Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Privacy Security

Germany Preparing Law for Backdoors in Any Type of Modern Device (bleepingcomputer.com) 251

Catalin Cimpanu, writing for BleepingComputer: German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more. Officials are expected to submit their proposed law for debate this week, according to local news outlet RedaktionsNetzwerk Deutschland (RND). The man supporting this proposal is Thomas de Maiziere, Germany's Interior Minister, who cites the difficulty law enforcement agents have had in past months investigating the recent surge of terrorist attacks and other crimes.

Germany Preparing Law for Backdoors in Any Type of Modern Device

Comments Filter:
  • by IWantMoreSpamPlease ( 571972 ) on Tuesday December 05, 2017 @01:55PM (#55681805) Homepage Journal

    "Legal"
    Good luck on that, it's a slippery idea that is resistant to being pigeonholed.

    • Re: Define (Score:2, Insightful)

      by Anonymous Coward

      If we lose all personal privacy, then the terrorists have won.

    • East Germany has won over West Germany!

      News at 1100!

  • Ok.. (Score:5, Insightful)

    by Drathos ( 1092 ) on Tuesday December 05, 2017 @01:57PM (#55681827)

    Why not ban all security on devices while you're at it?

    • If I had mod points, and if I could multi-mod comments, I would give -1 for redundant and +1 for underrated... ;-)

    • No kidding. Idiots not understanding technology making rules about it... /sigh

      I'm in awe of your low number user ID.

  • by swschrad ( 312009 ) on Tuesday December 05, 2017 @02:00PM (#55681857) Homepage Journal

    deliver notice to the regulators proposing this that GeegawCo would cease operating in Germany, including any network/remote/cloud operations, if this were enacted. ship the money back home and dump 'em.

    • by Mr307 ( 49185 )

      Seems like the responsible thing to do, could even couch it in a "we respect and value our customers and dont want them to be at risk" type message.

      If it were a large enough entity it could cause a kerfuffle or if there were enough of them willing to leave, could be even more interesting. No doubt some competitor with less principles will fill the market, its easily big enough for most manufacturing scales depending on the gadget.

      Almost want them to follow through with this kind of crazy, could be a fantas

      • Companies rarely if ever care about public interest. On the other hand knowing that if they were making gimped "security" in their devices, they should know their worldwide sales would plummet like a lead brick! No company with any brains would do this, even if it means cutting off all sales in Germany. The losses would just be too big otherwise.
        • by Mr307 ( 49185 )

          I get your point but in general I still disagree, self interest will tend to follow public interest, probably till some point on the scale is passed so it would mean that most companies of smaller size will be more actually interested in public interest as compared to larger ones.

  • Nice to see Germany returning to its totalitarian roots.

    • Nice to see Germany taking one for the team... I read this and immediately thought: Thank God some other nation besides the US is stupid enough to try this first, thus giving other nations the proof we need to kill such notions before they take root... wait... that's how this works, right?

    • by gweihir ( 88907 )

      Unfortunately that is exactly what is happening. Totalitarian tendencies are strong in Germany, despite its bad history in this regards. Many people want the state to control everything. And now that the resistance had gone way weaker, the proto-fascist in government and administration try hard to become the real thing again.

      • Totalitarian tendencies are strong in Germany,
        That is nonsense. Hint: I'm German, and mainly live in Germany.

        Many people want the state to control everything
        That is even more nonsense,

      • by Megol ( 3135005 )

        Bullshit. Germany have very protection against just this for obvious reasons: the verfassungsschutz or translated protection of the constitution.
        It is an unique system to make any system that goes against the German constitution very hard to implement. It is a system that (yes!) infringes on personal freedom if that is the way to stop totalitarian groups to increase in power. It doesn't as such protect the current system but the idea of a free state without totalitarian tendencies.

        Is it perfect? Nothing eve

  • by dyfet ( 154716 ) on Tuesday December 05, 2017 @02:04PM (#55681909) Homepage

    And I had thought east germany had joined west germany, not the other way around...

    • by blahplusplus ( 757119 ) on Tuesday December 05, 2017 @02:17PM (#55682035)

      And I had thought east germany had joined west germany, not the other way around...

      All states are at war with their respective publics, see this comment by former national security advisor. It's the rich vs the rest.

