From the possibility of banning effective cryptography

...and the Impact on Qabel

 
by Peter Leppelt

 

After the tragic attacks on Charlie Hebdo at the beginning of this year, politicians around the world (mostly conservative) renewed their calls for banning effective systems for the encryption of communication on the Internet. More precisely: They want such communication to take place in such a way that government institutions can access the unencrypted data.

There are different ways that this could be achieved from a technical standpoint: Mandatory use of master keys, weakening of encryption through short keys or broken algorithms, installing back doors in the respective software or hardware systems. One thing is common to all of them: They are very bad ideas. Above all, they have the effect of also making it easer for the bad guys (privacy attackers, industrial spies) to get to encrypted data.

These plans are by no means new. They have been around for as long as there have been encryption systems. That is why the current developments fall under the heading "Crypto Wars 3.0". The number shows that we have been through this several times before.

At this point, there is no need to go into the details of the respective arguments. They have all already been made and countered. Everything that can be said on the subject has already been said. A source that helps to understand the subject and the current state of affairs can be found at: http://heise.de/-2526029


Likelihood of a Ban in Germany

The article referred to also provides a direct assessment of what this article is all about: How likely is the ban of a system like Qabel in Germany?

There is almost every indication that such a restriction on effective cryptography in Germany and also in Europe will not happen. The reasons against it seem overwhelming:


Industrial Espionage

The only way to at least contain industrial espionage is effective encryption. Industrial espionage is poisonous for a modern market economy, which lives from innovation.

The Snowden revelations have shown that western nation states use their intelligence services on a large scale for economic interests. Restrictions on encryption capabilities would open the doors wide open to this activity.

This same is of course also true of Chinese activities, which are becoming much more specific in their demands. "The Chinese government only wants to allow into the country hardware and software whose encryption can be circumvented by the authorities." That, interestingly enough, bothers even the USA: http://heise.de/-2563500


Criminal Activities

The creation of back doors for government institutions automatically means the creation of back doors for criminals as well. To draw an analogy with the physical security industry: One could use a safe whose steel doors were artificially constructed so thin that state agencies could quickly get to the contents without a key. It's intuitively clear that such an approach also makes the work of criminals easier.

Banking systems would correspondingly become radically insecure; end-to-end encryption on payment system networks more vulnerable; home automation systems easier to manipulate (the opening of entry and garage doors via online attacks come to mind here). The scenarios of abuse aimed at institutions and people are without limit.

The bottom line is that the arguments against weakening encryption systems clearly outweigh those in favour. In particular, business interests will take and advocate for the position that technical and business knowledge should not be readily revealed with government support so as to be used for abuse and theft.


Impact If a Ban Does in Fact Happen

The short version: Qabel is a published-source system, intended for international distribution through consistent development on and use of the Internet. In the unlikely event of a ban in Germany, we will follow a path that allows us to continue operating the software and the company behind it in a legal way.


We will not make any misguided compromises and install back doors in the system. That would not be consistent with our understanding of civil rights, and it would also be economically foolish. Qabel will not do away with its unique selling proposition and strongest reasons for buying.