Slashdot Mirror
Germany Preparing Law for Backdoors in Any Type of Modern Device (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more. Officials are expected to submit their proposed law for debate this week, according to local news outlet RedaktionsNetzwerk Deutschland (RND). The man supporting this proposal is Thomas de Maiziere, Germany's Interior Minister, who cites the difficulty law enforcement agents have had in past months investigating the recent surge of terrorist attacks and other crimes.
"Legal"
Good luck on that, it's a slippery idea that is resistant to being pigeonholed.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Round up the Russians and send them to concentration camps. That way, once all the paid Russian trolls are being starved in concentration camps, we can safely have elections without fear of meddling.
All door locks must be able to be kicked in by emergency responders. It's in case of fire. There could be children in the building. THINK OF THE CHILDREN!
we've seen more than enough.. cease fire stand down,, there are moms & babys in all or our towns the world around..
Why not ban all security on devices while you're at it?
End of line..
deliver notice to the regulators proposing this that GeegawCo would cease operating in Germany, including any network/remote/cloud operations, if this were enacted. ship the money back home and dump 'em.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Nice to see Germany returning to its totalitarian roots.
And I had thought east germany had joined west germany, not the other way around...
The first people to get the backdoors will be cops.
The second people will the in organized crime. It'll only take one bad law enforcement employee on their payroll to leak it... and THAT is just if there's some kind of key involved. The system itself will be public before the first device is even sold, since the standards will have to be given to the manufactures and they're going to leak like sieves.
Then you'll have a nation of devices that are completely untrustworthy. In theory... because in practice this is so obviously too stupid to work that they can't possibly go forward with it.
From TFS/TFA
German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations.
This is the ultimate purpose behind placing ISPs under Title II in order to place them under CALEA requirements which could easily be interpreted to require exactly the same kind of 'back doors' on devices.
The propaganda has worked so well we have people violently protesting to have their own privacy taken away.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
and all their problems disappear.
the Nazi's had laws like this!
an unclever disguise at best.... living the lie is fatal to every one everywhere... the 'dream' is just another nightmare now...
SOMETHING has to slow down the German economy before they own us all. Chasing out all technology would do it.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
I like the idea that VW and BMW should tell the government they can do it in their native language. But for future upgrades that will need to be free for anyone that owns their vehicles for the next 50 years, they'll need to be compensated annually 100mil Euros to hire proper security engineers and testers. So, if France wants it, that is another 100mil Euros so they can hire French staff and if the USA, another 100mil for English speaking security professionals and engineers. Put back the cost burden on the governments for future maintenance upgrades. Security and safety isn't free, while government contracts are very lucrative.
Unlike the USA, Germany has a strong pro-privacy movement -- this will probably get shot down hard at either the Federal or EU level (since it's likely at odds with EU rules).
German authorities are preparing a law that will force device manufacturers to include backdoors within their products that any attacker could use at their discretion.
Note to self: Don't buy German IT products.
What's to stop these criminals from throwing up their own encrypted Matrix server, with no backdoor? This only really makes them stop using big commercial services. Countries will spend millions trying to get back doors into public chat rooms, only to have millions of private ones pop up. -T
Why don't you just deport all of the Muslim immigrants back to their homelands instead of taking away more freedom in the name of tolerance?
Because that is what this is all about?
Sorry buddy, Abdul just cannot bring himself to become a good German. He insists on acting like he's still back in the Middle East and resents that the kafir has a higher standard of living than he does, so you understand that in the name of Tolerance and Inclusion, we must impose highly onerous surveillance policies on you. I mean you're not a bigot right? You wouldn't want us to just say "wouldn't the path of least resistance and harm to German society and culture be to send Abdul back" now would you?
conservatives ruin everything.
Intel Management Engine (ME), also known as the Manageability Engine. Intel have been putting a back door on their chips for the last 10 years at least. So what are law enforement worrying about?
After all, Munich is switching back to Windows.
Because it was so hard to find all the Jews without backdoor always on devices. This will make it easier to get the bad guys. This is great news if you easily forget the fact that who the bad guy is can change in less than 10 years.
