back to article Germany mulls giving end-to-end chat app encryption das boot: Law requiring decrypted plain-text is in the works

Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand. According to Der Spiegel this month, the Euro nation's Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, …

  1. Anonymous Coward
    Anonymous Coward

    So encrypted posts to USENET it is ...

    Sorted.

    1. Anonymous Coward
      Anonymous Coward

      Re: So encrypted posts to USENET it is ...

      Come on! Surely some enterprising folks can create an open source overlay app that sends end to end encrypted messages over regular SMS, including doing the Diffie–Hellman key exchange part.

      1. Richard 12 Silver badge
        Facepalm

        Re: So encrypted posts to USENET it is ...

        I'm absolutely certain somebody already has, although you wouldn't want to because "who" you talk to is generally more interesting than "what" was said anyway.

        The thing about encryption is that it's just maths, and end-to-end encryption is pretty easy to throw together using existing published components.

        Making the app itself secure from local attack is hard, but the actual pipe is a long-solved problem.

        So not only is this proposal dangerous, it's also utterly useless.

        1. T. F. M. Reader

          Re: So encrypted posts to USENET it is ...

          "who" you talk to is generally more interesting

          That can also be encrypted. Route a message through a remote server, maybe choose one at random from a geographically diverse set. Encrypt the recipient between the sender and the server. Encrypt the sender between the server and the recipient. Delete the metadata from the server once the message has been delivered.

          end-to-end encryption is pretty easy

          Apart from the key exchange part. In fact, I suspect the encryption of WhatsApp, Telegram, and friends is not end-to-end, since no secrets are exchanged directly between the communicating parties. There is a man in the middle. The question is, can you trust him?

          The big privacy problem in my mind is that most people "back up" their conversations to the cloud without thinking. If you want privacy then at least don't sync to anyone's computers where the stuff must be both persistent and either plain text or easily decryptable (without that you wouldn't be able to restore if, say, your key changes). Then hope that Signal or Telegram actually don't keep your messages in plaintext after delivery and thus would not be technically able to comply with a court order even if issued.

          1. Anonymous Coward
            Anonymous Coward

            Re: "who" you talk to is generally more interesting

            Which is why posting to USENET is a game changer. You have no idea who - or where - the recipient is. Or even if there is a recipient.

            And messages will be propagated across the world by a half-century old protocol that's baked in to internet protocols.

            In fact, there might be people doing it as we speak. By definition we wouldn't know.

            1. Anonymous Coward
              Anonymous Coward

              Re: "who" you talk to is generally more interesting

              Oh come on.... usenet is sooooo last century. Do it with blockchain!!!!!!!

            2. Anonymous Coward
              Anonymous Coward

              Re: "who" you talk to is generally more interesting

              We do know. Have a look over at alt.anonymous.messages and marvel at the sight of encrypted spam sent to anonymous accounts.

              mixnym.net used to provide a simple gateway to set up your own. I haven't checked if it still works.

              AC, because.

            3. CrazyOldCatMan Silver badge

              Re: "who" you talk to is generally more interesting

              In fact, there might be people doing it as we speak

              There certainly were 10 (ish) years ago when I regularly used Usenet. I still use it but nowadays it's only as a lurker and leecher..

        2. DuncanLarge Silver badge

          Re: So encrypted posts to USENET it is ...

          "The thing about encryption is that it's just maths, and end-to-end encryption is pretty easy to throw together using existing published components."

          Yep, every child with a raspberry pi has access to compiled encryption libraries that work with almost any language that is in use today plus the very source code for those libraries not to mention OpenPGP and GNUPG.

          If you follow the general best practices (i.e dont roll your own crypto) you can add end to end encryption to anything. Oh did I forget to mention OpenSSH? I can encrypt ANY port sending ANY kind of data between ANY machines.

          It's all in the hands of kids with raspberry pi's given to them at school. Germany, how are you going to get the cat back in the bag? It had kittens, loads of them, since the 90's!

          1. mbiggs

            Re: So encrypted posts to USENET it is ...

            @DuncanLarge

            Quote: "...general best practices (i.e dont roll your own crypto)..."

            *

            But what about the asymmetry for the "good guys" vs. the "bad guys"? Even if the "roll your own" is only passably strong, the "bad guys" communicate in real time, while the "good guys" will have to wait, maybe quite while, to find out what the message said, maybe too long to be useful! See Beale Papers.....one of them secret for over a century!

            *

            1qHv09yf1K=B0e0p1G5l01H31cfQ0Bxb1mTk0KhF

            0XWV08NW0QNI0iWv0=LX0qW50=hL0lDy123808KO

            11hM1Cu51iSr0JT40O$G1m3n11Fe1faV13Zv0ha3

            0iuR02940mh80F8Z1paH0yDe0dZp1VNd0nAp01cF

            10Bf0P3k1eaD12Th14Wz1A$q0XVx1het1qZc0BaE

            0m1P0Z110dAt0UMA0Plu0cJA0IXO1LSA0h6J1gvm

            03Kc1TzT1BbV0sRf

      2. Captain Hogwash

        Re: end to end encrypted messages over regular SMS

        Something like this perhaps?

        https://silence.im/

        1. Dan 55 Silver badge

          Re: end to end encrypted messages over regular SMS

          Or...

          https://delta.chat/

          Same but over IMAP e-mail.

      3. mhkool

        Re: So encrypted posts to USENET it is ...

        What most people forget is that no "real" encryption is needed. The thugs can use plain text like

        The eagle has landed

        to communicate in secret.

        1. CrazyOldCatMan Silver badge

          Re: So encrypted posts to USENET it is ...

          The eagle has landed

          And the seagulls are following the trawler.

    2. bombastic bob Silver badge
      Devil

      Re: So encrypted posts to USENET it is ...

      you have identified, in principle, what will end up happening: only "illegal" encryption will be used, particularly by the bad guys.

      It is SO easy to do your own encryption with something as simple as PGP. "send me your public key, here is my public key". etc.. What are "they" going to do, stop you from downloading an application for your Android device that's a simple APK on "some web site" that uses the TOR network or something like that? Ha ha ha good luck with THAT one...

      and of course, you could also use temporal public/private keys that are only good for one message each... and are thrown away on a regular basis, so there's no record of what they were. Even if "not that strong" if the amount of data being encrypted by "that one key" is very very small. And so on.

      No doubt someone has already written something that could do this, and maybe has even made it available for download. If not, someone probably will... someone NOT in the EU, someone willing to post it online in a public forum and "let the cat out of the bag" kinda like what happened with PGP.

  2. cornetman Silver badge

    I guess if they could do that then it would probably mean that either the conversations were not end-to-end encrypted or the encryption would be very weak and would therefore be pointless.

    1. Mark 85 Silver badge
      Big Brother

      Exactly. They say they only want it for "terrorism" but mission creep and government power creep are a real thing and citizens, journalists, and activists will end up in deep trouble sooner or later. Probably "sooner" from the way things are going.

      1. bombastic bob Silver badge
        Big Brother

        We in the USA _ALREADY_ have examples of "this sort of thing" happening when you look at FISA court abuse as an example of "mission creep".

        It starts out "we have a court we want to use for due process to do spying, because, TERRORISM" and "it will only be on foreign operators using our networks". Then it becomes "and persons of interest engaging with foreign operators on our networks". Then it becomes "and persons of interest but here's legitimate evidence that gives us probable cause."

