Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.
According to Der Spiegel this month, the Euro nation’s Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people’s private enciphered chats to authorities that obtain a court order.
This would expand German law, which right now only allows communications to be gathered from a suspect’s device itself, to also include the companies providing encrypted chat services and software. True and strong end-to-end encrypted conversations can only be decrypted by those participating in the discussion, so the proposed rules would require app makers to deliberately knacker or backdoor their code in order to comply. Those changes would be needed to allow them to collect messages passing through their systems and decrypt them on demand.
Up until now, German police have opted not to bother with trying to decrypt the contents of messages in transit, opting instead to simply seize and break into the device itself, where the messages are typically stored in plain text.
The new rules are set to be discussed by the members of the interior ministry in an upcoming June conference, and are likely to face stiff opposition not only on privacy grounds, but also in regards to the technical feasibility of the requirements.
Spokespeople for Facebook-owned WhatsApp, and Threema, makers of encrypted messaging software, were not available to comment.
The rules are the latest in an ongoing global feud between the developers of secure messaging apps and the governments. The apps, designed in part to let citizens, journalists, and activists communicate secured from the prying eyes of oppressive government regimes.
The governments, meanwhile, say that the apps also provide a safe haven for criminals and terror groups that want to plan attacks and illegal activities, making it harder for intelligence and police agencies to perform vital monitoring tasks.
The app developers note that even if governments do try to implement mandatory decryption (aka backdoor) capabilities, actually getting those tools to work properly, without opening up a massive new security hole in the platforms that miscreants and criminals could exploit, would be next to impossible.
Whatever happened to mail confidentiality then?