Skip to content →

No, you CANNOT read our chats!

Last updated on 06/04/2019

Please note: The original text was written in German (see language switcher in menu) and thus mainly linked to German sources. I tried finding similar sources in English, however their message is different sometimes, and sometimes I didn’t find any that matched at all — in those cases I kept the links to the original sources. I apologize for any inconveniences.


Germany is at risk of lagging behind in terms of digitalization — even our chancelor says so. Many unnerved train passengers agree with her, and they get scientific backup by the McKinsley Global Institute. That the underwhelming feedback to Germany’s progress in terms of digitalization isn’t just a coincidence got conveniently proven by Horst Seehofer, Germany’s interior minister.

Yes, in theory celebrating would be due: Germany is second most attractive country for companies which drive digital change (German) – worldwide! Before we meet up for a virtual party, the sobering reality sets in, though: Of this immense digital potential, Germany only uses ca. 10 %. Ouch. Especially when it comes to e-governing, so the digitalization of government institutions, Germany is far behind. There are (currently) 28 states in the EU and Germany ends up on 20th place in comparison to the other states. Not really surprising considering that most information in the chancellery still gets send via a 19th century tube mail system (German) — because messengers would be more expensive than repairing this air pressure driven mailing system. I guess everyone can have their own opinion regarding that.

Another indicator that Germany’s parliament might lack digital expertise is the age distribution of the representatives: 75 % — in words: seventy-five percent — of representatives are over forty years old. This means a majority which could easily change the constitution has seen all of the digitalization. Over 50 % of representatives even are over 50 years old (Source: statista.com (German)). One is tempted to think: Great! Lots of experience, and they witnessed all the changes, so they know what matters. Sadly, especially politicians who would be able to make a difference in terms of digitalization in Germany show that they have no idea what actually matters.
For example Germany’s interior minister Horst Seehofer (CSU, and on top of that turning 70 on 4/4/2019) demanded that messenger services hand over end-to-end encrypted messages in a readable form. If the providers of the messenger apps refuse to do so they’d get banned in Germany.

Let’s ignore for a moment that these methods also get used by Russia, China and the Iran — a truly illustrious group. Let’s also overlook the fact that trojans and other hacking tools used and designed by governments create significant security risks for regular citizens and focus on Seehofer’s specific demand.

Why is the interior ministry interested in reading the chats and what’s the problem there?

Politicians have long been convinced that it’s possible to reduce the threat of terrorism and criminal actions by monitoring their citizens, especially digitally. Prerequirement for this is that the government itself becemes a cracker and spies on their citizens. In Germany this currently happens using trojans which need to get smuggled on devices using security breaches before the government can access messages, photos etc. Hence any government which tries to monitor the communication of its citizens wants to access messenger chat protocols really badly — much like they are able to listen in on phone calls. As Seehofer’s demand suggests, these protocols are encrypted, though — so not readable.
The problem from the government’s point of view: The time of the enigma machine is long past. Encryption codes are very well capable of being uncrackable nowadays. Let’s assume the chat services use RSA with a 1024 Bit key to encrypt the chats. Trying to simply guess such a key is pure madness — there are so many possible combinations that you could label all atoms of the observable universe with one combination and in the end only a fraction of all combinations would be written down. Even cracking a 16 characters long password using brute force (so electronic trying of all possible combinations) can take years — and a RSA key has 128 characters! As I said: That’s simply madness. Mathematically cracking the keys is unthinkable with current technology standards, too — and even if you’re able to crack the 1024 Bit keys at some point there are already 2048 and 4096 Bit keys available. So to decrypt the protocols without the keys is more than just unrealistic.

Why don’t the companies simply hand over the keys, then?

Quite simply: They don’t know the keys! That’s the point of end-to-end encryption. There are two types of keys: Public and private keys. You can encrypt messages using the public key, but only someone with the matching private key can decrypt it – and the private key can a) not get guessed based on the public key and b) gets saved locally on the smartphone. The providers don’t have access to it. They don’t want to and don’t need to, either. Because at the beginning of each chat the participants exchange public keys, send encrypted messages and decrypt them locally on their smartphones. That means: As long as end-to-end-encryption gets used which deserves its name Seehofer can demand and threaten as much as he wants. The companies cannot make the protocols readable at all. The only thing some messenger services know about is who chatted when with whom (meta data — this often doesn’t get encrypted). But Threema. for example, doesn’t use phone numbers for identification but randomly generated IDs, so this information isn’t really helpful. Signal, on the other hand, uses phone numbers, but encrypts meta data as well — end-to-end. In so far messenger services more and more lock themselves out of the data sources.

What does that mean in terms of Seehofer’s demand?

Long story short: No, you cannot read our chats. At least not without malware or some other means of access to our chat account.

Published in Web politics

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.