Going Dark

Germany’s Crypto Past and Hacking Future

By Sven Herpig, Stefan Heumann
Thursday, April 13, 2017, 10:08 AM

Germany’s latest national cyber security strategy emphasizes “security through encryption” and “security despite encryption” as the main pillars of the government’s crypto policy. If you see a controdiction here, you are not alone. Germany, like many other governments around the globe, is trying to come to grips with the problem of how to secure information systems and communications (data at rest and data in transit) with the best encryption technology while, at the same time, finding ways to provide law enforcement, security and intelligence agencies with access to IT systems and communications to prosecute crime and protect the country against security threats such as terrorism. Thus, the basic contours of the debate in Germany are similar to the US. While civil liberties groups and industry warn against any measures that would weaken encryption, law enforcement, security and intelligence agencies are concerned about “going dark.” But there are also important differences that shape Germany’s approach to crypto policy.

Article 10 of the German Constitution protects the privacy of personal communications. In addition, the German Constitutional Court has developed the doctrine of the government’s responsibility to guarantee the “integrity of information technology systems” in a landmark ruling in 2008. German law also recognizes the government’s responsibility to protect citizens and prosecute crime. But it only allows government access to citizens’ data and communications in very narrow circumstances based on court issued warrants. Strong historical, cultural and legal emphases on the protection of privacy have shaped German debates about crypto policies. In the past—and especially in comparison to the US—German law enforcement and security agencies have been comparatively restrained regarding public demands for regulation of encryption technologies. German security agencies, however, cannot escape the fact that the improvement and widespread use of encryption technologies has undermined their ability to make legally intercepted communications readable.

Those who see encryption as a threat to security face an uphill battle in Germany. Any regulation of encryption technology would constitute a clear break with established doctrine. The starting point in Germany was not the development of policy but the creation of a new agency. Breaking the cryptography unit apart from the the Federal Foreign Intelligence Agency (BND) and turning it into a new civilian agency under the auspices of the Ministry of Interior, the establishment of the Federal Office for Information Security (BSI) in 1991 marked the beginning of the German government’s firm commitment to strong encryption. To this day the BSI sees the promotion of secure encryption (understood as correctly implemented strong cryptography algorithms used on a non-compromised device) as its core mission.

Eight years later, in 1999, Germany strengthened the BSI’s approach with formal policy. The government enacted a basic outline for German crypto policy (Eckpunkte der deutschen Kryptopolitik). According to senior officials in the BSI and the Ministry of Interior this outline still guides German crypto policy. These are the five core elements of the policy:

  1. There will be no ban or limitation on crypto products
  2. Crypto products shall be tested for their security in order to increase the user’s trust in those products
  3. The development of crypto products by German manufacturers is essential for the country’s security and their ability to compete internationally shall therefore be strengthened
  4. Law enforcement and security agencies shall not be weakened by the widespread use of encryption. The development of additional technical competencies for those agencies shall be fostered
  5. International cooperation on crypto issues such as open standards and interoperability is vital and shall be fostered bi- and multilaterally.

Many German laws and regulations require encryption, most recently the e-health law of 2015. And the government has funded and promoted a number of projects on the development and implementation of encryption such as  the national identity card ('nPA') in 2010, the e-government mail ('De-Mail') in 2011 and the 'Smart Meter Gateway' in 2015.

Despite the public commitments to strong encryption, there has also been some ambiguity in the German position. Initially, the e-government mail “De-Mail” was implemented without true end-to-end encryption. According to its original design, e-mails would be decrypted on a (secure) server, scanned for malicious software or exploits and then encrypted again and securely forwarded to the original recipient (if it was non-malicious). Many civil liberties organizations heavily criticized this approach as a potential backdoor for government access to e-mails sent through this system. Critics argue that the lack of public confidence in the security of the system undermined its adoption (it never attracted a critical mass of users). The implementation of true end-to-end encryption in 2015 came too late to save the system’s fate of fading into irrelevance.

In 2013 the Snowden revelations strengthened the position of those who were worried about the government’s commitment to strong encryption. The revelations about global NSA surveillance programs and their potential impact on Germany spurred a debate about the government’s responsibility and role to protect data and information infrastructures of German citizens and companies. The necessity to promote and implement strong encryption played a prominent role in this debate. When the government government published its first digital strategy called “Digitale Agenda” in September 2014, it set out the ambitious goal of making Germany the global leader on the adoption of encryption. At the occasion of the national IT summit in 2015, representatives from the IT industry and government officials signed the end-to-end encryption charta, another pledge for strong encryption.

As the integration of secure encryption into commonly used communications technologies has become more widespread, law enforcement has not been sitting idle in the face of growing challenges to access communications. Starting in 2006, the German government began serious work on bullet point four of the crypto policy: fostering technical capabilities for law enforcement and security agencies without weakening encryption. For the responsible agencies this meant to work on lawful hacking, more precisely the development and procurement of a new software tool. This tool would allow government officials to access a target person’s IT-systems in order to copy and transfer due to encryption otherwise inaccessible data to the agencies. The tool became known as the Federal Trojan Horse ('Bundestrojaner'). After its completion, the legality of the tool was challenged in court. The Constitutional Court ruling of 2008 prescribed a very narrow framework for legal hacking, sending the law enforcement agencies back to the drawing board. Five years later, in 2014, the Ministry of Interior announced the finalization of the tool within the technical framework that the court demanded. According to the Ministry of Interior this new hacking tool has not been deployed until now.