        And then it becomes PURELY FABRICATED ELECTION PROPAGANDA presented as "evidence" by the FBI to a FISA judge, and then it's SIGNED OFF by that judge so that a U.S. citizen working for a presidential campaign can be spied upon by the FBI, by court order, in order to dig up dirt on a candidate to apparently be used against him in some way later on... like in a 2 year long "investigation" about alleged collusion with a foreign government, that _NEVER_ _HAPPENED_ but allegations are enough for "the press" to bad-mouth this politician INDEFINITELY in order to drive elections "their way"!

        "Mission Creep" indeed. Big brother icon, of course.

        1. Anonymous Coward
          Anonymous Coward

          Its a good thing your post avoids the propaganda slant Mr. Butt hurt righty. No worries there will be plenty of illegal activity come to light once Darth Cheeto no longer controls the Justice Dept. Easy way to avoid not showing up on the "deep" state's radar is don't run a semi criminal enterprise with numerous contacts with shady foreign operators (Steve Bannon's own words but I guess he is a RINO now).

      2. DuncanLarge Silver badge

        "They say they only want it for "terrorism""

        1984, George Orwell. In the story words have their definitions changed and bent frequently.

        Todays definition of terrorism may be different from next years. In a decade my post here may be in breach of terrorism laws. OMG, THEY ARE COMING FOR ME!

        1. Kiwi Silver badge
          Black Helicopters

          Todays definition of terrorism may be different from next years. In a decade my post here may be in breach of terrorism laws. OMG, THEY ARE COMING FOR ME!

          The secret, my friend, is not to fear such things. I don't fear if my comments are misconstrued and I become the victim of some investigation.

          There is a down-side though - sometimes what it takes to not be afraid can be pretty costly. The example in "V for Vendetta" when Evy(?) is 'captured' after telling V that she doesnt' want to be afraid any more gives an idea of what it can take for some. For me it's a bit of life-experience and a lot of my Faith - and that has not been an easy road on either side. For others, well, it takes the loss of family and friends, or the loss of reputation... IOW, destroy everything a man has and he no longer has anything left to lose.

          (I still have a LOT to lose, but I have learned not to fear losing it).

          Now I must retire to my fortress-cave in mom's basement. I hear a helicopter in the distance!

  3. Henry Hallan

    Doesn't GDPR require software to be designed to be secure? So will German law both require and forbid end-to-end security?

    1. Adam 1

      why not?

      Australia has the same requirement to not weaken encryption yet somehow provide technical assistance.

      All they need to do is to make sure their laws usurp the very honourable laws of mathematics. (Quoting someone who pushed those laws of mathematics over 30 times before losing, with the irony being that the mathematics behind those 30 polls now seems very questionable in light of recent events.)

      1. Yet Another Anonymous coward Silver badge

        Re: why not?

        Unfortunately German politicians are only normally stupid, not totally Turnbull

        1. Weiss_von_Nichts
          Pint

          Re: why not?

          Seehofer, however, is Bavarian. Even if he knew better he'd just be talking louder. (Of course he doesn't know better but keeps shouting just to be sure. That's how you get into politics in Bavaria.)

          1. lglethal Silver badge
            Go

            Re: why not?

            This wont happen. Germans are way too on the ball when it comes to personal privacy and keeping the cops and spooks out of it. There are still a lot of Germans around that lived through the Stasi period and they will do their darndest to stop that happening again...

            1. DCdave

              Re: why not?

              and yet they still use WhatsApp and Facebook....

              1. MiguelC Silver badge

                Re: why not?

                They specifically worry about state surveillance.

              2. hardboiledphil

                Re: why not?

                They don't even allow Google Street view in Germany

                1. Kiwi Silver badge
                  Unhappy

                  Re: why not?

                  They don't even allow Google Street view in Germany

                  A shame. I visited with GE and initially couldn't seem to get it in some smaller locale (can't recall the name). Then I decided to try Munich, and sure enough lots of 360 panoramas as well as streetview at least on some main road.

                  I was full of hopes that there was a country that kept that lot out, but sadly no such luck :(

          2. Yet Another Anonymous coward Silver badge

            Re: why not?

            >you get into politics in Bavaria

            Are they banning beer halls to prevent extremists?

          3. CrazyOldCatMan Silver badge

            Re: why not?

            That's how you get into politics in Bavaria

            It also helps to be able to eat your own bodyweight in sausages while drinking several litres of beer..

    2. Charlie Clark Silver badge

      Well, GDPR has privacy by design and privacy by default. Similar but not the same as security. There are references about making sure that systems are secure. But again, it's not the same thing.

      However, I can't see any law in Germany standing up to the inevitable legal challenges because the right to private communications is guaranteed by the constitution. However, before we get on our high horses it's probably best to wait to see the draft law itself. I suspect that there will be an emphasis on metadata – who has been talking to whom – and group chats where end-to-end communication is hard to square with administrability. Presumably there will be provisions about what can be demanded for once a warrant has been served, with the possibility of holding people in contempt for non-complying. Of course, for group chats the easiest thing is just to be able to join the group…

      But, as Seehofer is on his way out as Minister for the Interior, it may end just being shelved.

    3. Dan 55 Silver badge

      No, because GDPR has exceptions for national security.

  4. chivo243 Silver badge
    Paris Hilton

    Honey, we're out of

    butter and sugar and privacy and cheese. Can you get some on the way home? Seems they would be wasting resources even monitoring my inane chats with the missus. I know storage is cheap, but Shirley, there has to be a better use for it.

    Paris because butter is first on the list.

    1. bombastic bob Silver badge
      Devil

      Re: Honey, we're out of

      "butter is first on the list."

      Wait until the FOOD POLICE found out you're eating REAL BUTTER which means FAT in your diet, and they know better than YOU how much you should (or should not) be eating...

      As for me I eat butter as a SNACK - like potato chips, only it's butter chips.

      1. Captain Hogwash
        Coat

        Re: Honey, we're out of

        I don't think it's for eating.

        1. MiguelC Silver badge
          Coat

          Re: Honey, we're out of

          Just be careful not to slip while you tango

          1. Bluto Nash

            Re: Honey, we're out of

            "Just be careful not to slip while you tango"

            Paris? That was the last one.

    2. DuncanLarge Silver badge

      Re: Honey, we're out of

      "Seems they would be wasting resources even monitoring my inane chats with the missus."

      It amuses me just how blinkered people really are about their "inane" conversations. Ever heard of phishing?

      While they are wasting resources watching you ask for cheese, others are eavesdropping on your convo after breaking into their system looking for the passcode you send to your other half when they get a prompt on the phone for the banking app when she logs in to check the balance after the card machine declined the card.

      They will be watching when you sent the sort code and account number to your mate who wants to pay you back for that meal he promised to chip in on.

      They will be watching when google sends you the reminder about the booking you have made for a trip for two to spain for a week. They will also be watching your house when you leave to catch the plane, hammer at the ready they go up to your empty house to find an amazon smart lock. They look through what they know about you, find the details for your amazon account, reset the password, approve themselves for entry and simply walk in.

      Yep, nobody is interested in the little details of your little messages sent back and fourth with your family and friends.

      Just like nobody is interested in the contents of your house when you leave the door open and get distracted by one of them when they fake a heart attack. Surely nobody would be interested in the boring contents of your private residence?

      Why do you have keys to your car? Honestly nobody would be interested in the old rust bucket. Yet you still lock it? Cant you just keep it unlocked, remove the immobiliser and install a push to start button?