We live in a global economy today. Does this mean all digital devices imported into the country need to have these same backdoors? Probably so. Are manufacturers lazy, and want to build one-size-fits-all devices? You damn right they are. Meaning if this passes, device models sold to Germany will ALSO have these same backdoors sold elsewhere in the world.
Yep, same old classic delimma argued on the cypherpunks list when the Clipper chip was being pushed on us. Now Germany is going to try to learn this lesson:
1: Backdoors get compromised. Does Germany want its secrets guzzled out by countries who don't like them with no way for people to protect themselves? They definitely will care the next time someone knows where a VIP is attacked, with the attackers mysteriously knowing every detail of where the VIP was.
2: Backdoors don't always work. The bad guys hear about something and do something different.
All what will happen is that German citizens will use other country products.
I doubt it. They don't even have a government yet.
Nobody knows what and if a coalition will be formed.
There might be new elections.
This is nothing else but bullshit.
It's the German thing to say. And it ain't about rolling no joint, which they don't have in Germany anyway.
These are not people who value freedom and democracy.
The recent surge of terrorist attacks and other crimes... could have something to do with the millions of unvetted and literally unwashed cavemen they've brought in.
Just a thought.
Isn't Europe soooo much better than the US!
It smells like Bubba's Clipper chip.
You know, I know and even they know it will be compromised, not if but when.
Who does one sue when the damn thing is used by other than appropriate authorities?
"What will you do, where will you hide, when the man ib black is on the inside" - Drs. 4 Bob
How would you like that extra door for your BMW or Mercedes?
And what if I install a so-called "after market firmware" that hinders that backdoor?
And what if I install a home-made (read "linux based") device instead of a "commercial" one?
Will I be considered "out of law"?
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Let’s assume the iPhone is the target of this law because, frankly, it probably is. And let’s assume Timmy & Co. cave in because they like money.
Any good criminal network will have at least a few people bright enough to write code. Those people can implement existing strong encryption algorithms themselves. They can also teach people how to get their own free developer key and to install their own secure apps onto their own phones using Xcode. Sure, they’ll have to reinstall once a week... many jailbreakers already do this, it’s not super difficult.
The end result is criminal networks having more secure communications, while the rest of us are told to bend over a bit further.
#DeleteChrome
Have not these Nazi's been down this path before? Did they learn nothing from the Nuremburg trials?
What a bunch of maroons.
The flipside, is that they don't need to access the criminals communications, they can simply prosecute them for having communications they can't access. Because THAT will be illegal now.
Will be childs play for Russian and Chinese hackers.
So Germany is mandating insecure networks.
Corporatism != Free Market
This from a country that in recent history, twice!, persecuted minorities. Can you imagine what would have happened if Hitler had access to the government spyware infrastructure we have today ?! And all over the world nationalism is on the rise again, how could anyone think this is a good idea ..
We spy on you because of them.
--
If it were easy, it wouldn't be called life.
Stazi wont come back you say
Mellow out or you will pay!
This German Reunification thing has been good for no one.
They are being up front about what has already been done clandestinely.
Expect many legal overtures like this in the future.
The establishment will bargain for your consent for the violations they have already perpetrated.
I pray that they will be stopped before they have absolute power.
We will all have to sacrifice profoundly in order to restore liberty to western civilization. Stand up now or be enslaved for eternity.
My karma was manually wiped by site staff https://slashdot.org/~slshdtisctrldbysjws 18 mod up, 10 mod down = bad karma
I was thinking they were going to lay down laws to ensure security in devices... not blast them full of holes to help out hackers... So - who wants to place bets on how long it will take for the first politician to get hacked by their own backdoor?
But when the NSA does it its to preserve Freedumbs(tm)!
If only Erich Mielke could still be with us to see his dream come true...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
All Germany needs to do is evoke the Joseph Goebbels argument: If you have nothing to hide, you have nothing to fear.
Freaky Germans! Always asking about backdoor stuff.
Everyone gets hacked!
