Impressum
Tenzer, Theo: SUPER SECRETO - The Third Epoch of Cryptography: Multiple, exponential, quantum-secure and above all, simple and practical Encryption for Everyone? Norderstedt 2021, ISBN 9783755766094.
In collaboration with Jo van der Lou.
1. Edition.
© 2021 Theo Tenzer – Manufacturing and Publisher: BoD
– Books on Demand GmbH, Norderstedt.
Further bibliographic information at: www.dnb.de.
»I am sorry,
if I don't understand all of this!
Sorry if I go home!
You call me and you say you're late
and you're already way too late!
I need power for my netbook.
No power in my netbook.
Baby, lend me your Lada.
Come on, please lend me your loader,
I need power for my netbook.
I NEED MORE ELECTRICITY! «
Quoted and translated according to
Bungalow, Annett Louisan,
Kitsch.
Encryption is
- like math -
there for everyone.
based on Jimmy Wales,
Founder of Wikipedia.
Dear Reader*,
You have never been to an introductory workshop in Cryptography - or to a so-called »Crypto Party« - to encounter the art of encryption?
We are in the 21st century in a global Privacy crisis. Not only are the private data made available by us being collected and stored more and more, but also data traces that can be viewed on the Internet, personal interests, and behavioral preferences as well as the content of e-mails and chat messages from all of us are intercepted, analyzed, and linked together in a targeted manner.
Encryption can help protect this data. To communicate confidentially, fear-free and tap-proof, simple and practical encryption is required for everyone. But can it really be available to everyone?
The current discussions about encryption include a Right to Encryption as well as encryption restrictions. In particular, it is about so-called »end-to-end encryption«, according to which only two friends know a common key for a secure communication channel. Third eavesdroppers are excluded with end-to-end encryption.
The magic of replacing legible characters with other apparently random and therefore illegible characters had been almost religious for centuries: only those initiated into the invention of a secret language could crack the messages. Encryption remained Super Secreto – Top Secret – Streng Geheim, as it is called in Latin-American or German. Reason enough to choose »Super Secreto« as the title for the book in your hands.
In recent years, many authors, scholars, and journalists have contributed to making the topic of Cryptography and the knowledge of the fundamentals and methods of encryption accessible and understandable to a wider public.
From the point of view of mathematics or computer science, these introductions are usually rich in technical, detailed knowledge: They explain calculations with prime numbers, the application of action and process operations, i.e., the so-called algorithms; or it is about the use of computers to automatically confirm that we are only we when we do something or communicate on the Internet.
And reports from the point of view of the history of science are rich in historical events: how Gaius Julius Caesar is said to have given the rider of a horse a message encoded according to a self-invented pattern in order to have a better influence on his strategic position in achieving sole rule in Rome; just as popular: how the Queen of Scotland, Mary Queen of Scots, encrypted her letters to the conspirators against Queen Elizabeth I in order to usurp the English crown; or how Alan Turing played a key role in the deciphering of the German radio messages encrypted with the »Enigma« machine in England during the Second World War.
Many people who communicate over the Internet today want to understand clearly how encryption works in their messenger and how Cryptography increases our security on the Internet: Because they want to be sure that their communication is also protected electronically and not viewed by third parties and can be monitored.
Nevertheless, executive state authorities such as the FBI, Europol, or the police station on the next street in our neighborhood want and must be able to read and monitor communications from criminals. But they can't. Because it is technically very difficult in Cryptography without a key, i.e., hardly possible, or: not possible at all.
In the public debates and rhetorical wars of words - the so-called »Crypto Wars« - by politicians, computer scientists and civil rights activists about the further development and the sense of the use of encryption, everyone is involved today. Encryption is no longer an issue for the military or state governments. In today's age of smartphone and pocket computers, encryption is now available to everyone.
And: encryption is developing rapidly thanks to open-source programming and new innovations. This Transformation of Cryptography is primarily characterized using better algorithms, processes, and protocols as well as longer and more diverse - and therefore more secure - keys: Ever more sophisticated math is calculating - ever faster - in our messengers the secret, so-called »cipher text«, with a large number of corresponding keys.
