Backdoors in technology are a problem because they are vulnerable to being exploited by more than just “good” people — they are also vulnerable to exploitation by malicious adversaries. With this reasoning in mind, backdoors (security flaws that are designed in) being required to be built in would make the German public much more at risk of harm to criminal threats. So this proposal to mandate backdoors is dangerous and should be opposed, as it’s a policy of horrible security.
German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more.
Officials are expected to submit their proposed law for debate this week, according to local news outlet RedaktionsNetzwerk Deutschland (RND).
Furthermore, the new law would also give German officials powers akin to the “Hack Back” bill proposed in the US, allowing authorities the power to hack any remote computer. The Minister says this is important to “shut down private computers in the event of a crisis,” such as is the case with botnet takedowns.
But privacy advocates who also read the new law proposal say the text also contains verbiage that would allow the German state to intercept any traffic on the Internet [1, 2], effectively setting up a surveillance state with full snooping powers over everyone’s online communications. Experts called for caution before approving the new law, which could be abused in its current state.
German authorities anticipated such reaction and said that any access to such data would be allowed only after law enforcement have obtained a court order. But the problem with encryption backdoors is not how you access them, but that they exist in the first place and that they could be abused by ill-intent actors as well.
The law proposal is not a surprise for people who’ve been keeping an eye on such things. There are concerted efforts going on in Germany, France, and the UK to introduce legislation for mandatory encryption backdoors. In fact, de Maizière and his French counterpart even signed a joint letter they sent to the European Commission that supported encryption backdoors.