Encryption is one of our favourite topics. This blog and our events feature discussions, tools, and content regarding cryptography. The first DeepSec conference in 2007 even had a presentation about a practical attack on GSM’s A5/1 algorithm. Subsequent conferences followed up on this, for example, the state of affairs of mobile network security in 2010. We use encryption and high levels of privacy in our own communication. Certain published documents emphasize the importance of using uncompromised and modern encryption algorithms. In the meantime, users have moved to messengers using TCP/IP on top of the mobile network transmissions. This enables full end-to-end encryption and privacy. The problems are still the same as in the 1990s. Enter the continuation of the Crypto Wars.
On 23 March the Oberlandesgericht (Higher Regional Court) Rostock in Germany argued that the very use of specialized cryptographic devices and tools indicate conspiratorial behaviour to commit and conceal crimes. The trial lawyer describes the verdict in his blog (the article is written in German). By using this argumentation the court basically reverses the presumption of innocence. Extending this logic to businesses does not bode well for secure communication, invoicing, teleconferencing, and a metric ton of cloud services used by individuals and organizations all over the world. Surely, if you type https:// you must have sinister thoughts! Information security teaches otherwise.
The past translated articles from FM4’s journalist Erich Moechel shed some light on legislative processes in the EU Commission and the parliament regarding the legal future of encryption and information security. The Crypto Wars are far from over. The battle has shifted to the content platforms and indirect threats. Outlawing mathematics is not workable anymore, so the content is the angle of attack. The effort to develop and deploy decentralized communication services has increased, but most users stick to common platforms tied to the business models of tech companies. Signal got a major boost when WhatsApp changed its terms and conditions. Threema has been attacked by legal moves of the Swiss government in the past. In their blog, the Threema team reminded the EU Council that privacy is important for democracy. Now you know why we frequently write about the current Crypto Wars, privacy, and encryption. We will continue to translate Erich’s articles covering the matter because he is a specialist in following the legislative processes within the EU. Have a look and make sure they heard your voice. Encryption is one of the building blocks of information security. This means there must be no holes, no deliberate weaknesses, or backdoors.
Originally published at https://blog.deepsec.net on March 31, 2021.