But now, the Third Epoch of Cryptography is even more present: More and more quantum-computers calculate with ever increasing computing speed. It is measured in the unit of quantum bits, or QuBits for short.
While the QuBits of a quantum-computer could still be counted on one hand a few years ago, the computing speed has meanwhile increased more than tenfold and in a few years should not only be three-digit, but also four-digit. In addition, individual quantum-computers are now interconnected to form entire networks over long distances or even via satellite.
Further adjustments to increase security take place: Multi-Encryption, so-called »super-encipherment«, i.e., the application of repeated, possibly multiple encryption to already existing encryption respective already encrypted text - as said: the cipher text - is creating further fundamental transformations. What does this double, triple or even multiple encryption mean for the telegraphy of the future? We want to explore these and other questions in this volume.
The aforementioned super- and quantum-computers with their faster and new quality dimension of computing capacity also require new or different algorithms for more security on the Internet and for encryption: the well-known and widely used RSA algorithm is considered to be - in view of the fast quantum-computers - critical or as no longer secure, not to say: as broken.
And other algorithms such as McEliece or NTRU - which are in spite of that considered so far secure - have heralded a fundamental change in applied programming - similar to the change that we are currently experiencing with the decarbonization of energy: Cars no longer run-on liquid petrol, but switch to electric drive, fed by regenerative methods of energy generation: sun, water, wind, geothermal energy... The engine, with its technology and driving force, is changed.
Software with the RSA encryption, which is often used but is considered to be potentially insecure given the fast supercomputers - officially confirmed since 2016 -, has reached the end of the product life cycle, or at least needs to be updated or supplemented by better standards.
However, not only better algorithms or multi-encryption help against cracking encryption, but also new ways of routing and exchanging message and data packets on the Internet. For example, the Echo protocol, which has been developed for a number of years, supplements the encryption with a theory and practice of graphs, i.e., which routes on the Internet our messages take as multi-encrypted packets.
This new form of routing with encrypted data packets is called Exponential Encryption according to this concept: Routing is carried out on the basis of cryptographic processes without destination information in the route, so that we speak of »Beyond Cryptographic Routing«: Routing takes place without targeted routing.
And accordingly, all nodes are reached by potentially exponential replication of the message and its forwarding. This means that routing is robbed of its identity: Routing without routing - in an age that, in terms of innovation, lies beyond the status of routes that would be network-related or even cryptographically identified.
And: In the past, both - the key and the encrypted text - had to be transmitted (over one of these routes) to the recipient. In today's electronic Cryptography, it is no longer absolutely necessary to transfer the keys: the risky transport route for the keys can be omitted!
Yes, today, even with our beloved messengers, it is no longer necessary to have a Transmission of Keys on the Internet for later decryption. »A key has to be given to the other person to be able to open a door?«, some will ask.
It is about the fascination of how Cryptography became abstinent in the transmission of keys through process-oriented mathematics, so-called »Zero-Knowledge proofs« - and this political and technical innovation and science portrait is also about the impact it has on the state governments' desire for duplicate keys: In the following, the special features of the new keys called »Juggerknaut Keys« and »Secret Stream Keys« will be further explained with regard to their fundamental character and their transforming effect in the field of applied Cryptography.
And finally, encryption has been democratized: thanks to open-source software, it is now available to everyone and knowledge about it is no longer elitist but secularized and democratized in the hands of all citizens who access this available knowledge in the field of Cryptography, and expand their skills in using or even developing encrypting software applications.
Modern encryption therefore not only raises many questions, for example by or from which computing capacity in QuBits (and with which corresponding time period) an algorithm can be broken; or whether multiple encryption applied one after the other lead to higher security; or whether learners or criminals compile machine code themselves, i.e., are able to and will convert it into an executable software program for encryption?
At the same time, applied Cryptography also offers numerous answers to the challenges of the (natural) sciences, society and our modern times: Smart programming can already equip mobile communication devices with encryption. Their algorithms also prove to be secure against expanded computing capacity and strengthen cyber-security on the Internet. But they also no longer allow governmental authorities to investigate the encrypted message packets.
