with botnet takedowns.
But privacy advocates who also read the new law proposal say the text also contains verbiage that would allow the German state to intercept any traffic on the Internet [1, 2], effectively setting up a surveillance state with full snooping powers over everyone’s online communications. Experts called for caution before approving the new law, which could be abused in its current state.
German authorities anticipated such reaction and said that any access to such data would be allowed only after law enforcement have obtained a court order. But the problem with encryption backdoors is not how you access them, but that they exist in the first place and that they could be abused by ill-intent actors as well.
The law proposal is not a surprise for people who’ve been keeping an eye on such things. There are concerted efforts going on in Germany, France, and the UK to introduce legislation for mandatory encryption backdoors. In fact, de Maizière and his French counterpart even signed a joint letter they sent to the European Commission that supported encryption backdoors.
Similarly, the fight for encryption backdoors has been recently reopened in the US as well, after a series of comments made by US Deputy Attorney General Rod Rosenstein.
While the EU was very clear it does not intend to support the introduction of laws that allow for generic encryption backdoors, in March 2017, the European Commission offered its support for a plan that would allow law enforcement to access data exchanged via encrypted instant messaging services, such as WhatsApp, Telegram, Signal, and others.