      I still lock up my bike :O

      I shred post I get that has my name on it. I also shred old documents after a few years :O :O

      Yep, you've got nothing to hide.

      1. Kiwi Silver badge
        Devil

        Re: Honey, we're out of

        They will be watching when google sends you the reminder about the booking you have made for a trip for two to spain for a week. They will also be watching your house when you leave to catch the plane, hammer at the ready they go up to your empty house to find an amazon smart lock. They look through what they know about you, find the details for your amazon account, reset the password, approve themselves for entry and simply walk in.

        Too much trouble. Walk up to door. Knock. No answer? Smash door in. A friend of mine has spent $hundreds on locks on his doors. Wasn't impressed to find the picture window in the back was smashed, his neighbours - who roughly work the same hours he does - saw nothing.

        Next time, the door was forced open with something like a sledge hammer. The 40 + year old wooden frame splintered. Hinges and pins etc all perfectly intact, the frame shattered. Probably took all of 20 seconds. No neighbours at home to hear a thing.

        Most home-security stuff is just theatre, and the thieves know it. If anything, it shows there is something of value there and makes you a target.

        Why do you have keys to your car?

        I have keys to my car because they came with it when I was given it - it'd take more than an hour to bypass the ignition switch but it takes only a second to put the key in.I'm saving time by not changing things as I'd still have some sort of switch that would need to be altered to start/stop the car. May as well leave it as it is. I lock the doors out of habit as a throw-back to a time when I was sure that made a difference. I've also left it unlocked for days at a time. Nothing worth stealing in it, and only people truly desperate or who don't mind being laughed at would drive my car.

        -->icon=my car, proof that the devil exists!

    3. Eddy Ito
      Childcatcher

      Re: Honey, we're out of

      I'm on to you, it's clear you're planning on making fat bombs! No doubt the food pyramid police will be waiting at your door.

  5. Chozo
    Black Helicopters

    Plain text on demand...?

    Yeah like that's going to help said John with the long moustache while dogs barked and finding himself unable to fly searched for an umbrella.

    1. Michael Wojcik Silver badge

      Re: Plain text on demand...?

      And note this is easy to automate in ways that preserve cryptographic strength. Plaintext-form ciphertext, like other forms of steganograpy, has high bandwidth costs, but for short messages bandwidth is cheap.

      So, for example, you can adapt Shannon's method of using parody generation for testing language models into a simple cryptosystem thusly:

      1. Create a language model with a reasonably-sophisticated grammar and good-sized vocabulary for the natural language of your choice. The model doesn't have to be particularly capable; the sorts we were creating in the '90s would do fine.

      2. Use Shannon's method (running the model backward to generate text from an arbitrary input stream).

      3. Use a PRF to generate a nonce. Run the nonce through the model to generate a sentence; this is communicated verbatim to the recipient so they can reconstruct the nonce.

      4. Generate a session key using some key-exchange protocol. If this requires exchanges with the peer, those can be plaintext-encoded as well. If you decide to forego PFS and just generate a key and encrypt it with the peer's public key, the result can be communicated as in #3.

      5. Use a KDF to combine the session key and nonce into the initial key K_i.

      6. Generate your keystream. This might involve an iterated PRF seeded with K_i, or a block cipher keyed with K_i in CTR mode, or whatever. (You could even use GCM or one of the other AEAD modes, if you want to get fancy. If you don't use AEAD, you'll want some kind of MAC.)

      7. XOR the real message with the keystream.

      8. Use the stream from #7 as input to the reverse language model from #2. Send the resulting plaintext, which will be nonsense but using real words and valid grammatical structures.

      9. Recipient parses the received text using the language model, recovering the input stream. Extracts the nonce and, depending on protocol details, the key. With that information duplicates the keystream and decrypts the input stream to the original plaintext.

      NLP-model-generated parody text, which is what goes over the wire in this scheme, can be made arbitrarily difficult to distinguish from human-generated text. The disadvantage, as I noted above, is bandwidth - the output of the reversed model is much larger than the input stream. But if you're sending relatively short messages (and note you can compress the original plaintext) it shouldn't be bad.

      This sort of thing would make a good project for a CS master's student, or even a small team of undergrads.

      1. Kiwi Silver badge
        Trollface

        Re: Plain text on demand...?

        Use a PRF to generate a nonce.

        Running a little short on time and computing power right now. Can I substitute the local priest?

        NLP-model-generated parody text, which is what goes over the wire in this scheme, can be made arbitrarily difficult to distinguish from human-generated text

        So.. Not AMFM1 or Mr AI (I.G) then?

        (Thanks for the writeup - interesting field for further reading - much appreciated)

      2. Anonymous Coward
        Anonymous Coward

        Re: Plain text on demand...?

        @Michael_Wojcik

        Why do we have to have all these ASSUMPTIONS? This scheme may be perfectly doable, but it assumes the model of RSA and PGP and the like -- that there is a plain text and a key and an encryption method. There are other models, for example book ciphers or pre-agreed message (plain) texts used as triggers.

        *

        As others have pointed out here, there is also the assumption that messaging is point-to-point, and the assumption that the end-points can be identified to specific individuals or to specific IP addresses. People using internet cafes and USENET do not fit with the point-to-point model.

        *

        I'm sure the "bad guys" can find many other ways around all these assumptions! And the "good guys" will be hours or days or weeks behind!

        1. Michael Wojcik Silver badge

          Re: Plain text on demand...?

          Why do we have to have all these ASSUMPTIONS?

          Sigh. So the post wasn't a full-length paper. That ought to be obvious to anyone with basic knowledge of the field and the capacity for critical thought.

          it assumes the model of RSA and PGP and the like -- that there is a plain text and a key and an encryption method. There are other models, for example book ciphers or pre-agreed message (plain) texts used as triggers.

          Ah, I see. You lack at least one of the prerequisites. OK then.

  6. Anonymous Coward
    Anonymous Coward

    More madness

    I know this has been said many times before, but don't these idiots realise that letting the "good" guys in (I use the word loosely) will eventually allow the bad guys in also? No such thing as a "good" back-door that can be rigged in this way. Trouble is, now this crackpot law has been passed in indecent haste by Australia and a similar thing is now being mulled over by Germany, doubtless other governments will copy-cat. If this carries on you might just as well open your wallet in the middle of a busy street and utter the words: "Help yourself".

    1. A random security guy Bronze badge

      Re: More madness

      The weird thing is that it will make people use 'secure' chat apps that are really spyware. Much worse for us a a society.

    2. Vector
      WTF?

      Re: More madness

      They also seem ignorant or criminals' ability to do this in plaintext:

      asdgljhn125098efg;kljn2445698regthsd8756q24t8dsf6h9sdgjdfsgj78sg4s

      (not actual encryption. just a facsimile thereof)

      1. vir

        Re: More madness

        "asdgljhn125098efg;kljn2445698regthsd8756q24t8dsf6h9sdgjdfsgj78sg4s"

        With the right one-time-pad key, that string can be made to implicate you in any number of subversive activities...

        1. Yet Another Anonymous coward Silver badge

          Re: More madness

          "asdgljhn125098efg;kljn2445698regthsd8756q24t8dsf6h9sdgjdfsgj78sg4s"

          I think that might actually be the German word for a one time pad !

          1. Weiss_von_Nichts

            Re: More madness

            No. That's "Einwegverschlüsselungspasswort". We don't use numbers within wörds. We're fine with these fünny döts.