In the public discussions of these different approaches, political and social actors in particular must be included in order to analyze security through encryption and also security during and in spite of the use of encryption.
A third of cryptographic applications and programs are produced in North America and also in Europe, where in the leading countries Germany, England and France around half of the applications are open source, that means the machine code can be viewed by anyone who is capable to understand, and the functionality and programming can be comprehended.
Enthusiasm for sending secret or indecipherable messages over the Internet is shown not only by students and a completely new audience of readers in these countries of North America and Europe, but also in the other countries in which the secret service network of the Five Eyes - that is, the countries Australia, Canada, New Zealand, and the United Kingdom - and/or where their attentive observers are at home.
At the same time, however, this also means that countries such as Russia, China, India and Islamic and Arab countries as well as other states that, for political reasons, shape or try to block the Internet according to leadership-relevant opportunities, have - in addition to the learners and the scientists at the schools and universities of these respective countries - great interest in entering into a dialogue about encryption and its function in the Third Epoch of Cryptography.
In short, these global actors, an alliance of interested parties, are also thinking about how to not only make messengers and the code of encrypted messages more secure, but also how to crack them! And: how to tap data at a suitable location and save it permanently - or how to protect personal data through technical measures or laws that apply to everyone.
This means that the question is how the mathematics behind encryption can also be understood and used politically.
Can mathematics be a basic right or be banned? And if we did not learn Cryptography in early school such as languages, sports and mathematics, when is a suitable time to get excited about it, e.g., if it is to be used individually, for civil, professional, social or military purposes? Ultimately, this dialogue about encryption and its software always remains connected with the citizens and learners. And also, with the issue of protecting their Privacy.
Many previous writings on Cryptography are not only strictly relevant to the subject, but are also simply out of date and remain on the threshold of the Third Epoch of Cryptography:
In a last chapter, for example, reference is often made to the encryption standard »PGP« - Pretty Good Privacy - (which will be explained later) without discussing the prospect that this is based on algorithms that could be out of date by time. In the open-source variant (and in the following) »PGP« is also called »GPG«, derived from »GNU Privacy Guard«. But GPG might soon have to be checked and provided with the better McEliece algorithm as a possible alternative.
Or a preview of the technical discussions about »PQ« - post-quantum Cryptography - is dared: Since the first topical conference in 2006, it has been about encryption of e-mails and also about the (un)probable possibility of breaking this encryption by quantum-computers and their fast calculation methods based on quantum mechanical states.
Often such an outlook remains in the panel of experts or is recommended with the reassuring message that consumers will not be able to buy a super-computer in the next super-market in the coming years.
Numerous references in these overview-works are made to the 1970s, 1990s or 2000s - but that was many decades ago!
It therefore remains correct to continue addressing this continually rousing and at the same time highly interesting topic of Cryptography with its modern and epoch-making developments as well as its practical questions and solutions to encryption and decryption not only in the natural sciences and humanities, but also in the general public in particular; even to promote it. Yes, the task remains to discover an encryption program for yourself as a good practice!
There is a need to discuss multiple, exponential, quantum-secure and, above all, simple and practical encryption for everyone, which nevertheless may not be available to everyone at all?
This volume would like to invite you, the reader, in understandable language to enter this dialogue and to a critical, i.e., inquiring discussion about these standards and developments in the field of Cryptography - and to encourage you to get to know cryptographic functions and to think it through. And probably simply to use such software programs.
In life, we all sometimes need a mentor here and there for the first insights and steps into new topics to be deepened. With a personal and narrative mediation, we find and found access to what was previously uncharted territory.
At that time, I also had this mentor or tutor for a first access to the field of Cryptography and I would like to thank him very much for it - as well as all other participants in the creation of this book on the subject of encryption and its implications in technical, political and social terms.
I would also like to thank the other helpers such as colleagues in the publishing/manufacturing house, teachers, booksellers and librarians who work tirelessly to ensure that the content of modern non-fiction books is understandable to us citizens and that their ideas are an initiation of interest and enthusiasm.
Ultimately, this also ensures the ability to reflect and act in the assessment and application of encryption technology on a broad basis.
