In a new level of dumb, Germany and France are demanding strong encryption for all citizens at the same time as they demand this strong encryption to be breakable. They also demand messaging providers of end-to-end encryption to provide police with keys they don’t have, and for terrorists to stop using freely available strong encryption without a messaging provider. You really couldn’t sound dumber if you tried.
Just as the NSA got hacked and a golden key (unlocking all backdoored encryption) would have leaked to the world, and that same world clued in to what a monumentally stupid idea it is to have general backdoors to encryption (not to mention that it’s a contradiction in terms in the first place), Germany and France present a joint proposal that demand strong encryption and the non-existence of strong encryption at the same time.
The joint proposal called on the European Commission to […] “expand government powers to compel companies to allow access to encrypted messages” […] and present solutions that “enable effective investigation … while at the same time protecting the digital privacy of citizens by ensuring the availability of strong encryption.” … The joint proposal called for the continued general availability of encryption, but wants a law to allow law enforcement to compel messaging companies to cooperate… the German government’s plan has overall called for strong protections for end-to-end encryption in online communications.
To anybody with the slightest amount of technical understanding, this is calling for A and not-A at the same time, being completely oblivious as to not only what you’re asking for, but also that the two things you’re both demanding are completely in contradiction with each other.
In any kind of bell-curve normality, the best guess is that this is all a performance art school project and will turn out to be a joke in a day or two. As it stands now, German and French interior ministers Thomas de Maiziere and Bernard Cazeneuve appear to be doing an impersonation of Internet Explorer as it comes to the encryption debate:
Germany and France appear to be doing an impersonation of Internet Explorer in this comic.
What’s really depressing about this is that we’re talking about Germany and France, who are supposed to be the two biggest powerhouses of the world’s largest economy, and they’re demanding the following, based on the observation that “terrorists” (which can mean anything today) have access to strong cryptography messaging, and with a particular focus on the terror attacks in France:
- Expand government powers to compel messaging services, which the terrorists don’t use, to provide end-to-end cryptographic keys on demand, which the messaging services don’t have by definition, and which weren’t used in France in any case (the attackers communicated in cleartext over burner phones).
- While negating the ability to use strong encryption, ensure the continued general possibility to use strong encryption.
- Throw in lots of buzzwords like “Islamic State” and “Terrorism” to throw reporters off the scent from asking the obvious during the press conference.
This ties well in with my column last week about just how clueless politicians are. Privacy remains your own responsibility.
Sources: Wall Street Journal (subscription), Law360 (subscription).