            1. DavCrav Silver badge

              Re: More madness

              "We're fine with these fünny döts."

              When Mötley Crüe toured in Germany, everyone was shouting "Muhtley Cruh!".

              Quoting Crüe frontman Vince Neil, "[...] when we decided to call ourselves Mötley Crüe, we put some umlauts in there because we thought it made us look European. We had no idea that it was a pronunciation thing. When we finally went to Germany, the crowds were chanting, ‘Mutley Cruh! Mutley Cruh!’ We couldn’t figure out why the fuck they were doing that.”

            2. DropBear
              Trollface

              Re: More madness

              Döts? Oh please, that's such a half-hearted attempt at best. Cöme őn, YÓLŐ, líve á little, there's só műch moré to life when yoú gó füll nűts with thís stúff like we dő...

    3. cornetman Silver badge

      Re: More madness

      Kinda ambiguous who the good guys and the bad guys are these days.

      1. a_yank_lurker Silver badge

        Re: More madness

        Isn't bad and even worse guys? Not sure who is actually worse and who is just bad.

      2. A.P. Veening Silver badge

        Re: More madness

        Kinda ambiguous who the good guys and the bad guys are these days.

        Not really, I know I am one of the good guys and (most of) my family and close friends also fall in that category. Governments (including government agencies) and big companies are classified as bad guys until proven otherwise and the remainder is just decision pending but I tend to err on the side of caution.

        1. Anonymous Coward
          Anonymous Coward

          Re: More madness

          "I know I am one of the good guys and (most of) my family and close friends also fall in that category. "

          Everyone except me and thee - and I'm not so sure about thee.

          FTFY

    4. BebopWeBop Silver badge

      Re: More madness

      It’s a disease spread from the Oz legislature and quickly infected law makers around the world. Another reality defining cult.

      1. tfewster Silver badge
        Facepalm

        Re: More madness

        I imagine that German people, especially in the East, mistrust "secret police" tactics and will reject this.

        Mind you, I thought the Spanish, Irish & Scots would rise up over smoking bans, so what do I know?

        1. Anonymous Coward
          Anonymous Coward

          Re: More madness

          "I imagine that German people, especially in the East, mistrust "secret police" tactics [...]"

          The population in East Germany were shown to have mostly been part of the STASI informer system. Ignoring whatever coercion was employed - it shows that it is fairly easy to manipulate people into believing that what they are doing is in their own self-interest. Dog whistles - "terrorists and "think of the children".

          1. Anonymous Coward
            Anonymous Coward

            Re: More madness

            'ranging from about one [Stasi inoffizieller Mitarbeiter] for every 80 of the population up to about 160' is not exactly 'mostly', although it is quite disturbing nevertheless.

            1. Anonymous Coward
              Anonymous Coward

              Re: More madness

              "[...] is not exactly 'mostly' [...]"

              Yes my "mostly" was a misremembered estimate. However - besides the IMs noted with that statistic - there were also significant numbers of people classed as AKPs or Information People.

              "[...] records in Rostock and Saalfeld shows that approximately 18% and 5.9% of the populations, respectively, were assessed as AKPs who were, for the most part, ready to talk."

          2. Stork Silver badge

            Re: More madness

            Sometimes the disconnects are weird. I am in Portugal, where until 1974 about 10% of the population was informers on some sort of level. My in-laws (early 70es) refuse to discuss anything remotely controversial on the phone, but are slightly less troubled by email.

            And still, Facebook is perhaps even more popular that other places I know.

    5. The Central Scrutinizer

      Re: More madness

      Yeah, well, exactly. Governments worldwide are shit scared of the Internet and anyone who actively avoids online surveillance.

      https://www.theguardian.com/business/2019/may/28/spies-with-that-police-can-snoop-on-mcdonalds-and-westfield-wifi-customers

      This is the shit that's coming thanks to a government near you. Australia, leading the world in online stupidity. Makes me ashamed at times.

    6. Kiwi Silver badge
      Pint

      Re: More madness

      I know this has been said many times before, but don't these idiots realise that letting the "good" guys in (I use the word loosely) will eventually allow the bad guys in also?

      You're wrong.

      I'm pretty sure it'll be leaked/cracked before the memo's passed through more than a dozen hands. The implied time frame of "eventually" is clearly misleading in this case.

  7. A random security guy Bronze badge

    Mystified; how will they force it?

    They are trying to break up the romance between Alice and Bob by introducing Eve.

    As anything can be solved using another set of indirections, can't we, for example, just have a secure chat on top of Germany's neutered chat? Should be a few lines of perl code if that much.

    I don't think they can legislate end to end encryption away. There is nothing that prevents two or more people from exchanging public keys and using PFS.

    1. Sureo

      Re: Mystified; how will they force it?

      No but they can put you in jail if they catch you doing it.

      1. whitepines Silver badge

        Re: Mystified; how will they force it?

        On what charge? If we reach the Chinese level of censorship and thought crime, this planet is going back to the dark ages.

        1. BebopWeBop Silver badge

          Re: Mystified; how will they force it?

          I think that US Christian fundamentalists might get there first

          1. whitepines Silver badge
            Happy

            Re: Mystified; how will they force it?

            I think that US Christian fundamentalists might get there first

            Yet somehow we see Chinese Atheists (Communist Party) and middle Eastern Muslims there right now.

            Don't look now, but your bias is showing!

          2. bombastic bob Silver badge
            Meh

            Re: Mystified; how will they force it?

            not only is your bias showing, the ignorance is showing, too. Pull up your pants, please.

      2. A random security guy Bronze badge

        Re: Mystified; how will they force it?

        That is how it is in a few countries. They beat the crap out of you, state that you are disturbing the communal harmony, are an agent of the Westphalia (or Eastphalia) etc.

        And if you had any "non-Native" blood (Native being the dominant race) you got sent to a concentration camp directly. Your family and friends disowned you.

        I am glad Germany wants to join them. What could go wrong (Sarcasm).

      3. StargateSg7 Bronze badge

        Re: Mystified; how will they force it?

        Try this in America and a BUCKET LOAD OF LEAD will come flying !!!

        Try it and See what happens AS YOU HAVE RECENTLY SEEN HERE in the US of A when you push people too far!

        Like trying to our guns, it will be over our COLD DEAD HANDS will we ever give up our encryption !!!! Actually, we'll make it THEIR cold head hands!

        Try it and there's gonna be a LOT of Deader'n'Dead fascists! We don't take no ss hit no-how here!

        .

    2. thames

      Re: Mystified; how will they force it?

      How will the Germans force it? They will just count on most chat they want to monitor taking place over phones, and banning secure chat apps from the Android and Apple app stores being enough to prevent the targets from using it. If Apple doesn't offer it to you, then you're out of luck if you own one of their phones. It's possible to load whatever you want on some Android phones, but most of the targets won't know how or otherwise won't do it.

      The Germans aren't counting on it being completely impossible to end to end encrypt a message. They are just counting on making it so difficult that most people won't bother. They aren't after Bond film super-villains with this, just run of the mill malefactors who bumble along from day to day.

      It will be interesting to see how the chat app vendors handle this. One way may be to simply have Google and Apple geo-fence their app stores to make their encrypted chat apps unavailable in Germany (and Australia) and add a "terms of service" clause telling their users to not use the app in banned locations. That is a quick solution that doesn't water down security for the rest of the world. The Germans (and Australians) won't be happy, but their government would have got what they asked for.