Last but not least, I would like to thank all readers who set out to get to know the contents of this portrait from different perspectives in order to mark the beginning of a new era with its cryptographic functionalities and necessities as well as to assess technical, social and economic consequences and opportunities.
My special thanks go to my long-time comrade, colleague and good friend Jo van der Lou, with whom I often discussed ideas and thoughts via a messenger, sometimes unencrypted, sometimes encrypted (not because the content of the conversation required confidentiality, or because we always want to have this standard set, but because we were just testing another messenger or GPG) and received numerous suggestions and impulses in this exchange, including on personal, family or professional topics. Without him, this book - »Super Secreto«: The Third Epoch of Cryptography - would never have been possible.
Many thanks to all who have contributed to providing themselves and others with initial or extended access to the subject of Encryption for Everyone, and who take part in the discussion about whether it is really available, can or may be available to everyone - and what role we, as learners, and teachers, have to play in this.
Theo Tenzer on Mai 24, 2021.
* Terms for persons used in the book can include female, diverse, and male genders.
The demands for a Right to Encryption on the one hand, and the demands for a restriction on encryption on the other, are a longstanding story: The public discussions1 can already be found in the 1990s, then at the turn of the millennium, as well as around 2010 and finally again in the decade from 2020 - and again and again in the middle of this never-ending story of erosion, retention or the attempt of a re-definition of Privacy.
Those who want to restrict encryption, e.g., to better grasp criminals, realize that they cannot implement this extensively because of technical circumstances. And they recognize that encryption is needed in all areas of life, so that it would have devastating consequences if it were to be restricted or even abolished. Those who only want their Privacy protected by encryption - not only secure, but also tap-proof - recognize that the technology could potentially also be used by criminals - and therefore authorities not only want access to communication, but also need it.
This is how these findings lead to the formulation: We want to achieve »security through encryption and security despite encryption«. From a technical point of view, however, this claim is tantamount to squaring the circle, because there is just as little »a little bit encrypted« as there is »a little bit pregnant«.
The proposal to ban the sending of encrypted messages on the Internet is therefore always on the agenda: Terrorists, it is said at the beginning of every discussion, made use of the most modern communication technologies. And: The exchange of encrypted messages on the Internet poses serious problems for the authorities.
Because encryption is not forbidden, terrorists and other criminals can communicate freely and unobserved over the international data networks and exchange their criminal plans: »This idea is anything but new«, summed up the book author Christian Meyn already for the 1990s, because even then the Member of Parliament Erwin Marschewski demanded an initiative e.g. in the German Bundestag for a crypto law, which should regulate a reservation of approval for encryption procedures and a collection point for the deposit of keys.
As a member of the so-called G10 Commission of the German Bundestag, he was involved in decisions on the necessity and permissibly of all restrictive measures implemented by the federal intelligence services (like BND, BfV, MAD) in the area of secrecy of letters, mail and telecommunications.
The interior minister at the time also spoke out in favor of a place where the keys could be deposited2. Private encryption was defined and understood as a public problem3. However, there was no law to issue private keys for encryption or state decryption in the following decades.
Today it is also evident that installing surveillance software - a so-called »Trojan« - on the mobile communication devices of people to be observed requires the help of the telecommunications provider or, probably, the manufacturer of the smartphone operating systems. And even after a court decision, these inquiries to companies or overseas cannot be made without further formalities. And: they often cannot be processed or answered in a timely manner.
After all, breaking the encryption, the cipher text, will probably4 hardly be possible - despite increased investments in computers with high computing capacity.
The political discussion of the demands for a softening of encryption thus alternates between the three paradigms, (a) we do not want to break encryption because it weakens the security systems, (b) we must, however, be able to break encryption to avoid criminal offenses or demand the surrender and state collection of keys, up to (c), we use surveillance Trojans to access the plain text before encryption or after decryption.
On the other hand, there are those, often civil rights activists, who want to legally establish a Right to Encryption in order to protect personal, family and professional Privacy.
So, what remains for the correct use of encryption?
The European Council therefore came up with the idea of adopting a resolution for the entire European continent, so to speak, according to which the so-called end-to-end encryption should be restricted across Europe.
