Smartphones are popular around the world, so it’s not surprising that people everywhere care about digital privacy. Phones are an incredible piece of technology that keep us connected to the people, products, and information all around us.
They are also a means through which hackers, cybercriminals, government agencies, and other groups can gather your personal information.
Germany’s new coalition government offers many things digital rights activists have asked for, such as a “right to encryption,” “a right to anonymity,” “increased IT security,” and more. However, in practice, even governments that claim they value encryption often don’t guarantee it.
How can people be sure of their privacy when robust encryption laws exist simultaneously with legal mechanisms for state surveillance and decryption? A deeper look into Germany’s recent past and present makes it clear that the difference between total privacy and some privacy is irreconcilable.
Encryption Backdoors Versus Government Hacking
The government has at least two ways of accessing people’s private information: installing a secret backdoor into encryption protocols or outright hacking. Both methods compromise citizens’ privacy but in different ways.
In 2021, the prior conservative German government issued statistics about its use of hacking for the first time. Police and investigative authorities ordered the more invasive online search 33 times in 21 procedures and used it in 12 cases. Hacking to eavesdrop through surveillance was used 31 times and used in three cases. “These authorities use government hacking tools primarily to investigate drug and property crimes, not murder or terrorism as initially intended.”
According to another report, German government hacking wasn’t used in any successful criminal investigation or emergency response between 2017 and 2020. “Government hacking is understood as interfering with the integrity of software – including online services — or hardware to access data in transit, data at rest, and sensors to manipulate a target’s device by law enforcement for the purpose of criminal investigations [in a targeted manner].”
Encryption backdoors would allow the government to bypass any encryption used by the population. Unlike government hacking, using a backdoor to sidestep encryption still compromises security and would be done outside of the protections afforded by law.
Whereas hacking exists within a legal framework, encryption backdoors directly contradict the law as it currently stands. That’s why policy discussions within Germany only extend to government hacking. However, they might influence EU law to allow for encryption backdoors, where they may have a higher chance for success.
German Foreign Intelligence and the CIA / NSA
The European Council, in December 2020, adopted a resolution called Security Through Encryption and Security Despite Encryption. It underlines the importance of encryption for security while also undermining encryption by indirectly asking for backdoors to encryption for the authorities.
Such a conflicting approach is not new to German surveillance. During the Cold War, the Federal Republic of Germany’s foreign intelligence service worked with the CIA to decode messages from allies and enemies alike. Dubbed Operation Rubicon, these intelligence agencies both made money off the technology and used it to eavesdrop for decades.
The partnership was considered the “intelligence coup of the century”. The encryption devices, made by a Swiss firm and sold to NATO allies for their own espionage purposes, were owned by the CIA—unbeknownst to the buyers—and enabled the two countries to spy on their own allies with ease.
The US and Germany not only listened freely, but they also collected money from the victims. However, such alliances aren’t always trustworthy in the long term. It turns out that undermining encryption communications can backfire against the perpetrators.
Denmark helped the US spy on countries like Germany, including eavesdropping on German chancellor Angela Merkel between 2012-2014. The US National Spy Agency accessed text messages and phone conversations of numerous prominent individuals by tapping Danish internet cables with the cooperation of the FE, Denmark’s secret service.
Known by the codename Operation Dunhammer, the digital communications surveillance of allied countries heads of state proved not only enemies couldn’t be trusted with respecting privacy and security. How can ordinary citizens put their faith in government to secure their privacy if world leaders can’t protect their own?
For almost too many reasons to name, the importance of secure and open communication cannot be overstated: people need to feel like they can chat freely for the sake of staying in touch with friends, engaging in political discourse, conducting business, and so much more.
The group in Germany that supports embedding systematic weaknesses in encryption, to enable intelligence and law enforcement agencies to be more effective, is small.
Governments, like Germany, are increasingly exploiting the public’s rights to privacy. Using the premise of heightened security to extend law enforcements’ reach, governments justify hacking and asking for backdoors into encryption.
Encryption keeps people safe from cybercrime and prying eyes, but it can’t do that if governments’ want access to support justice because once a backdoor is in place bad actors will get in. Germany might be seeking to appease digital rights advocates in the country, but deliberately leaving holes in their privacy protection is a risk to the government and its’ citizens.
Using a hardened phone on a device built from the ground up for maximum security and privacy protection is the only way to ensure your digital communications are never compromised. Business leaders, journalists, lawyers, and, as the above has made clear, world leaders need to know that no one can crack their phone.
The only way to ensure your conversations remain confidential is to get a phone with military-grade encryption with secondary security features hosted on a private server to protect against potential vulnerabilities.