      1. Doctor Syntax Silver badge

        Re: Mystified; how will they force it?

        "It's possible to load whatever you want on some Android phones, but most of the targets won't know how or otherwise won't do it."

        The targets will know. It's just the innocent users who won't.

        1. Michael Wojcik Silver badge

          Re: Mystified; how will they force it?

          The targets will know

          The targets ought to know, but historically we've seen that:

          - Criminal and terrorist "masterminds" generally aren't particularly clever, intellectually thorough, or informed.

          - People at all levels of most criminal, terrorist, and paramilitary organizations tend to practice poor and/or inconsistent OPSEC. And their OPSEC protocols are often weak to defection - that is, they fail badly when only one or a few participants are suborned.

          - Even with cryptographic applications widely available, most criminals and terrorists fail to use them.

          I am completely opposed to government encumbrance on cryptography, but the historical evidence is that for the most part, the people they're explicit about targeting have a poor record when it comes to using the security mechanisms that are available to them, legally or not. So, for that matter, do most of the people that governments deny surveilling (such as their citizens, officials of other governments, etc).

      2. Dazed and Confused Silver badge

        Re: Mystified; how will they force it?

        If privacy is outlawed, only outlaws will have privacy

        -- Phil Zimmermann

        No idea whether these chat apps allow plugins but even if they don't there will be nothing to stop people using cut&paste and an encryption app. Even in a walled garden there would be nothing to stop the encryption app being web-based, well unless these crazy German politicians want to ban SSL while they are at it. Asking to back door that might draw larger protests.

        1. Yet Another Anonymous coward Silver badge

          Re: Mystified; how will they force it?

          Just require citizens to use Enigma machines for secret communications and then ask the Brits for the plaintext ?

        2. Anonymous Coward
          Anonymous Coward

          Re: Mystified; how will they force it?

          [...] nothing to stop people using cut&paste and an encryption app [...]"

          As long as what you send in plain text looks perfectly readable - then its end-to-end agreed private meaning will not be obvious to an interceptor. The BBC transmissions to the French Resistance in WW2 employed that sort of obfuscation in plain sight.

      3. Yet Another Anonymous coward Silver badge

        Re: Mystified; how will they force it?

        >How will the Germans force it?

        They won't and that's the problem.

        If they actually tried it widely everyone would see how ridiculous it was.

        Instead it will be saved for those special cases, such as where a journalist is embarrasing a politician, and then they can be threatened with ludicrous sentence anti-terrorist law unless they cooperate.

      4. Anonymous Coward
        Thumb Down

        Re: Mystified; how will they force it?

        You really think Apple would not only ban encrypted chat apps in Germany but also ban iMessage there? I hope they give Germany the middle finger, and dare them to ban sales of iPhones.

        This is the closest icon I could find...

        1. Charlie Clark Silver badge

          Re: Mystified; how will they force it?

          Just the way they stand up to the Chinese authorities then?

          1. Anonymous Coward
            Anonymous Coward

            Re: Mystified; how will they force it?

            China hasn't banned iMessage.

            Yes, Apple does use iCloud servers in China for Chinese customers where the government holds the key. As compared to the US where Apple holds the key - but they still have to give up the data in response to a court order, and do, so the only difference is that the Chinese government can snoop without a warrant.

            You don't have to use iCloud on your iPhone though. I don't. I do backups using iTunes since it is encrypted with a key only I have.

            1. whitepines Silver badge
              Big Brother

              Re: Mystified; how will they force it?

              since it is encrypted with a key only I have.

              Are you sure only you have the key? Have you been able to verify that the OS or application doesn't "back up" the key somewhere cloudy, is it written into the EULA you signed that only you have the key?

              Or (most likely) are you just taking the software's various on-screen prompts on pure faith and assuming the key stays local and the encryption is not only strong but lacks an intercept key?

              1. Anonymous Coward
                Anonymous Coward

                Re: Mystified; how will they force it?

                Paranoid much? How do you know the microphone on your phone isn't listening to you and sending your every word to Google 24x7? How do you know your new TV doesn't have a hidden camera built in behind the display watching you scratch your balls?

                Even if they did what you suggest, the backup still lives only on my laptop, so they'd have to get it to use that key.

                1. whitepines Silver badge
                  Facepalm

                  Re: Mystified; how will they force it?

                  Well, technically the phone is always listening for its wake word. I've personally seen the Android (Samsung) phone of a relative trigger repeatedly during normal conversation that sounded nothing like "OK Google", then quietly send all kinds of private conversation to Google, only being found out after the text message was transcribed or the maps lookup (for nonsense) was completed. At that point it's far too late, the conversation and transcript are permanently stored by Google's own admission. There's some spirited (and healthy as far as I'm concerned) debate about whether Google or its partners actually is listening randomly if not 24/7. Unfortunately since Silicon Valley tech companies lie routinely, and Google's already been caught out on Nest* it's really kind of hard to dismiss the phone listening in at least to "interesting" conversations.

                  On the TVs, well, sorry, but yeah they do listen in: https://money.cnn.com/2015/02/09/technology/security/samsung-smart-tv-privacy/index.html

                  And some have cameras now too, so your example is at best a few years away, not some far fetched tin foil hat conspiracy.

                  So the backup's only on your laptop. That's about the only thing in your favor here, though if you say the wrong thing about one of our illustrious leaders in today's climate you can bet the physical access barrier suddenly fails...

                  * https://www.washingtonpost.com/business/2019/02/20/google-forgot-notify-customers-it-put-microphones-nest-security-systems

                  1. Joe Harrison

                    Re: Mystified; how will they force it?

                    I've personally seen the Android (Samsung) phone of a relative trigger repeatedly during normal conversation that sounded nothing like "OK Google"

                    Cocaine Poodle will do it

      5. bombastic bob Silver badge
        Devil

        Re: Mystified; how will they force it?

        " It's possible to load whatever you want on some Android phones, but most of the targets won't know how or otherwise won't do it."

        a) make an APK available for download directly on a web site

        b) include instructions of the hoops you have to jump through to make it work

        developers know what these are [being necessary to test things] and it's not all that difficult, but later versions of Android make it, well, "hoopy". You have to do it JUST right, and you'll get a prompt to let it install the application anyway, and after that, it'll install any updated versions without the prompting. But yeah you have to get past that one part, which is LESS difficult now than ever, if you do it in the right order at any rate...

        https://www.wikihow.tech/Install-APK-Files-on-Android

    3. Kane Silver badge
      Boffin

      Re: Mystified; how will they force it?

      Mystified; how will they force it?

      Ahem, obligatory xkcd:

      https://www.xkcd.com/538/

      1. Michael Wojcik Silver badge

        Re: Mystified; how will they force it?

        Different problem. Government attempts to backdoor crypto, like this one, aim to enable mass surveillance and decryption of messages between unknown participants.

      2. Anonymous Coward
        Anonymous Coward

        Re: Mystified; how will they force it?

        "Ahem, obligatory xkcd:"

        The UK has laws that say if you won't/can't provide a password to apparently encrypted data - then you are guilty by default and will be sentenced to prison until you reveal the password.

        1. StargateSg7 Bronze badge

          Re: Mystified; how will they force it?

          Again, try that here in America and those OFFICIALS will be DEADER than DOORKNOBS !!! We'll just take matters into our own hands and shoot them! We ain't taking that or ANY ss hite from NO government agency!