With end-to-end encryption, user Alice and user Bob exchange their keys - and from now on third parties can no longer investigate this connection. This is different with point-to-point encryption, which decrypts a server in the middle and then encrypts it again for forwarding. Here a server in the middle can read all messages.
A central example of this difference between point-to-point encryption and end-to-end encryption is the German state DE-Mail: Ten years ago, on behalf of the German Federal Government, DE-Mail was launched for secure communication with authorities.
Over the years around 85 out of 92 German federal authorities have been connected via DE-Mail. However, DE-Mail was offered without end-to-end encryption, i.e., there is an intermediate point in which the mails can be decrypted. So, the encryption was just a point-to-point encryption. As a result, we see, that this was not accepted by the citizens.
The CEO Timotheus Höttges of (among other) executing Deutsche Telekom finally criticized the mail service sharply in an interview with the well-known YouTube channel »Jung und Naiv«: DE-Mail was »over-complicated« and a »dead horse«. Despite investments in the three-digit million range and running annual costs in the six-figure range, »there has never been anyone who has used this product«, which is why the service was discontinued5.
After completing his studies, Timotheus Höttges joined a management consultancy and worked there as a project manager in the »Services« division before moving to Telekom, those perspectives can certainly also be transferred to IT services.
And yes, who wants to set up an extra e-mail address for a service just for communication with authorities, which should then only be used for private purposes without secure end-to-end encryption? This is comparable to a Lufthansa direct flight with »only« one stopover.
Figure 1: End-to-End-Encryption
Source:6
End-to-end encryption characterizes encryption from Alice to Bob without interruption or gaps, even if the connection is forwarded via intermediate stations. Only the two can read the message. Point-to-point encryption, on the other hand, only encrypts the transport route to the next station. The intermediate stations can unpack the encrypted package, read it and encrypt it again before it is sent on.
According to the idea of the European Parliament and the given EU resolution on encryption, commercial providers of telecommunications services are now obliged to keep a copy of the encryption key available in case of need.7
This applies in particular to users of end-to-end encryption, since the keys to open the encrypted messages are with the users at the ends of the encryption channel. This duplicate key is not a master key (since this technically, depending on the encryption method, cannot be generated as a third, passable key), but a copy of the original key and should therefore also be designated as a duplicate key - or better called: a copy (e.g., in a third hand).
However, with this requirement to store cloned keys in government hands or access them with government authorization, encryption would become less secure in both basic encryption methods: symmetric keys (identified by a shared password as a secret) as well as the public keys of asymmetric encryption (and thus also the respective private keys of this so-called »Public Key Infrastructure« (PKI)) would be attacked. The following parts of the book explain the differences between the two types of encryption in more detail.
But it is already clear from the political initiative to store keys: for both types of encryption, copies of keys always require procedures for the copying process, for checking-out the selection, for transport routes, for storage, for indexed assignments to the encrypted messages and also are authorization concepts needed in order to then being able to view the content. Respective, first of all, it is necessary to define who is allowed and should have access to the keys. All of these processes can reduce security, so that in addition to the two communicating parties and the patrolling state, unwanted fourth parties could gain access to the keys - and thus also to the content of the messages.
Was the European idea for this amendment to the law a good idea?
It then came to light (in quasi another act in this story) that this European initiative to issue keys for encryption by the so-called Organization of the »Five-Eyes« (abbreviated: FVEY), the worldwide espionage alliance consisting of the five countries Australia, Canada, New Zealand, England and the USA and in this case plus India and Japan was supported and prepared with8.
Because not only in Europe, but also in the USA, there are similar efforts to take the keys for the encryption of their communication out of the hands of the citizens: with the proposed EARN-IT-Act9, the use of the end-to-end encryption can be made practically impossible.
But: What use is a key if the associated messages are not copied, stored and accessible in the same way - i.e., also physically?
And: Basically, banning cipher text on the Internet may not be possible and also not wanted: Who wanted to do without banking, home office, online shopping and other secure transmissions, especially in critical infrastructure such as the energy industry or healthcare? Finally, it is also not possible to forbid, for example, free Linux machines on which cipher text is also still being generated10.