      Citizens called a "global menace" here by former national security advisor of the US:

      https://www.youtube.com/watch?v=n7ZyJw_cHJY [youtube.com]

      Our brains are much worse at reality and thinking than thought. See the manufacturing consent videos when you get the time. Science on reasoning:

      https://www.youtube.com/watch?v=PYmi0DLzBdQ [youtube.com]

      Crisis of democracy

      https://www.youtube.com/watch?v=ZYFxtNgOeiI [youtube.com]

      Book:

      http://trilateral.org/download/doc/crisis_of_democracy.pdf [trilateral.org]

      Protectionism for the rich and big business by state intervention, radical market interference.

      https://www.youtube.com/watch?v=WHj2GaPuEhY#t=349 [youtube.com]

      Wikileaks

      https://www.youtube.com/watch?v=ABDiHspTJww&feature=youtu.be [youtube.com]

      Manufacturing consent:

      https://www.youtube.com/watch?v=KwU56Rv0OXM [youtube.com]

      https://vimeo.com/39566117 [vimeo.com]

  • by Baron_Yam ( 643147 ) on Tuesday December 05, 2017 @02:06PM (#55681931)

    The first people to get the backdoors will be cops.

    The second people will the in organized crime. It'll only take one bad law enforcement employee on their payroll to leak it... and THAT is just if there's some kind of key involved. The system itself will be public before the first device is even sold, since the standards will have to be given to the manufactures and they're going to leak like sieves.

    Then you'll have a nation of devices that are completely untrustworthy. In theory... because in practice this is so obviously too stupid to work that they can't possibly go forward with it.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      " In theory... because in practice this is so obviously too stupid to work that they can't possibly go forward with it."

      And people pacifying themselves with sentiments like these are how these theories are put into practice.

    • Here I thought Germany had it's collective head screwed on straight. Boy was I ever wrong, I guess.
      The most dangerous and troubling thing about this: If it gets passed in Germany, it'll be considered precedent in other countries (like the U.S.). In a world where all data security is compromised, there won't be any security for anyone (except the cops, maybe the military, and definitely THE RICH). At that point there won't be any reason to own a cellphone beyond the cheapest clamshell dumbphone, a computer
      • by Tailhook ( 98486 )

        Here I thought Germany had it's collective head screwed on straight. Boy was I ever wrong, I guess.

        See elsewhere in this thread; it's Trump's corrupting influence, dontchaknow. Read some of those and your worldview will be back on the rails in no time.

        Never mind that Germany has been competing with the UK for years to see who can create the most chilling thought-police state in Western Europe to deal with mass immigration opponents. Nah. You're only just now noticing how bad it's gotten.

        Too fucking late.

        • I was basing my opinion on Angela Merkel doing and saying some things that sounded smart and fair. Guess she's the outlier. Sad for Germans, now. Maybe it won't pass into law and they'll be spared this nonsense.
        • >See elsewhere in this thread; it's Trump's corrupting influence, dontchaknow.

          People often mix up cause and effect; Trump is an effect, not a cause.

          Trump is what happens when you ignore the fact that humans are fundamentally emotional, tribal animals and you allow a significant group of disgruntled people to form a tribal identity and blame their problems on another 'tribe'... that's sad but it happens.

          The people you really need to string up and beat like pinatas are the opportunists who feed the flames

      • by Blymie ( 231220 )

        In general?

        The majority of people are extremely emotional. They allow themselves to be entirely controlled by fear, have no idea of statistics, and aren't able to properly manage risk.

        And it isn't "getting". No, people have always, always been like this.

        What happened after 9/11? The largest removal of rights in US history! Most of those rights are STILL gone.

        And to make this a 'German thing', just how do you think Hitler got into power? His government was elected in power, because FEAR FEAR! Fear the

    • Never underestimate the influence and reach of stupid people in power
    • by eth1 ( 94901 )

      Actually, it will probably leak before any device with the system even hits the market. It only takes one annoyed employee of a device manufacturer to dump the specs and keys on Wikileaks.

      In fact, it would be hilarious if this inevitable person released a file right now that simply said "if this law passes, this fill will contain the specs and keys. see if you can find out where it came from."

    • You mix that up a little bit.
      The first people will either be organized crime or foreign intelligence agencies.
      The second people are those who failed to be the first.
      Then law enforcement would come ...

      However as such laws/backdoors never will exist ... it is just playing mind games.

  • the Nazi's had laws like this!

  • Good! (Score:3, Insightful)

    by Kenja ( 541830 ) on Tuesday December 05, 2017 @02:09PM (#55681963)
    SOMETHING has to slow down the German economy before they own us all. Chasing out all technology would do it.
    • by jedidiah ( 1196 )

      > SOMETHING has to slow down the German economy before they own us all. Chasing out all technology would do it.

      Calm yourself there Mr. Little.

      The "German work ethic" already makes the world safe for the rest of us.

    • SOMETHING has to slow down the German economy before they own us all.

      The trick to success is NOT to drag everyone around you down, it's to life yourself up. Weakening Germany won't really improve things for others.

      Notice that even bombing them into ruin 75 years ago didn't work all that well....