          A whole many of my VERY WELL TRAINED brothers in arms will come out of the woodwork and those wannabe oppressors/fascists will be TAKEN OUT PERIOD !!!! Kinda hard to argue with a silently-aimed, well targeted .45 or from a .50 CAL taken from 1100+ metres!

          ..

  8. ibmalone Silver badge

    Where there's a will there's a...

    Have they spoken to Huawei?

  9. Doctor Syntax Silver badge

    It really is time that SMTP was updated to include encryption as the default.

    1. Mage Silver badge

      Re: time that SMTP was updated

      That's only ONE issue. White listing, black listing, security are problems.

      You'd really need a completely different system. Remember too that people need to legitimately "spoof" the From on SMTP as they may have many email addresses and replying to "spoofed" From will work because somewhere a hosted mail box is forwarding to a single mail box the user uses IMAP, POP, Exchange or Web client to fetch from.

  10. Mage Silver badge
    Coat

    Das Boot?

    Pedantry, but it's German for "The Boat".

    Though this won't inconvenience experts, real criminals or real terrorists. There is PGP and decent one time pads are REALLY easy and unbreakable, the issue with them is purely key distribution. Digitise some old 78s and post them as the keys. The more inherent surface noise the better. Now tell me again how the number stations work, or steganography in images on Pinerest, Facebook, Twitter and Instagram. Perhaps the solution is to shut them down :)

    1. whitepines Silver badge
      Headmaster

      Re: Das Boot?

      Since any method of communication could be used as a one time pad, ban mass assembly or face to face contact between people. Force everyone to ask the government to tell their neighbor anything they want communicated, which will be suitably modified to break one time pads and/or facilitate or break up communication as the State sees fit.

      Hmmm, maybe I should write a dystopian SciFi book. No, wait, governments worldwide would see it as a how-to guide for authoritarianism. Best not do that then.

      1. Doctor Syntax Silver badge

        Re: Das Boot?

        "Hmmm, maybe I should write a dystopian SciFi book."

        You might not be able to write fast enough to keep up with reality.

      2. Nick Kew
        Coffee/keyboard

        Re: Das Boot?

        Once there was a lot of resistance to a dangerous new import, and calls to ban coffee. That was when coffee houses were places where dangerous radicals might communicate subversive ideas.

        Hmmm. Come to think of it, there's even a nominal precedent, in the connection of Bach's coffee cantata to Zimmermann's coffee house.

    2. Doctor Syntax Silver badge

      Re: Das Boot?

      "There is PGP and decent one time pads are REALLY easy and unbreakable, the issue with them is purely key distribution."

      It certainly is for one-time pads. One reason for suggesting encryption be built into SMTP rather than being on top is that there is already a framework in place - the mail servers.

    3. JohnFen Silver badge

      Re: Das Boot?

      "decent one time pads are REALLY easy and unbreakable, the issue with them is purely key distribution."

      But that's a REALLY hard issue to resolve. In real-world use, this is done by physically handing a pad with the random numbers to the agent in a secure environment before they go out into the world. Once out in the wide world, secure key transmission becomes impractical.

      Also, OTPs can't really be used to allow two strangers to communicate, because of the need for the key exchange.

      "Digitise some old 78s and post them as the keys."

      As your OTP key? If you do this, your crypto will be easily broken. What you need in order to do OTP is the ability to generate a long string of genuinely random numbers, and you need a new string for every transmission. A scratchy old 78 won't provide anything near genuinely random numbers. But even if it could, you still have the key distribution problem.

      1. Doctor Syntax Silver badge

        Re: Das Boot?

        "Once out in the wide world, secure key transmission becomes impractical."

        If you agree on some sort of hashing algorithm then you can let some third party generate your one-time pad.

        If Alice and Bob want to communicate they each sign up to el Reg and let each other know the handle they use. When Alice wants a OTP to communicate with Bob she selects an article and posts a comment. They both apply the hash to the article to generate the OTP. As a variant, in order to reply Bob selects a comment to hash and posts a reply of which the selected comment is a grand-parent. Or to really hide the OTP in plain sight they just use an amanfrommars comment as it stands.

        The generation and distribution of the OTP is looked after by el Reg (other discussion fora are available). The shared secret is simply the means of identifying it to each other. There has to be a meeting to share the secret but once that's done there is a ready supply of OTPs with no risk of interception.

        1. JohnFen Silver badge

          Re: Das Boot?

          That wouldn't work, though, as the results of that hash won't be random. Even the slightest variation from random renders the crypto breakable. If you're OK with some amount of weakness on that score, then you're far better off using PKE -- the whole point of PKE is to get around the key distribution problem.

        2. Yet Another Anonymous coward Silver badge

          Re: Das Boot?

          We all assumed that this was what "amanfromMars" is doing

        3. hplasm Silver badge
          Happy

          Re: Das Boot?

          "If Alice and Bob want to communicate they each sign up to el Reg and let each other know the handle they use."

          Alice and Bob and AManFroMars1-in -he-Middle too...

      2. martinusher Silver badge

        Re: Das Boot?

        You use the OTP to exchange a session key, not as the overall key. You can then use half decent coding system for the message proper because the message would be too short to break the key (if for some reason it was too long then you'd just change the key periodically). The tricky bit would be coming up with a truly random string as the session key.

        The Germans themselves seem to have forgotten their history. The Enigma was a standalone device, not part of the communication channel. Its the same with a communication application -- to the untutored eye its a single piece of software but in practice the communication part is quite separate from the encryption part. So maybe to amuse them we could send them a whole bunch of Enigma traffic to play with, using modern software rather than the vintage electromechanical device but retaining the setup methodology and settings tables. They can have fun sorting it out (and the message content could be just routine naval traffic from that period, just in case they do figure it out).

        1. Anonymous Coward
          Anonymous Coward

          Re: Das Boot?

          "[...] and the message content could be just routine naval traffic from that period, just in case they do figure it out"

          What if they claim they decrypted it - and the message they claimed they obtained was incriminating?

  11. revenant Silver badge
    Unhappy

    The next step?

    Given the ease with which people who are really keen on secrecy could circumvent this - eg by rolling their own end-to-end encryption - I'm forced to conclude that the next step will be to criminalise the use of communications applications that are not on the Approved list. Dystopia seems to be arriving on a bullet train.

    1. Mark 85 Silver badge

      Re: The next step?

      Maybe add a ban on curtains, locked doors, and you will have a telescreen in every room. The race to the bottom hasn't finished but the bottom is in sight.

    2. This post has been deleted by its author

  12. whitepines Silver badge
    Facepalm

    Industrial espionage

    So nice to see the last great industrial engine of the EU commit sepukku. Now the East (and certain Western laggards that didn't invest in modern technology) can finish stealing the designs and manufacturing know-how of Germany that was so carefully guarded for centuries, then to top it all off, permanently destroy their infrastructure by fatally damaging the plants via SCADA.

    Just by stealing the "lawful intercept" key and listening for a while. Passwords to SCADA systems, unpatented trade secrets, all kinds of previously secret German industrial data ripe for the picking!

    Or their politicians will realize the end of Germany is nigh and nix this thing ASAP....

    Shame as I always liked driving German cars. Maybe the Chinese copy will cost less? It's not like there is a privacy advantage of Germany over China if they do this...

