German Government prepares Law for backdoors and hacking back

The German Government is preparing a law that will force hardware vendors to include a backdoor in their products and to allow its unit to hack back.

The German Government is preparing a law that will force hardware vendors to include a backdoor in their products. The law aims to allow law enforcement agencies to use backdoors to gather information during their investigations.

The law would target devices in any industry, including telecommunications, automotive and IoT products.

According to local news outlet RedaktionsNetzwerk Deutschland (RND), German Officials are expected to submit their proposal for debate this week.

“The acting Federal Minister of the Interior Thomas de Maizière (CDU) wants to oblige the industry, German security authorities to open digital gateway for the spying on private cars, computers and smart TVs.” states the news outlet.

“The application is overwritten with “Need for action on the legal obligation of third parties for measures of covert information gathering according to §§ 100c and 100f StPO”. De Maizière wants to drastically expand the so-called eavesdropping attack by “using technical means against individuals”. Above all, large corporations and producers of digital security systems should be required to provide information and notification.”

The proposal is strongly supported by the Federal Minister of the Interior Thomas de Maizière who cites the difficulty investigations have had in the past especially when fighting against terrorist organizations.

The Interior Minister explained that modern technology is able to alert suspects for every suspicious activity conducted by law enforcement agencies.

The Minister cited the cases of smart cars that alert an owner as soon as the car is shaken or any other anomalous activity is conducted by police officers.

Well the presence of a backdoor could allow investigators to operate stopping any warning is sent to the suspect.

De Maizière stressed out that companies have a “legal obligation” to introduce backdoors for the use of law enforcement agencies.

The Minister aims to oblige hardware manufacturer to disclose their “programming protocols” for analysis of Government experts and consequently to force companies to disclose details about their encrypted communication practices.

“Accordingly, eavesdropping would in future be possible wherever devices are connected to the Internet. The industry should give the state exclusive access rights, such as private tablets and computers, smart TVs or digitized kitchen appliances. A precondition for all measures of the extended wiretapping attack, however, would remain a judicial decision.” continues the news outlet.

One of the most disturbing aspects of the new law is that it would give German officials powers to hack back any remote computer that is suspected to be involved in attacks against the country infrastructure.

Something similar was discussed by the French Defense Minister Le Drian comments in January 2017 and by the US authorities, in both cases, the Government officials were referencing the cyber attacks conducted by the Russian intelligence.

The Minister says this is important to “shut down private computers in the event of a crisis,” such as is the case with botnet takedowns.

“De Maizière also wants an authorization for the security authorities to shut down private computers in the event of a crisis. An “Botnet takedown specialist concept” will allow security authorities to use private data to alert end users in good time if hackers want to misuse their computers for criminal purposes. In the event that online providers refuse to cooperate, far-reaching penalties are provided for.” continues the RedaktionsNetzwerk Deutschland.

Privacy advocates believe the German law could open the door to a mass surveillance programs, Government officials will have full powers of snooping everyone’s online communications.

The German authorities refused such kind of accusations and highlighted that any access to data gathered under these surveillance programs would be allowed only after law enforcement have obtained a court order.

The reality is that the presence of backdoor dramatically reduces the overall security of any system, the backdoors could be discovered and used by malicious actors such as a foreign government and a criminal syndicate with unpredictable consequences.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Germany, backdoors)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.