  • Unlike the USA, Germany has a strong pro-privacy movement -- this will probably get shot down hard at either the Federal or EU level (since it's likely at odds with EU rules).
    • You are hilarious!
    • by gweihir ( 88907 )

      It will. But it is highly alarming that the fascistoid politicians pushing for this will not stop, but try again and again. It will likely not even get passed in the first place, and if it does, it will very likely get killed by the Bundesverfassungsgericht, i.e. on federal level. It has no chance at all on EU level, should it come to that.

      In the end, this law would sabotage society and far worse so than any amount of terrorism ever could. It is essentially Zersetzung, as it undermines trust and that is the

    • by AHuxley ( 892839 )
      Changes to the law after ww2 in West Germany gave a lot of powers to protect "democracy" from any group wanting to change democracy.
      Germany now has the same investigative powers to protect "democracy.".

      Why would a strong pro-privacy movement be able to block the police and security forces in Germany from protecting democracy?
      Would the police protecting Germany democracy allow a pro-privacy movement to start blocking the police from protecting Germany democracy?
      Anyone in a German pro-privacy movement wo
  • Intel Management Engine (ME), also known as the Manageability Engine. Intel have been putting a back door on their chips for the last 10 years at least. So what are law enforement worrying about?
    • by gweihir ( 88907 )

      They cannot use that one for law enforcement. As sources need to be protected, they can use this rarely and very carefully for intelligence purposes. A source you do not protect is one you lose. Incidentally, if the attack code for this ever leaks, we have a global catastrophe. And since not even the NSA can protect their attack code against having it stolen...

  • After all, Munich is switching back to Windows.
    • Oh, sorry, the governments still get to keep secrets. Its just you plebs that do not have the right to privacy.

  • We live in a global economy today. Does this mean all digital devices imported into the country need to have these same backdoors? Probably so. Are manufacturers lazy, and want to build one-size-fits-all devices? You damn right they are. Meaning if this passes, device models sold to Germany will ALSO have these same backdoors sold elsewhere in the world.

    • by AHuxley ( 892839 )
      One production line for all nations. Software just sets privacy to nations laws.
      With the key, security services can change the settings.
      In the past that got seen with collection like in :
      Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/... [wikipedia.org]–05
      SISMI-Telecom scandal https://en.wikipedia.org/wiki/... [wikipedia.org]

      Germany will just go for software that can read "messages "at source" on users' screens." "remotely record all calls" "turn on its microphone and camera"
      "Surveillance: German poli
  • by nospam007 ( 722110 ) * on Tuesday December 05, 2017 @02:29PM (#55682133)

    I doubt it. They don't even have a government yet.
    Nobody knows what and if a coalition will be formed.
    There might be new elections.
    This is nothing else but bullshit.

  • How would you like that extra door for your BMW or Mercedes?
  • And what if I install a so-called "after market firmware" that hinders that backdoor?

    And what if I install a home-made (read "linux based") device instead of a "commercial" one?

    Will I be considered "out of law"?

    • by AHuxley ( 892839 )
      Linux will be at the user app level of a persons phone. Type in all the message and use all the very best, strong, tested encryption that can be found on the internet.
      Once the German security services find that account to be interesting they will be "reading the messages "at source" on users' screens." on that Linux software sitting on very commercial cell phone.
      "Surveillance: German police ready to hack WhatsApp messages" (25.07.2017)
      http://www.dw.com/en/surveilla... [dw.com]
      Changes in software on standard h
  • Let’s assume the iPhone is the target of this law because, frankly, it probably is. And let’s assume Timmy & Co. cave in because they like money.

    Any good criminal network will have at least a few people bright enough to write code. Those people can implement existing strong encryption algorithms themselves. They can also teach people how to get their own free developer key and to install their own secure apps onto their own phones using Xcode. Sure, they’ll have to reinstall once a wee

    • by vux984 ( 928602 )

      The flipside, is that they don't need to access the criminals communications, they can simply prosecute them for having communications they can't access. Because THAT will be illegal now.

    • by AHuxley ( 892839 )
      Re "the end result is criminal networks having more secure communications"
      Criminal networks just talk at the trusted family, tribe and community level.
      The place of worship and at community events becomes their cover for meeting and talking. Police can't enter such events undercover as they have no reason to be part of that faith, community or tribe.
      The criminal networks know all the tech is fully open to German police and the security services and use it for decades of misinformation.

      Long term crimin
  • Will be childs play for Russian and Chinese hackers.

    So Germany is mandating insecure networks.

  • This from a country that in recent history, twice!, persecuted minorities. Can you imagine what would have happened if Hitler had access to the government spyware infrastructure we have today ?! And all over the world nationalism is on the rise again, how could anyone think this is a good idea ..
    • by gweihir ( 88907 )

      A nationalist and a proto-fascist would think this is a good idea. The present young generation (gen Z for "zero", as I like to think of them) does not care. And so it begins.

  • We spy on you because of them.

    --
    If it were easy, it wouldn't be called life.