At the same time, after the European initiative for this resolution, which was co-sponsored by the Five-Eyes, there were reports from Google, Apple, Microsoft Teams, and the video portal Zoom, to name just a few, that they expand end-to-end encryption. They will introduce encryption, e.g., even for simple SMS/RCS messages or video chats, as we have been using it for many years as a standard with market-leading text messengers.
These companies are in good company among the »Big Five« US technology companies. They are the American technology companies Google (Alphabet), Amazon, Facebook, Apple and Microsoft. The Big Five are also abbreviated with the acronym GAFAM, which stands for Google, Amazon, Facebook, Apple and Microsoft. All of these companies have seen rapid growth in the last decade and all of them have a corresponding influence on encryption in their Internet offerings.
Figure 2: Big Five Companies of the Internet: GAFAM
| Big Five Companies |
Employees | US$ Sales billion |
US$ Revenue billion |
| Google (Alphabet) | 127.498 | 275.900 | 161.857 |
| Amazon | 1.225.300 | 225.248 | 280.522 |
| 52.534 | 133.376 | 70.697 | |
| Apple | 137.000 | 323.888 | 274.515 |
| Microsoft | 166.475 | 301.300 | 143.000 |
Source:11
Commentators have raised the effects of these technology giants on data protection, market power, freedom of speech, encryption technologies and censorship as well as national security and law enforcement as issues and criticize their power12. On the other hand, companies remain popular by offering consumers free services - in return for disclosing their personal data, interests, habits and communication content - and thus their Privacy as a whole.
The perfidious system may also consist in the fact that the companies say, give your personal data only to us, and to no one else on the Internet, - therefore they are in favor of encryption not only for technical reasons, but also for market reasons. Also for strategic considerations: A police officer or the Federal Intelligence Service of any European, American or worldwide country should only ask Google during an observation about the data, not Apple or a European mail provider, and certainly not Europol!
Strong encryption not only establishes and cemented the communication channels, but also the power of the intermediary servers or platform providers on which conversions from plain text to cipher text take place: our smartphones. The policewoman, who has to ask Google or WhatsApp in the Facebook group as part of investigative work, will only be able to make her inquiries in non-English mother-language in the long term if there exist also appropriate alternatives to mail and messaging in her own country, in addition to the central five American technology giants.
Possibly in this sense, after the EU resolution, the rejection of a key release or the approval of encryption culminated in the following demand from Apple: Through its software boss Craig Federighi, the company announced to those responsible in Europe in terms of politics, on the contrary: support for end-to-end encryption must be expanded and reinforced. 13
Craig Federighi is known in the public image for his energetic presentations of new Apple software functions and his distinctive humor about his (sometimes longer) hair, which is why he has been nicknamed »Hair Force One«, if not the Apple Boss personally calls him »Superman« at the karaoke parties he organizes for his colleagues.
Even if Apple steadfastly emphasizes that it does not want to decrypt its own telephone devices for police investigations, this may also only be part of official rhetoric. Because it can be assumed that even Apple will not be able to avoid in the background when observing crime providing insight into the messages of customers in the case of specific investigation inquiries outside the public.
At the time, for example, a judge in California ordered the company to help FBI investigators obtain data stored on an Apple cell phone. It was about Syed Farook's iPhone, who killed 14 people together with his wife in San Bernardino. Apple was able to stand firm until a third party, the Israeli company Cellebrite, was supposed to pull the coals for Apple out of the fire and decipher the cell phone.
But the Washington Post14 finally reported that the FBI (according to anonymous »people familiar with the matter«) instead paid »professional hackers« who were using an allegedly unsettled security hole in the iPhone software. So, the help of Cellebrite was no longer needed. The image as a confidential partner was saved: Apple was off the hook and was not considered a company that was misappropriating data. And there was no third company that had proven that it could crack Apple's encryption.
Once again elegantly taken the curve to lull the public and customers into security that their encryption is safe in the hands of this company and that the secret services, as can be assumed, still run their filters and analyzes in the background (as with other GAFAM Tech companies).