    1. A random security guy Bronze badge

      Re: Industrial espionage

      German cars are also porous to hackers. You should check out the VW cars which had wide open security holes. VW will not tell you if your car has security issues. And they will not update the systems over the air. And probably even if you ask for the updates.

      1. whitepines Silver badge

        Re: Industrial espionage

        Oh absolutely, but if they go this far even the fig leaf is gone and I hope China copies everything from their now completely open communications. Then gives me a nice German quality car at a more appropriate price for such an insecure sieve.

    2. DuncanLarge Silver badge

      Re: Industrial espionage

      "Passwords to SCADA systems"

      There are SCADA systems that actually use password?

      Where I work we had a new SCADA system installed. Being the IT guys we demanded certain password requirements. The SCADA guys were like "what? you want passwords?". We really had to put our foot down hard to get them to implement it securely.

      It was on its own physical subnet protected by a firewall (both ways). Each machine had only a few whitelisted ports (non default ports) and remote access was only possible from our own machines on certain wall ports.

      They didnt like supporting it remotely, kept complaining about having to look up the passwords and using a VPN to connect...

      1. Anonymous Coward
        Anonymous Coward

        Re: Industrial espionage

        "[..] kept complaining about having to look up the passwords [...]"

        No problem - they would just write them on a big whiteboard opposite the window.

        1. whitepines Silver badge
          FAIL

          Re: Industrial espionage

          Real life story from some years back.

          Context: public car park for aerospace contractor that also does defense work. What I observed: a large whiteboard full of what looked like technical data in plain view of the lovely large windows overseeing the car park.

          Here's hoping said data was only for the commercial wing of their operation, but still. Scary stuff!

      2. whitepines Silver badge
        Facepalm

        Re: Industrial espionage

        It was on its own physical subnet protected by a firewall

        OK, updating my story for the proper level of manglement ineptitude. Passwords for the firewalls being intercepted, then having a few rules updated. Who would actually bother to find and turn off the management interface telnet port anyway?

        Bonus points for locking out the plant operators when you take control...

        Legal disclaimer: this is merely a potential threat scenario that is provided for educational purposes on how to properly secure one's physical plant infrastructure from an outside attacker. It is also intended to illustrate how mandatory backdoored encryption makes this critical task impossible in practice.

  13. elgarak1

    These comments were done just before the EU parliament elections. As such, I tentatively consider them to be campaigning slogans, in particular an attempt to schmooze right-wing voters.

    Given that the ruling coalition is one of the losers of this election, the right-wing AfD only a slight percentage gainer (but given the voter turn-out, only got about the same number of votes as in last general election), and the big winners are the Greens (who are infinitely more knowledgeable about such things and won't do it), I hold my breath that such a law ever would come to pass.

    Tentatively.

    (Another thing: The statements came from Horst Seehofer, currently Federal Minister of Interior, formerly head of state of Bavaria [rather conservative; in US terms, if you think Texas=Bavaria, you're not far off the mark]. His special talent – how should I say politely? – is to say nothing in a way that the listener hears what he wants to hear. His public statements often have not much in common with actual policy.)

    1. John Brown (no body) Silver badge

      "These comments were done just before the EU parliament elections. As such, I tentatively consider them to be campaigning slogans, in particular an attempt to schmooze right-wing voters.

      Given that the ruling coalition is one of the losers of this election, the right-wing AfD only a slight percentage gainer (but given the voter turn-out, only got about the same number of votes as in last general election), and the big winners are the Greens (who are infinitely more knowledgeable about such things and won't do it), I hold my breath that such a law ever would come to pass."

      I will freely admit to not following the local politics in the rest of the EU, but here in the UK, the EU elections for MEPs rarely reflect our local Parliamentary results.

    2. TheMeerkat Bronze badge

      You might find that it is the likes of Green who are for government control of the Internet (as their opinion is government-sponsored at the moment), while AfD is constantly coming against censorship of their views (like bans from Facebook or YouTube).

      1. Anonymous Coward
        Anonymous Coward

        "[...] is constantly coming against censorship of their views [...]"

        When the oppressed gain power - they soon tend to implement the tactics they learned from their oppressors. There has long been a misconception that "liberation" movements are naturally "the good guys".

        The behaviour of the ANC in South Africa has been exemplary in confirming Orwell's "Animal Farm" observations about the outcome of such revolutions.

    3. Charlie Clark Silver badge
      Thumb Up

      Seehofer will probably also leave the cabinet at the next reshuffle.

  14. EVP Bronze badge
    FAIL

    So Long, and Thanks for All the Ciphers

    ”Achtung German citizens! An important annoucement follows. Bend over and relax. Resistance is futile. Just remember DDR. Rest of the Europe will follow shortly. End of transmission.”

    I’m going to move into a cave and live off eating cones in retaliation. I’ll pay my taxes in pebbles. How about that, fcuckers?

    Good luck Germany in implementing your brain-dead scheme in any remotely secure way. You’ve failed already. Cheering you hear is not us but blackhatters.

    Grrr... People behind this initiative understand technology even less than my one-eyed incontinent cat. Amazing that one is able hold a government official position and pass that kind of gas from one’s brain at the same time.

  15. Number6

    Surely the quick fix for this is for WhatsApp, Telegram et al to include in their Ts and Cs that use of the software is not allowed in Germany but make no effort to do any sort of GeoIP checking. If they're going to offer 'proper' software for use in the free world and an emasculated version for places that want a backdoor, then anyone with any savvy is going to install the proper one regardless. No one reads the Ts and Cs anyway,so things will continue as normal until the state jumps on someone and there's a big court case, at which point the people either say STOP! or bend over.

  16. DeKrow
    Black Helicopters

    Self-Hosted?

    What can they do about self-hosted systems? Something like this:

    https://blog.cryptoaustralia.org.au/run-your-end-to-end-encrypted-chat-server-matrix-riot/

    Sure, there's a chain to follow to find who's running them, or to just get them shutdown or legislate against them so that causal folk are scared off, but "casual folk" aren't the target. There's also "self-hosted as a Tor service" to further obfuscate the trail such that any action by law enforcement will likely be after-the-fact, which appears to be what these new laws are trying to prevent.

    Maybe it's just a whittling away of the less technically savvy terrorists. At the very cheap price of the privacy of casual folks online conversations.

    Funnily enough, I think the most tech savvy and intelligent terrorists probably moved into "legitimate business" many years ago and are happy with all these draconian new laws that will only work to cement their established positions.

    1. big_D Silver badge

      Re: Self-Hosted?

      Private family discussion servers. I've been thinking of implementing my own for our family.

      But inertia is the problem. Most won't want to switch to something that isn't WhatsApp or Telegram, because everybody they know uses them and they are easy to setup and use. Most people don't care or are oblivious to the problems with encryption anyway.

    2. Mark 85 Silver badge

      Re: Self-Hosted?

      There's also "self-hosted as a Tor service"

      Considering who "invented" Tor, I wouldn't hold my breath on it actually being secure.

  17. Anonymous Coward
    Anonymous Coward

    What the f*ck...

    That is something I would not of thought the Germans would do. Dumb f*ck Australian government but not German.

    1. whitepines Silver badge

      Re: What the f*ck...

      Apparently the kind of thinking that considers this authoritarian nonsense a good idea wasn't as fully exterminated as we would have hoped post-WWII and the Cold War. Ironically it may have relied on secrecy to be passed down from generation to generation without being stopped or challenged. Or...

