Crypto Wars: The Show That Never Ends

The German Interior Ministry is spearheading an effort to create a new law that would require tech companies to provide backdoors for a range of devices. It's the latest salvo in the war over encryption.

As the classic Emerson, Lake and Palmer song goes: "Welcome back, my friends, to the show that never ends." Only this time, it's the Crypto Wars that are being refought.

The German government is preparing a law that would make all electronic device manufacturers include a backdoor that could be used by law enforcement authorities, according to local media reports. Such a backdoor in a connected auto might disable the warning it sends to its owner when physically disturbed -- say in a police investigation.

The German Interior Ministry is spearheading the effort, and is looking far beyond stopping car notifications to suspect owners. The ministry want companies to tell the government about any future plans that they have for encryption and other protocols in products, so that the police can analyze them.

Investigators also want the power to hack back at attackers, so that they can shut down some remote computer in a crisis.

Some of those who have seen the draft bill also point to provisions in it that would allow the state to intercept any Internet traffic. That kind of power would allow a full-blown surveillance state with snooping everywhere. Of course, the ministry says such power would only be used under court order.

This kind of effort is not unexpected to those that have seen similar efforts arise lately in France and the UK for such backdoors.

Indeed, closer to home, the US Justice Department has revisited the issue lately when Deputy Attorney General Rod Rosenstein told an audience in London this October: "There is no constitutional right to sell warrant-proof encryption."

The push back against working encryption is on the rise, without a doubt.

Once the province only of the government, it seemed that the first crypto wars of the 1980s and 90s had established that crypto use was not only legal, but that it was enabling the establishment of a digital economy. It seems obvious that people would not give financial information to a website to pay for shopping if they did not feel that it was being protected in a secure manner.

These new efforts that hold up the straw men of terrorists and criminals to the public miss some major points here. Backdoors or decrypting will not stop someone that wishes to blow things up. They will just change methods to ones that are harder to expose, like trusted couriers and face-to-face meetings.

And if there was some master key to encryption methods, how long would it take before it was stolen by threat actors? Such a key would make it easy for miscreants to obtain anything they wanted without any trace left behind, making the situation even worse.

The balance between too little and too much privacy in social settings has been discussed for years on end. It will continue to be discussed, no doubt. But a simplistic approach such as the removal of encryption from devices can only have unintended consequences that will end up crippling the only growth area left in the world.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.