  • I was thinking they were going to lay down laws to ensure security in devices... not blast them full of holes to help out hackers... So - who wants to place bets on how long it will take for the first politician to get hacked by their own backdoor?
    • What? Are you nuts? Slaughter the goose laying the golden eggs? If you do that, they'll immediately realize how stupid they were and backpedal.

      Hack everything else, far more lucrative and far less backlash. Jeeeesh, kids these days, can't even identify the correct hacking targets.

  • If only Erich Mielke [wikipedia.org] could still be with us to see his dream come true...

  • by Opportunist ( 166417 ) on Tuesday December 05, 2017 @03:38PM (#55682791)

    because my job. This one's free. First of all, I might eventually be affected by that bullshit if it spreads and second, it's always a pleasure belittling you and showing you just how big an idiot you really are.

    First and foremost, there is no such thing as a "government only" backdoor. A backdoor is or is not. A backdoor that MUST be in EVERY device, independent of maker and the kind of device is by definition a high profile target for every hacker on this planet. Everyone wants to have that. That includes every state actor. I.e. other nations WILL want to have that backdoor. Now, of course you might share it with friends. It's unlikely that you want to share it with states like, say, North Korea or that Daesh idiots (that's ISIS for you, in case you didn't keep up with the news). Yes, Thomas, you're about to give terrorists a tool to invade German devices.

    Way to go, aren't you supposedly at least kinda-sorta responsible for the internal security of the state?

    How they get it you ask? Are you kidding? We're talking about the universal key to EVERY computer in your country. Every private, every corporate, every government system. You think a state actor (especially a rogue state actor) would shy away from kidnapping someone's family if he as much as MIGHT have access to the relevant keys? Here's your wife, Thomas, here is your kids. Hand over the keys and don't talk about it or, well, I spare you the details.

    And even worse, you won't get what you want to get, Thomas. Because you don't think that anyone outside of Germany would as much as touch a device with a "German backdoor" installed, do you? Twice so if a state actor. No. Outside of Germany, you'll get secure devices (well, more or less... but at least not deliberately insecured ones). It is trivial, not only to me because that's what I do for a living, but to everyone with at least a minimum knowledge of IT to diff a "good" and one of your "bad" devices to see what's different between them. And what's different between them is your backdoor. It is now also trivial to patch such a security hole in a way that you'll be locked out again. And you can rest assured that every terrorist on the planet will make sure to plug that and lock you out.

    Thomas. Again. Usually, I sell good advice. This one is actually free. Stop that idiocy before it costs you your job. I kinda like your party. Even though you're a grade A moron.

    • by thedarb ( 181754 )

      I think you are mistaken. I suspect they could do this with key escrow. Buy a new device? To set it up, you have to get your keys issued to you by the state. Each device can have a unique key or set of keys, but they would all be owned by the state... not you. Then your phone goes through the encryption process with the key or keys it's been issued. Get arrested and they want to read your phone? No problem, send it to the single well funded government organization that has your keys on file. They do

      • The whole shit flies out the window the second the device gets rooted. And you can rest assured that this is the first thing anyone with nefarious intent will do. Make it illegal? Fuck, do people planning to blow themselves to kingdom come give half a shit about a law concerning their phone? What do you want to do, arrest him? We're still talking about someone willing to blow himself up, to kill himself. You think he gives half a shit about your laws?

        What you'd have to do is make rooting a phone illegal. On

  • Setting aside organized crime for a moment, every other national intelligence service will thank you for this back door, whether you meant for them to access those devices or not. At very least, you've made it much easier for them to target their collection efforts since all they have to do is compromise a single German agency versus each and every individual device. So pick the boogeyman of choice, the Russians, the Chinese, the Americans, the French, and think of their intelligence agencies crawling thr
  • A source claims Thomas de Maizière would like to have backdoors in popular apps. That doesn't mean he'll get them or, as a matter of fact, that the Bundestag will pass a law to make those mandatory. Since the Third Reich Germany has been, shall I say, a tad sensitive on the invulnerability of privacy in mail and telecommunications. I doubt he'd get it through the Bundestag let alone past supreme court.

    It's just a German gouvernment official probing the waters machiavelli style. Just like in the US. No news here. Move along.

  • The STASI and the Gestapo were BAD, m'kay?

    Germany already had to overthrow two totalitarian regimes in the 20th century. They sure as hell don't need another one.

    -jcr

  • .... that will be required on the part of law enforcement to protect innocent people from the prying eyes of nefarious individuals that will use the exact same back doors that the government will have.

    Oh, of course these people may be breaking the law, but that's not going to help the people that will get harmed in the interim.

    I expect they will realize their folly within about 6 months to a year,

  • Sounds like a law custom made to kill the German consumer electronics industry, as everyone buys products from other countries that don't have built in insecurity.

You have junk mail.

Working...