Government proposals would undermine ‘20 years of successful crypto policy’

UPDATED Mozilla has joined over a hundred digital rights organizations in calling for Germany to reel in its alleged plans to clamp down on end-to-end (E2E) encryption.

In an open letter published this week, Mozilla warned that government talk of providing authorities with backdoor access to secure messaging apps should be barred from Germany and the wider European landscape.

“The BMI (Federal Ministry of the Interior) proposal counteracts 20 years of successful crypto policy in Germany,” a translated version of the letter reads.

“In the cornerstones of German crypto politics in 1999, the then federal government agreed on a principle that became known under the maxim ‘security through encryption and security despite encryption’.

“Since then, this principle has been repeatedly confirmed by the subsequent federal governments.”

The letter described how Germany’s commitment to be the “number one location in the world for encryption” faced complete dissolution following comments made last month by interior minister Horst Seehofer.

According to numerous reports in the German press, the minister had called for secure messaging providers such as WhatsApp, Telegram, and Threema to be required by court order to hand over plaintext versions of encrypted communication to law enforcement – or face a country-wide ban.

The proposal, the letter explains, goes against the German government’s Digital Agenda 2014-2017 which explicitly states “there will be no ban or limitation on [encryption] products”.

Industry pushback

Threema, an E2E instant messenger platform popular among German-speaking users, was among the digital rights organizations putting their name to the open letter and protesting the anti-encryption sentiment put forward by the German government.

“Should Germany's government wish to prevent the use of Threema by means of IP blocks or similar, it would seamlessly join the ranks of totalitarian governments such as those in China or Iran,” Threema’s Roman Flepp told The Daily Swig.

“The absolute confidentiality of communication and the minimization of metadata are deeply anchored in Threema's DNA.

“Under no circumstances are we willing to make any compromises in this regard.”

Threema has approximately five million users in Germany and in wider Europe.

Human Rights Watch, Privacy International, hacker group Chaos Computer Club, and privacy-first communication services such as Wire and Zwiebelfreunde also put their names to the letter, dated June 11.

“We believe that the proposed reform would abruptly lower the security level of millions of German Internet users, create new entry points for foreign intelligence services and cybercriminals, and massively damage Germany’s international reputation as a leading location for a secure and privacy-driven digital economy,” the letter reads.

“The planned commitment of the messenger operators would lead to the operators having to install a vulnerability in their software.

“This requires a deep intervention in the existing complex software systems of the operators.”

The proposal by the interior minister should perhaps come as no surprise. Authorities in Germany were given expanded surveillance powers following protests at the G20 Summit in Hamburg two years ago.

More generally, opinions remain sharply divided over the encryption debate, and whether governments should be handed a so-called ‘backdoor’ into secure messaging apps.

Despite vocal opposition from security and privacy advocates, one such law – the Assistance and Access Act – came into force in Australia last year.

The German government is expected to discuss any changes to the law before parliament rests later in June.

This article has been updated to include comments from Threema.

RELATED Mozilla and FastMail join calls to overhaul Australia’s anti-encryption law