A backdoor requirement like Australia has it would be the service vendor having to write their apps in a way that the apps can decrypt content on remote command. That goes much farther than expensively and riskily hacking the devices of suspects.
Link to the passed draft (German): https://www.bmi.bund.de/SharedDocs/downloads/DE/gesetzestext...
Another example is a police internal system to request information about citizens. That has been abused many times to spy on neighbors and even celebrities. Kind of a current topic in Germany.
(1) articles on HN need to be in English. We have deep respect for the German language and for other languages, but HN is an English-language site;
(2) we've gotten complaints about this title being misleading and/or completely wrong.
I've edited the title now in an attempt to be more accurate. (Submitted title was "Germany's Bundeskabinett approves draft law allowing WhatsApp/Messenger backdoor".) If there's a more accurate and neutral title we can change it again.
I thought it was quite important to report on it despite the absence of English media coverage.
I apologize for the title being wrong in this case but some other German media press articles have used the word backdoor instead of Trojan. I should have used the word Trojan instead of Backdoor in relation to this particular article and apologize for the mistake. But I'm not really sure which is worse to be honest... and I also suppose they don't want the suspects aware of the Trojan being on their phone. Which leaves many wondering if they don't mean that they want the Trojans at tech companies instead (which then would become backdoors).
So much for the EU's vaunted privacy rights...
Do people really have such an impression?
In 2006 the EU passed a directive that obligated all ISPs to effectively save your browsing history.[0] They had to keep this for a minimum of 6 months. It took until 2014 for the directive to be found to be invalid. It worked until then though.
And that's on the EU level. My expectations are even lower when it comes to individual member states, particularly Germany.
edit: I would appreciate an explanation how my comment about an article talking about trojan horses on the victims' computer with a title about backdoors is wrong instead of mindless downvotes.
translated: "Intelligence agencies ought to have the same capacities in the digital sphere that they have in the analog world."
Going to be an unpopular opinion here but i agree with this. I don't think there is any precedent for impenetrable private communication legally or culturally. Capacity to say, tap a phone or surveil communication has existed, of course with a warrant and strict legal checks.
People who want to argue against this need to make a case why legal or cultural standards should adopt to a technology, rather than arguing from technological capacity backwards.
Furthermore, I don’t think they could really require my hypothetical fortress builder to intentionally build in weaknesses into each fortress they built so that they could get in “just in case”.
What about discussions between conspirators in the privacy of their own home? Should the government be allowed to mandate that telescreens be installed in everyone's homes, with the promise that they would only listen in when they have a secret warrant to do so?
Two people can communicate fairly trivially in person with a reasonable level of certainty that their conversation remains privy to only them and the most a 3rd actor might glean is that the conversation took place; not it's contents.
What you might be confusing is that historically there are inherent weaknesses in using a physical or radio or electronic medium to transfer information from one mind to another and that those have always been exploitable. That exploitation usually comes by "force", for some definition of force depending of the value systems held by the parties involved.
Backdoored encryption isn't real encryption. It's theater.
The statistics of a rubber-stamp court are identical to a court, where the requirements for an approved request are so clear that no one ever submits requests that are likely to be denied.
To prove what you are claiming, you have to actually show that a large number of accepted requests were "unethical".
(Disclosure: I'm occasionally involved in public relations for a local chapter of the CCC, a German NGO that deals among other things with surveillance policy.)
The best return on investment in surveillance is always, always, always extortion. The spooks like to extort by threatening to reveal crimes, or prosecute them. Ever heard of plea bargaining? Most often the promise of "reduced" charges is exchanged for participating in surveillance, yielding more victims and more pigeons. Spies like to get other kinds of cooperation, for other kinds of threats--including revealing that you already caved once. Some people have enemies who would act on revelations. Most people have relatives who wouldn't want them harmed. Judges have relatives. Ever wondered at Judges blatantly violating settled law? It is not always just because they felt like it. Since surveillance always involves official secrecy, it is easily and widely abused, and abuse is never, ever prosecuted.
Do you wonder why politicians stay exactly in line, these days? Think they just don't have any ambition, no independence, no cojones?
We already have a surveillance system in place that the STASI could only have ever dreamed of.
Something you'll find prevalent with some dissidents today. Many of them return "willingly" when presented with the alternatives.
The law effectively mandates that for every lock there should be a master key owned by police. Even in physical world it works poorly (see the joke under the name of Travel Sentry Approved locks) and in digital world it will be even worse, due to the near zero cost of using such backdoor.
Laws against E2E encryption effectively mean that it is illegal to use a communications technology that is hard for the government to interfere with, even if you are not using it to break any (other) law, which seems like a change from the status quo.
[1] https://arstechnica.com/tech-policy/2019/11/man-charged-with...
> After waiting another 10 days to see if it would start working again, detectives applied for a warrant to search Heuring's home and a nearby property belonging to Heuring's parents. ... Police did find the tracking device.
It sounds like the suspect moved the bug from his car into a house. If you were to move a bug from your living room to your attic (and place a sign at the location of the original bug saying "The bug is now in the attic, feel free to collect it when you find this note") then it might be harder for the police to claim you had stolen it.
It’s one thing to have the ability to wiretap selectively and with some cost which makes it prohibitive to do on a massive scale; it’s another thing to require vendors and service providers to deliberately sabotage their customers’ products for them.
I mean there’s just potential for rampant abuse here. What of the right of political dissidents or other persecuted minorities to communicate safely? What of the possibility that this could be used to target a politician’s political adversaries (the way we see frequent mention of today)? There’s a whole history of abuse here, in the US and across the world, and there’s no need to facilitate the potential for such abuse on a scale we’ve never seen before.