It is said that the one thing one can learn from history is that we don’t learn from history. The clipper chip is an example of this, and it shows again today.
It is April 16, 1993. The White House announces the ‘Clipper chip’, officially known as the MYK-78. It was meant for use in secure communication devices like phones, protecting calls from interception by encrypting them.
Each Clipper chip came with a pre-baked, unique secret key, but the chip also had one extra ‘feature’: the cryptographic key was not just known to the recipient, but also to law enforcement agencies like the CIA and FBI. In a slight nod to privacy, the ‘backdoor key’ was to be split in two and shared between two federal agencies, blocking any single party from use.
The tech world protested: weakening encryption by building in a back door was a bad idea. Only one device was ever produced, by AT&T Bell. It took just one year for a major design flaw to break the encryption, putting a final nail in the coffin of the project.
It is May 24, 2019. The German ‘Der Spiegel’ reports that the German minister of interior afairs is working on a project that will force communication apps to break their encryption and give surveillance agencies access to their content.
Today, June 11, together with over 100 other organizations, Nextcloud signed a public letter against this plan-in-development. This was a bad idea in 1993, it is a bad idea today.
Five issues with a crypto backdoor
The criticism, as explained in the letter, covers 5 main things.
First, it goes against over 20 years of successful crypto-related policy in Germany, making Germany one the most secure countries in the cyber economy.
Second, more technically speaking, the vulnerability that has to be built into messenger software can of course be used by anyone, not just the government. This means access to the data by criminals, but also, of course, employees of the companies behind the apps. And while the government has said to block any service which keeps using encryption, there are many other ways of encrypting data. The data of ‘normal’ users won’t ben encrypted anymore, but criminals and terrorists of course are very motivated to keep their communication safe.
The third point extends the last element of the second: the supposed benefits for law enforcement are dubious at best. There is no evidence of increased difficulty of surveillance, rather an increased use of it. Mostly, surveillance is done with ‘Trojan horses’, apps which infect the device of a target and, before data is encrypted, share it with law enforcement. This targeted approach works well and represents a more balanced approach to law enforcement vs privacy.
Fourth, Germany does not operate in a vacuum. The international community watches and this move will be used by authoritarian states to justify their mass surveillance. The credibility of Germany as an international proponent of freedom, leader of the free world perhaps, will be tarnished.
Last, but not least, this will have big consequences for the industry in Germany, putting it at a serious disadvantage. When people know that their digital communication in Germany isn’t entirely safe, financial services, healthcare and other sectors will be negatively impacted. The letter notes that in 2016 and 2017, the total costs of sabotage and cyber spying was over 43 billion euro, and with a weakened state of encryption the costs of breaches will go up. Innovation will suffer, as technology theft becomes easier and Germany won’t be as good a place to start a business or do R&D anymore.
DIE ZEIT, a prominent German outlet, interviewed Nextcloud’s founder Frank Karlitschek for an article on Microsoft’s anti-competitive behaviour on the European office software market. Read for a recap of the article and the key takeaways.
MagentaCLOUD’s migration to Nextcloud in 2021 resulted in a fully equipped Online Storage with an integrated online office suite that further improves the user experience, flexibility and security for customers.
Nextcloud is nominated for the CloudComputing-Insider IT-Awards in 2024, making it our 8th nomination. With your help, we can once again make it to the winners' list! Read on to learn more about the award and how to vote.
The Nextcloud Community Conference is not your average event - it's a community meetup that brings together Nextcloud enthusiasts, contributors, developers, users and industry experts from all over the world.
Regain control of your time with Hub 8: improvements all around Hub, new apps, new AI features, new level of performance and comfort. Tune in and discover the next generation of collaboration.
We bring you a major update to the Nextcloud AI Assistant, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!
Bechtle and Nextcloud announce today a complete managed collaboration platform for the public sector that requires no tender and can be deployed immediately.
Discover how to make the switch from ownCloud to Nextcloud. Our quick guide provides insights into the migration process, helping you make the transition smoothly.
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]
A CrowdStrike update took down countless Microsoft systems, disrupting flights, surgeries, banking and more all over the world. The incredible impact this single outage had shows the importance of digital resilience, especially in the public sector.
We save some cookies to count visitors and make the site easier to use. This doesn't leave our server and isn't to track you personally!
See our Privacy Policy for more information. Customize
Statistics cookies collect information anonymously and help us understand how our visitors use our website. We use cloud-hosted Matomo
Matomo
_pk_ses*: Counts the first visit of the user
_pk_id*: Helps not to double count the visits.
mtm_cookie_consent: Remembers that consent for storing and using cookies was given by the user.
_pk_ses*: 30 minutes
_pk_id*: 28 days
mtm_cookie_consent: 30 days