I will never comply.
because my job. This one's free. First of all, I might eventually be affected by that bullshit if it spreads and second, it's always a pleasure belittling you and showing you just how big an idiot you really are.
First and foremost, there is no such thing as a "government only" backdoor. A backdoor is or is not. A backdoor that MUST be in EVERY device, independent of maker and the kind of device is by definition a high profile target for every hacker on this planet. Everyone wants to have that. That includes every state actor. I.e. other nations WILL want to have that backdoor. Now, of course you might share it with friends. It's unlikely that you want to share it with states like, say, North Korea or that Daesh idiots (that's ISIS for you, in case you didn't keep up with the news). Yes, Thomas, you're about to give terrorists a tool to invade German devices.
Way to go, aren't you supposedly at least kinda-sorta responsible for the internal security of the state?
How they get it you ask? Are you kidding? We're talking about the universal key to EVERY computer in your country. Every private, every corporate, every government system. You think a state actor (especially a rogue state actor) would shy away from kidnapping someone's family if he as much as MIGHT have access to the relevant keys? Here's your wife, Thomas, here is your kids. Hand over the keys and don't talk about it or, well, I spare you the details.
And even worse, you won't get what you want to get, Thomas. Because you don't think that anyone outside of Germany would as much as touch a device with a "German backdoor" installed, do you? Twice so if a state actor. No. Outside of Germany, you'll get secure devices (well, more or less... but at least not deliberately insecured ones). It is trivial, not only to me because that's what I do for a living, but to everyone with at least a minimum knowledge of IT to diff a "good" and one of your "bad" devices to see what's different between them. And what's different between them is your backdoor. It is now also trivial to patch such a security hole in a way that you'll be locked out again. And you can rest assured that every terrorist on the planet will make sure to plug that and lock you out.
Thomas. Again. Usually, I sell good advice. This one is actually free. Stop that idiocy before it costs you your job. I kinda like your party. Even though you're a grade A moron.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
As a nerd, I make my own devices. I guess I could make my own sbc too, but that is the majority of the work.
I'll just notify all my spies and assassins with One Time Pad messages created on my lap top and then copied onto my phone.
I need to get control of my refrigerator
They have to install the equipment in their facilities to use on production environments. Those authorities should be subject to the same
It sounds like what Germany is really doing is preparing for a world where their citizens no longer have access to the latest and greats tech product from the United States, Japan, and S. Korea. Though I am sure Chinese will be more than happy to provide.
So we're gonna have to cope with general insecurity in the name of security.
Criminals tend to hide their communications. Do you know about Steganography? It would just ruin security for normal people while leaving the door open for criminals.
Would you like Law Enforcement to access this device? Yes/No
Its out of our hands!....
WHILE THE MOON IS AN ARTIFICIAL ALIEN BASE THAT SPIES ON US. Face it, theres no terrain or chemical composition in common with earth, there aint no goddamn trees there, it has a perfect size and distance to make a total solar eclipse, its massively 1/4 the size of earth, we pretend to scientifically believe that it spins on its axis, and military remote viewers have seen the soul energy of the freshly dead go into a 7-mile tall crystal with a cube on top
Legislating math.....
Try repealing the law of gravity next....
5 out of 6 people enjoy Russian Roulette & 6 out of 7 Dwarfs are not Happy
Re "the end result is criminal networks having more secure communications"
Criminal networks just talk at the trusted family, tribe and community level.
The place of worship and at community events becomes their cover for meeting and talking. Police can't enter such events undercover as they have no reason to be part of that faith, community or tribe.
The criminal networks know all the tech is fully open to German police and the security services and use it for decades of misinformation.
Long term criminal network are doing their very best to get ready for generations and decades of productive counter surveillance on the German police and security services.
Criminal network have a plan to win as all Germany has is a plan to hire more police, mil, investigators for the wider "community".
Criminal networks are flooding the German security service and police with their own "clean" trusted people looking for "work".
People who have passed German exams and have the grades to enter the German police, gov and "help" with investigations.
Lots of second and third generation criminals who can get past any gov, police interview.