In 2015 the Federal Office of Criminal Investigation (BKA) used a vulnerability in the instant messenger Telegram to monitor the communications of an alleged right wing group in Germany. There are concerns expressed by legal experts that the material collected during this operations has been illegally obtained and should therefore not be allowed as evidence. One might feel reminded of United States vs Jay Michaud - one of the cases derived from the FBI operation Pacifier against the child porn portal Playpen. In this case the Department of Justice dropped the case because the court required it to hand over information about how its hacking tool worked. The DOJ did not want to disclose this information because of the concern that it might thwart other (future) operations, if the vulnerabilities used in the hacking tool became public and would be fixed by the developer. But without knowledge of the source code it is hardly possible to determine if the evidence was obtained lawfully and the chain of custody complied with. The latter raises questions about the security of evidence data in transit (encryption) and maintenance of its integrity (digital signing). Operation Pacifier also led to a discussion about the extent and scope of Rule 41. This Rule was cited as legal basis for permitting a judge to authorize a warrant for the FBI to hack computer systems without prior knowledge of their locations. The BKA will face similar challenges in Germany regarding the use of its own hacking tools. 

The pressure on law enforcement agencies to develop hacking capabilities continues to grow. Recent terror attacks in Germany and the recruitment of terrorists over the internet by ISIS have spurred a debate about the need for access to suspects’ data and communications. In the case of the use of secure end-to-end encryption, law enforcement and security officials can often only read communications, if they hack into devices and get hold off the information in an unencrypted state. But even in cases where service providers could make decrypted messages available, legal hacking is often a convenient alternative. Foreign cloud service providers dominate the German market. If data is stored abroad—which is often the case—law enforcement usually have to go through lengthy and burdensome Mutual Legal Assistance processes with uncertain prospects to get data from providers. Thus law enforcement and security agencies have developed a strong interest in legal hacking capabilities during the past years.

Despite frequent media reports that Germany might be willing to change its approach and consider regulating encryption and introducing government backdoors or key escrow schemes, Germany’s commitment to its crypto policy from 1999 has remained firmly in place. The assumption that these reports have interpreted too much into some ambiguous statements on encryption that were made in the context of French-German government consultations on security issues is underscored by the German government’s doubling down on the lawful hacking approach. This brings us back to the statements in Germany’s 2016 national cyber security strategy that the government seeks to promote “security through encryption” and “security despite encryption.” For the German government this apparent contradiction can be resolved through lawful hacking. It would allow the main pillar of German crypto policy—the support and promotion of strong encryption technologies—to remain in place. At the same time lawful hacking provides possibilities to  gain access even if encryption is employed.

In order to implement this approach the Ministry of Interior is currently creating a new agency. The Central Authority for Information Technology in the Security Sphere (ZITiS) is supposed to service security and (domestic) intelligence agencies with tools and capabilities for lawful hacking, interception and analysis of communication and data at rest. It is solely tasked to provide development, procurement, capacity building and assistance but it will not engage in operational activities for which it lacks the necessary legal mandate.

Few details about the structure, capabilities, and strategic approach of ZITiS are known at this point. According to the allotted budget, ZITiS is supposed to eventually employ 400 specialists by 2020. It will be based in Munich in close proximity to the German army’s new cyber defense research cluster CODE. Two vital questions for ZITiS have so far been left unanswered: 1. Is 'lawful' hacking such as the Telegram hack even legal in Germany? 2. How do security and law enforcement agencies manage vulnerabilities?

The German crypto policy has not changed since the 1990’s. This is indeed good news as the German approach stands for secure encryption supported by the government. Adhering to the 1999 crypto principles also means that law enforcement and security agencies need to look to other approaches than the regulation of encryption to avoid “going dark”. The German government has concluded that lawful hacking provides a much needed solution to this puzzle. But this approach also entails great risks because it rests on the exploitation of known (n-day) and unknown (0-day) vulnerabilities in hard- and software. The establishment of ZITiS is an obvious move into that direction.

It is too early at this point to make any judgments how sensible and effective this approach really is. What we do know is that the German government has to tackle some really difficult issues. A responsible and transparent (to the maximum degree possible) management of known and unknown vulnerabilities will constitute the core challenge. Vault7, the CIA hacking tools trove published by Wikileaks, has shown us once again why it is so important to have well-functioning and transparent processes to manage vulnerabilities. Germany can not only learn from the Vulnerability Equities Process (VEP) in the United States but also from the many thoughtful VEP reform suggestions. And we have encountered great interest from US experts to learn more about the approach that Germany is taking. Therefore, we have identified VEP as a central issue to be discussed within the just launched Transatlantic Cyber Forum (TCF). This transatlantic initiative, jointly funded by the US based William and Flora Hewlett Foundation and the Germany based Robert Bosch Stiftung, brings together US and German experts to discuss pressing cyber security issues. We hope to share what we learn along the way in future posts on Lawfare.