But what happens if users now start to set up end-to-end encryption themselves, and really nobody can look inside along the way? Civil rights activists understand encryption very differently, namely as protection of Privacy. - Private life in their own four walls and the associated communication with family and friends, as a rule and in their opinion, is nothing which should be exposed to the state and government organizations - if there are no illegal machinations behind it.
Since not only the state, technology companies, as well as suppliers and service providers monitor, evaluate data, and sacrifice economic processes in the market, the protection of private data and private communication is of particular importance. Finally, Edward Snowden's papers15 in the summer of 2013 proved that the American surveillance organizations store and analyze all content and data on the Internet. His revelations give insights into the global extent of surveillance and espionage practices by the American and British intelligence services and sparked the NSA affair that has made him live in exile in Moscow since that time.
Edward Snowden has received several awards from nongovernmental organizations for his publication: he received the Honorary Prize of the Right Livelihood Award (also known as the Alternative Nobel Prize) and was even nominated for the Nobel Peace Prize two years later.
The only thing that helps against the worldwide surveillance measures he has uncovered is encryption, which civil rights activists believe should be strengthened. And from this context of having to expand encryption to protect citizens, there is also the longstanding political demand for a Right to Encryption. In Germany, for example, it is represented by the liberal party of the Free Democrats. The party »Die Linke« also represents this right for citizens as well as conservative party politics in their program consistently and very clearly speaks in favor of end-to-end encryption and wants to implement a Right to Encryption - simply and above all for everyone available.
There are also approaches in the social democratic party when the chairwoman Saskia Esken - in the sense of the quotation from the fourth German Chancellor Willy Brandt with his demand: »Dare more Democracy« - still formulated a few years ago: »Dare more Encryption!«.16 This catchphrase was seen as a social awakening hoped for by many and a necessary social dialogue that had to be conducted.
On the part of Saskia Esken, it was a fitting headline based on this, when she was not yet a party leader of a ruling party, and furthermore, because she previously was trained as a state-certified computer scientist and then also worked in software development. Encryption was a fundamental aspect of her training!
However, this document later disappeared from the official Internet pages of her online blog and should only be found in the deep archives of the Internet via detours. She was apparently whistled back by those involved in party politics in the government and henceforth holds back rather with brief general statements on the subject - as in the following Twitter message after repeated requests to comment on the further implementation of the European initiative and resolution of the mandatory key handover: »Encryption protects the Privacy, security and confidentiality of communication - for each of us and even more so for those who particularly need this protection: journalists and lawyers, but also politically active people who are threatened by authoritarian regimes.«
As well as adding, months later: »I reject state Trojans in the hands of the services. That just can't be. The majority of the party opted for this path, and I respect this majority. I share the motivations for effective law enforcement. However, I still consider the agreed means (use of #StateTrojan) to be wrong.«17
Party members at the grassroots asked themselves whether, as party leader, she would still vote for the implementation of the EU resolution to abolish end-to-end encryption in her own country and why she wrote two years earlier that her party would not go along with it?
Jimmy Schulz, Member of Parliament, who died far too early from pancreatic cancer, and who grew up in the eastern part of Germany - the GDR -, spoke very clearly in an emotional and moving speech in the German Bundestag a few years ago about the need for a Right to Encryption for every citizen.
He was also the chairman of the Digital Agenda committee, which deals with other members of parliament with digitization, networking and digital change. He represented a vision of security in confidential communication and freedom from fear in open and private speech, and even liked anonymous communication options. He illustrated his liberal claim with experiences from the unjust state of the GDR and the surveillance of the citizens there by the organization of state security at the time, also abbreviated as »STASI«:
»That we have the opportunity to walk down these corridors, these halls (of the German Bundestag) and move freely in this house, to be part of Democracy - for which people fought for centuries and gave their lives because they to stand up for these Basic Rights and our Privacy - that is a tremendous privilege for us today!
We send unencrypted e-mails like postcards that in case of doubt anyone can read. This also applies to the popular messenger systems if they are unencrypted.
In the analog world, reading along can be prevented by an envelope - in the digital world this is done using encryption technology. They ensure that only you and the person you are speaking to can read the content of a message. The encryption technologies act like a closed envelope with a seal.