Over decades people 100% loyal to criminal groups will rise up the ranks of the German mil, police, gov and security services reporting every policy, new investigation, undercover attempt and mission back to their criminal networks.
Just like the Stasi attempted to get staff into West German gov, companies to rise up the ranks in West Germany over decades.
The difference been West Germany, the CIA had actually detected most attempts by the Stasi to place its spies in West Germany.
Such internal security has now been replaced by political correctness.
Germany has now totally lost control of its ability to look into the backgrounds of people wanting to join the German police, gov, mil and security services.
Its a virtue signaling free for all to get into the German police, mil and gov. No ability to find out a persons links back to a generational criminal networks.
Criminal networks in Germany are 100% safe from been investigated in their closed communities deep in Germany.
Criminal networks are also using very advanced long term methods to get their people into the German police to see what intelligence is been collected in real time.
Not much the German police can do to secure its own ranks. Any attempt to remove criminals within the ranks of the police, mil, gov is blocked by a political policy to hire anyone without looking into their criminal background.
The suggestion from the GCHQ, NSA is for the very few Germans who can still be trusted to try and use advanced electronic collection to keep investigations from all German investigators with links to criminals. To try and use top clearances that the USA has to approve to try and protect the most advance collection methods.
The translators in the German gov or who are contracted cant be trusted. So all that collection the NSA still thinks is been kept at the most secure levels in Germany is been seen by a new generation of translators.
German staff working for NATO, police who help with international criminal police investigations share the security product with new German staff connected to criminal groups.
Domestic spying is now "Benign Information Gathering"
Setting aside organized crime for a moment, every other national intelligence service will thank you for this back door, whether you meant for them to access those devices or not. At very least, you've made it much easier for them to target their collection efforts since all they have to do is compromise a single German agency versus each and every individual device. So pick the boogeyman of choice, the Russians, the Chinese, the Americans, the French, and think of their intelligence agencies crawling through every "secure" network and device inside Germany.
Laying the foundation for the 4th Reich, a total police state, digitally enhanced?
I take a pass, besides, I hardly know a word of German.
A source claims Thomas de Maizière would like to have backdoors in popular apps. That doesn't mean he'll get them or, as a matter of fact, that the Bundestag will pass a law to make those mandatory. Since the Third Reich Germany has been, shall I say, a tad sensitive on the invulnerability of privacy in mail and telecommunications. I doubt he'd get it through the Bundestag let alone past supreme court.
It's just a German gouvernment official probing the waters machiavelli style. Just like in the US. No news here. Move along.
We suffer more in our imagination than in reality. - Seneca
The STASI and the Gestapo were BAD, m'kay?
Germany already had to overthrow two totalitarian regimes in the 20th century. They sure as hell don't need another one.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
When a person takes on the job of Interior Minister, they undergo a mandatory lobotomy. There is no other explanation for the streak of braindead people in that position. Listen up Thomas, you moron. German computer technology isn't particularly sought after as it is, but if it has one thing going for it, it's that it is not American or Russian or Chinese. Now you have given everybody a very good reason to shun German tech completely. The damage is done, even if that stupid law never comes to be. YOU FUCKING MORON.
Oh, of course these people may be breaking the law, but that's not going to help the people that will get harmed in the interim.
I expect they will realize their folly within about 6 months to a year,
File under 'M' for 'Manic ranting'
Sounds like a law custom made to kill the German consumer electronics industry, as everyone buys products from other countries that don't have built in insecurity.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Germany does this, it will destroy their economy. No one will want German backdoored garbage. I wouldn't. This would be a huge mistake.
..instead of ricking everyones privacy and security with back doors and government big brother...
The existence of a backdoor means a device cannot be secure. All of your data should be encrypted using a key that you "own". If anyone can access your data without your password/biometric key then you shouldn't store anything private. A backdoor that can be used by law enforcement is a backdoor that can be used by hackers. The moral of the story is don't buy anything made in Germany if this laws passes.
What, you mad bro cause you can't get bumpstock? The second amendment is hardly ignored, give it up.
If you were a German criminal you'd hop over the border and buy a safe device, and go home. This kind of thing will keep the honest people under surveillance and that's all.