      Scary version? This is degraded humanity in its purest form, the desire for one primate to rule over all it can see/hear with an iron fist, to see all, to judge all, and to decide the fate of all with absolute, unassailable authority. It bubbles forth in varying degrees with no provocation other than living around other humans, and cannot ever be eliminated.

      Less bleak/dystopian version: anti-Facist training needs to be a mandatory part of primary education in Western nations. Including Blighty if certain recent events are any indicator...

      Catch nascent fascists early, then make sure they are never in charge of anything more than keeping the loo stocked and clean. Certainly such tendencies should render them quite unelectable in a perfect world.

      1. Anonymous Coward
        Anonymous Coward

        Re: What the f*ck...

        "anti-Facist training"

        It is "totalitarian" tendencies that are intrinsic to human societies. The human mind doesn't like uncertainty. For some people it is so debilitating that they seek to exercise control over anything - and everyone - that they believe affects themselves. That includes attempting to control their own thoughts that bubble up to cause them discomfort.

        1. whitepines Silver badge
          Facepalm

          Re: What the f*ck...

          The human mind doesn't like uncertainty

          The irony of course being that the totalitarian regimes instil fear exactly by causing massive uncertainty regarding imprisonment and death (a sort of FUD on steroids) around any topic, action, conversation, or association not expressly approved by the State.

          By extension, anyone that wants totalitarianism to reduce their personal uncertainty would appear to be lacking two brain cells to rub together.

  18. big_D Silver badge

    After last weekend...

    I would think that they would shelve this, at least for a while.

    Social media blew-up in the face of the main parties in the run-up to the EU and State elections last weekend. A lot of YouTubers and social media influencers to to the, um, ether (through Wi-Fi) to tell their followers to vote, but not for the CDU/CSU. This got the party incensed and they showed the total (mis-)understanding of social media in their responses.

    Now the leaders of both the CDU and the SPD are looking at being ousted by their failures at the weekend.

    Interestingly, of all the "major" parties over here, only the CDU and Green bothered to stand for election to the State Parliament - there were only 4 candidates, CDU, Green and 2 independents, AfD, FDP, SPD, Die Linke and all the others didn't even bother to post a candidate. The EU ballot paper on the other hand was about 2.5 pages long!

    But the blow-back around trying to silence influencers is still echoing around the press today. It looks like several posts in the leading parties will see fresh faces in the coming weeks.

  19. Anonymous Coward
    Anonymous Coward

    USENET ?

    I still use it. You'd think it was already being flooded with encrypted messages, some of the garbage that gets posted.

    A plus for hiding dodgy messages is the amount of spam to signal posting in some newsgroups ....

  20. DuncanLarge Silver badge

    The irony

    I had a good hearty laugh when I read this

    "hand over end-to-end encrypted conversations in plain text on demand"

    HAHAHAHAAHAHAHAHAHHAHAHAHAHAHAHHAHHAAHAHAHAHHA

    HAHAAHHAHAH

    HA HA

    Its like telling someone to get in a car and fly to paris, without using a plane.

    For anyone not getting it: End to end encryotion can only be end to end if the "provider" is unable to access the plain text. Its the very definition of end to end encryption. So in effect they are seeking to ban end to end encryption entirely. As soon as someone in the middle of the connection (the provider) has access, you no longer have end to end encryption.

    How are they going to handle people using PGP/GNUPG to encrypt emails? Public key crypto like that HAS no provider. Its entirely controlled by the user, with its own management difficulties due to that. Eventually they will just have to ban end to end encryption in all forms, anyone detected as using it will be targets for the swat teams.

    I say they should go further. Ban non self driving cars (do it now, why wait for everyone to have one?) as anyone using a car that is under human control can then be assumed to be a terrorist who will run people down.

    Ban knives too. Now. Anyone caught with one will be automatically assumed to be some kind of stabber. Makes sense, if nobidy has a knife legally then only the crims will! How will normal non-crims cut up food? Well thats their problem just like its their problem on how to securely sent bank acount details with no end to end encryption.

    HAHAHAHAHAHAHAHAHAH

    HAHAH

    HAHAHA

    Really its way too late. Nobody will give up their human controlled cars to be safer when walking, nobody will give up their knives to be safer when telling yobs to pick up the litter and nobody will give up end to end encryption.

    Good luck germany, if you pull this off you will be a little island on the internet. The "encryption" nudist colony of the world.

    1. GrumpenKraut Silver badge
      Thumb Up

      Re: The irony

      > The "encryption" nudist colony of the world.

      I am totally going to steal this one.

  21. Fred Flintstone Gold badge

    Wow, how time flies

    I once said that this idiocy shows up roughly every seven years, so we've either screamed through that or the cycle is getting shorter.

    No, I'm not even going to argue why backdoors are as bad an idea as making the brakes in a car optional, if you haven't worked it out by now there's little hope yet another round of explanations will make you see the light.

    Sigh.

  22. GrumpenKraut Silver badge
    Facepalm

    Calm down everybody...

    It's just Horst "Der bayrische Vollpfosten" Seehofer. Nobody with half a brain is taking him seriously. He is embarrassing even for Bavarian standards, which really says everything one needs to know.

    He once threatened to retire and pretty much everybody went "Oh pretty please do it!". Then he didn't retire.

    1. Anonymous Coward
      Anonymous Coward

      Re: Calm down everybody...

      "He once threatened to retire and pretty much everybody went "Oh pretty please do it!". Then he didn't retire."

      Which equally applies to one Nigel Farage. The irrationality of the mob in human society can be fascinating - as long as one is remote from being swept over the cliff with it.

  23. Kiwi Silver badge
    Mushroom

    Doomed to failure...

    The governments, meanwhile, say that the apps also provide a safe haven for criminals and terror groups that want to plan attacks and illegal activities

    During WWII the French Resistance were technically a criminal terrorist organisation, who not only managed to plan crimes and terror attacks but also recruit others, plan meetings, move or hide equipment, move or hide escaping prisoners and so on. They were able to do this despite the massive technological and manpower advantages the state powers had.

    Other organisations have operated for years in even worse areas, sometimes without any detection let alone government intervention in their activity.

    We also have the various gangs and other criminal organisations who have managed to operate without significant government interference. And other organisation that are 'under the radar' yet can be fertile recruiting grounds for 'like-minded individuals'.

    All of this just goes to show that 1) the lack of private communications does not prevent criminals planning and 2) the more repressive the regime, the more violent the actions required to end it. If you wish to increase "citizen unrest" then by all means act more like a repressive regime.

    The people in Germany should recall what happened last time their leaders got a bit uppity. The rest of the world should also take note, and take appropriate steps to prevent further abuses by our respective governments (violence is a last resort)

    FTR - I admire the work and efforts of most resistance fighters when working against a repressive regime, including those from France during WWII. Their actions were crimes, true - but they were crimes against unjust or even evil laws and those people were generally doing the right thing for their circumstances (some were acting for less desirable motives, they don't get my respect).

  24. Anonymous Coward
    Anonymous Coward

    "Wir mussen alles wissen."

    "We must know everything."

    Erich Mielke, Head of the East German Ministry for State Security (Ministerium für Staatsicherheit), better known as the Stasi.

  25. Anonymous Coward
    Anonymous Coward

    John Wick will need to put those Germans where they belong... I mean... come one... you are employees! The people is your boss, not the other way around!

    If anyone had employees at home spying or trying to spy them, wouldn't they just fired them immediately? Or would they accept the "it is for your own protection boss" crap argument?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020