In the analogue and digital world, we need the same rights and opportunities: Privacy in today's digital space must also be protected. (..)
And this topic haunted me all my life: Because I still have that click in my ear, that click when they have been observing us. (..) Every time we called the family left behind, we were sure that they were listening. Every time we visited (.. the family), we were sure that they would overhear. We had to go to the laundry room, or go into the kitchen, turn the water tap on, just to make sure they weren't listening.
I grew up in a time when every phone call by us was monitored!
But what does this eavesdropping do: It's scary! It forces fears to speak freely and openly, to express one's opinion, and one is frightened of the consequences of what one has said. Something like that must never happen again! (..).
Encryption is a fundamental pillar for guaranteeing our Fundamental Rights. (..) The Secrecy of Correspondence as well as Postal and Telecommunications Secrecy are inviolable. This principle must also apply to electronic communications. This is what the Federal Constitutional Court for the Federal Republic of Germany also says (..) - we have a Fundamental Right to guarantee the confidentiality and integrity of IT systems (..). A Right to Encryption must therefore be demanded, in which all providers are obliged to offer services encrypted as standard: end-to-end secure. Not only secure, but tap-proof - only then can everyone (including those with no technical knowledge) be sure of communicating confidentially.«18
Logically, in accordance with his parliamentarian resolution, Parliament should therefore call on the government to »oblige telecommunications and telemedia providers to offer their communications services in the standard form tap-proof end-to-end encrypted.« 19
Figure 3: Storming of the STASI headquarters in the German Office for National Security in 1990
Source:20
Storming of the headquarters of the Office for National Security (AfNS) on January 16, 1990 in Berlin: At a demonstration in front of the building of the former AfNS in Normannen- and Ruschestrasse, which the New Forum had called for, thousands demanded the complete dissolution of the office: Everything must be done to ensure that a spying apparatus like the State Security (STASI) - controlled by an Office for National Security (AfNS) - never emerges again as a party's instrument of power.
Politics - and especially politics in Germany against the background of historical experiences in the eastern part of Germany - must ultimately make itself honest in a set theory: whether it wants encryption for everyone, for no one, or especially wanting it for journalists, priests, and lawyers, but not for criminals! And whether there is a right to it or not, and how a balance can be found with regard to desired or necessary measures for decoding or monitoring plain text.
Following the European advance, lawyers as well as IT associations and other institutional organizations speak out in unusual clarity in favor of maintaining end-to-end encryption and against its intended restriction.
The federation of lawyers, Bundesrechtsanwaltskammer (BRAK), rejects the European initiative and calls for the formula »security despite encryption« to be refrained from as long as it is aimed at breaking the encryption21. Then the BRAK followed up in its magazine to all members and discussed whether legal communication should not even be done exclusively with end-to-end encryption and how this could then be implemented in practically every lawyer's office. 22
However, the encryption of lawyers to clients is only one aspect. The connections to colleagues and to the courts should also be discussed. In Germany, a »special electronic attorney's mailbox« (short: beA) is provided for this purpose, the connections of which are only encrypted point-to-point via the German Bundesrechtsanwaltskammer; the continuous chain of confidentiality can be broken at any time by »recording«. It's the same dilemma as with DE-Mail.
The German government considers this risk of decryption to be »acceptable«23. However, several lawyers, together with the Society for Freedom Rights (GFF), are suing the fragile system and want to achieve end-to-end encryption24. This is to be decided with a constitutional complaint against the previous legal situation. After all, lawyers also see the protection of mandate secrecy as a constitutional requirement.
The association of public prosecutors and judges called Neue Richtervereinigung (NR) requests for more effective end-to-end encryption to be strengthened instead of weakened25. The German Lawyers' Association (DAV) also rejects such legislative provisions »in general.«26 Who can give European parliamentarians better recommendations in this context than public prosecutors?
Even according to the ecclesiastical data protection in the Catholic Church, which demands special confidentiality for pastoral care and knows its own church laws, »a selected open-source messenger should always have end-to-end encryption.« 2728Mishpaha