For cars, the backdoor already exists. Plug in a suitable dongle to the OBD port. Manufacturer would just need to document for law enforcement its proprietary APIs that go beyond the mandated ones.
For IoT, in general, they're backdoored from the factor. Hard-coded admin passwords, etc. As somebody noted in a thread I saw recently, security is the "S" in IoT. If somebody in law enforcement truly needs to get into your refrigerator or media box, I don't think they'll have much trouble.
Phones and computers, now, *should not* have a backdoor built into the device. That's just too dangerous - they get lost, there are privacy issues, etc. Perhaps some kind of key escrow is possible, such as the MS backup in their cloud of your settings. I'm sure Apple and the Android OEMs/Google could do the same thing if required. Yes, it can be avoided by working only with local accounts, in which case the cops are in the same position as they always were - must somehow ban encryption entirely (to the everlasting joy of the hackers and info thieves) to get around that.
This just looks too Stasi-like for me. If it goes through how long do you think it'll be before the same things gets mandated in the US and UK?
Imagine the chaos if the master database of backdoors were leaked (i.e. Snowden type disclosure)?
Just about everybody in the Free World is either keeping their mouth shut about how much they're willing to give up to be safe, or else beating their chest and proclaiming what manly men they are because "anything to fight terrorism".
We need to start calling out both varieties of coward, ridiculing them, shaming them and generally treating them like the threats to democracy they are.
We need to stand up and say we're willing to accept casualties to stay free. That means the government needs to be told to fuck off out of our private lives, and if that means terrorists manage to kill some of us, it's a price we'll pay. We need to let people like this know we will unelect them and their party so fast their cynical, crypto-fascist heads will spin.
In short, we need to grow up and stop pretending we can have both freedom and perfect security. We have to choose. And as far as I'm concerned, if you choose security, you should move to China and quit wrecking things for decent people.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Just wondering how they will insist on a backdoor in any open source project that uses encryption. Especially if it is hosted in another country. I can see a great opportunity for open source alternative firmware downloads.
When (and it will be a when not if) hackers figure out this back door. I can see a huge security nightmare ahead for German citizens.
I think it's time to start preparing a class action lawsuit against the German government.
do you think Thomas de Mazière understands English? He is barely able to articulate himself in his mother tongue!
On another topic, it's sad that this guy is the son of someone who fought the East German government, with its stasi :-(
It couldn't possibly have anything to do with Merkel forcing the German people to allow one and a half million RANDOM YOUNG MEN to live in their country, most of them muslim, by any chance?
That can't end well.
L'Idiot
I wonder what the USA have promised to do in exchange for providing them with a free backdoor for their espionage agencies in every device. I am aware Mr de Maiziere isn't exactly known for his pro-privacy stance, but this is an exceptionally idiotic proposal even for him.
Heâ(TM)s a member of the Mont Perelin Society and their >500 think tanks, whose "values" are
1. fascism (replacing power to the people by power to the corporations, whose behavior, mind you, is that of psychopaths) [newspeak: "privatization"],
2. freeloading on state services and infrastructure that we pay [newspeak: "tax breaks"], and
3. creating an anti-social psychopathic dog-eat-dog society, where we let our fellow citizens starve, rot in "privatized" old people's homes, and die in the dirt in front of the hospital, because basic human decency would be "socialism". [newspeak: "social state degradation"].
And so are you.
You call the Nazis fascist when they were literally national *socialists*.
You call neocon actual-fascism, aka your country's chief export, and the Mont PÃrelin Society's agenda since '47, of which ALL German political leaders currently are members btw., "communism".
And you call neoliberals " neocons", while calling anyone who is not a ultra/right wing etremist literally-willing-to-murder-babies-for-profit supporter a "liberal".
Do you even realize that your reality is as distorted as that of North Koreans?
That is not even a fucking understatement! Ask *anyone* outside the Anglophone/Hypercapitalist world, who follows these things. Every African, South American, East-Asian, Russian, Indian, Oceanian, and even most Europeans, including Brits, Canadians, and Australians know this.
So, let's focus again on making old-school devices that don't store all kind of random stuff and just ditch most of that so called smart crap we see nowadays...
Did you ask how many brain cells he has, because you have none left, and ... "spare some brain cells"? Or just because you are so dumb that you cannot even tell how dumb you are?
Multiple fundamental laws directly forbid it. Laws that were created as a direct result of the industrialization of murder by the Nazis.
But the fascist Mont Perelin Society, of which ALL political leaders of Germany are members, does not give a fuck.
Hell, they also supported TTIP, which, by German law, makes them literal traitors. A crime that gets you the maximum sentence: 20 years in prison.
But of couurse, they made themselves a law that makes politicians exempt from prosecution.
But make no mistake, they *will* face prison at the first instance where the power ever slips from their hands.
Germany's active society (as opposed to the passive-thinking livestock) does not take that shit lightly.
And that does not mean the Nazi things cannot ever be related to good things. Even he nastiest monsters have some good im them!
E.g. they built the Autobahn!
I can both disapprove of the Nazis and approve of the Autobahn! Why can't you Americans do such mental feat??
Hell if a serial child rapist Dick Cheney clone would sind the most beatiful thing, I would support the fuck out of that, precisely *because* he's evil! Because that is his fucking way out, can't you see?? Stop forcing evil people to stay evil, for FUCK's sake!!
The level of your bullshit is truly amazing. Lying to the Americans...
@Americans: The "Verfassingsschutz" is something between the DHS, the Gestapo and some ministry from "1984".
They actively go against our constitution and are one of the main forces in pushing evil shit like this total surveillance!
Totalitarian control is literally their job description!
To say they protect the constitution is like saying the GDR was a democracy, or like saying the Nazis were social humanists.
All hails to our Dear Leaderess Frau Merkel! Sieg Heil! (Now I can go puke.)
Yeah, you were initially wrong with the assumption of single master key design.
The whole shit flies out the window the second the device gets rooted.
Not really/necessarily. It can be viewed as the capability to read any device like an open book, which is a different thing from controlling what software every device runs.
And you can rest assured that this is the first thing anyone with nefarious intent will do. Make it illegal? Fuck, do people planning to blow themselves to kingdom come give half a shit about a law concerning their phone?
There is a pretty vast spectrum of scenarios. You seem hyperfocused on one. But even in this one, it can be seen as the authorities wanting to be sure they can read the terrorists phone *after they've blown themselves up*. But yeah, layered encryption, whuddyagonnado?
You seem to think that the German government can ban iPhones with impunity, and that the German public will meekly go along with it. Another possibility is that Apple stands firmly behind privacy, and the German authorities can either give in or ban the iPhone, which will (a) prove highly unpopular, and (b) ensure that Apple Stores in Denmark, the Netherlands, Belgium, Luxembourg, France, Switzerland, Austria, the Czech Republic, and Poland get a lot more business. (Did I miss any bordering countries?) It's not like Apple is going to be losing all those German sales.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Seems german has the idea from IntelME for this reason.
Criminals tend to be pretty average people. If anything, they tend to be below average. Most criminals wouldn't be able to tell you what steganography even is.
don't panic !
Every now and then politician make suggestions. In this case it was the (acting) interior minister.
For it to become law it has to go thru parliament and it it would, the courts will be called.
There is already enough resistance to this from other political parties.
That is the great thing about democracy and independant jurisdiction: anyone can thow up ideas for debate and debate is good. In the end majority and courts decide
I imagine that more and more manufacturers will simply not ship networking and other related products to Germany, finding the cost of manufacturing special networking products with these back doors too high to be worth the trouble or the cost of lost business and other commercial backlash from outraged clients. The companies might also not like the increased costs and higher selling prices associated with low volume specialty items and simply comply to the law by not selling any items that fall into this category of hardware in Germany at all. What will Germany do if no networking companies change their hardware, because the cost of working with a Government who openly spies on it's people is too high in so many areas, including integrity? Time for a digital line in the sand, so to speak...
-------- Docrobot