It is said that the one thing one can learn from history is that we don’t learn from history. The clipper chip is an example of this, and it shows again today.
It is April 16, 1993. The White House announces the ‘Clipper chip’, officially known as the MYK-78. It was meant for use in secure communication devices like phones, protecting calls from interception by encrypting them.
Each Clipper chip came with a pre-baked, unique secret key, but the chip also had one extra ‘feature’: the cryptographic key was not just known to the recipient, but also to law enforcement agencies like the CIA and FBI. In a slight nod to privacy, the ‘backdoor key’ was to be split in two and shared between two federal agencies, blocking any single party from use.
The tech world protested: weakening encryption by building in a back door was a bad idea. Only one device was ever produced, by AT&T Bell. It took just one year for a major design flaw to break the encryption, putting a final nail in the coffin of the project.
It is May 24, 2019. The German ‘Der Spiegel’ reports that the German minister of interior afairs is working on a project that will force communication apps to break their encryption and give surveillance agencies access to their content.
Today, June 11, together with over 100 other organizations, Nextcloud signed a public letter against this plan-in-development. This was a bad idea in 1993, it is a bad idea today.
Five issues with a crypto backdoor
The criticism, as explained in the letter, covers 5 main things.
First, it goes against over 20 years of successful crypto-related policy in Germany, making Germany one the most secure countries in the cyber economy.
Second, more technically speaking, the vulnerability that has to be built into messenger software can of course be used by anyone, not just the government. This means access to the data by criminals, but also, of course, employees of the companies behind the apps. And while the government has said to block any service which keeps using encryption, there are many other ways of encrypting data. The data of ‘normal’ users won’t ben encrypted anymore, but criminals and terrorists of course are very motivated to keep their communication safe.
The third point extends the last element of the second: the supposed benefits for law enforcement are dubious at best. There is no evidence of increased difficulty of surveillance, rather an increased use of it. Mostly, surveillance is done with ‘Trojan horses’, apps which infect the device of a target and, before data is encrypted, share it with law enforcement. This targeted approach works well and represents a more balanced approach to law enforcement vs privacy.
Fourth, Germany does not operate in a vacuum. The international community watches and this move will be used by authoritarian states to justify their mass surveillance. The credibility of Germany as an international proponent of freedom, leader of the free world perhaps, will be tarnished.
Last, but not least, this will have big consequences for the industry in Germany, putting it at a serious disadvantage. When people know that their digital communication in Germany isn’t entirely safe, financial services, healthcare and other sectors will be negatively impacted. The letter notes that in 2016 and 2017, the total costs of sabotage and cyber spying was over 43 billion euro, and with a weakened state of encryption the costs of breaches will go up. Innovation will suffer, as technology theft becomes easier and Germany won’t be as good a place to start a business or do R&D anymore.
Nous vous présentons une mise à jour majeure de l'assistant Nextcloud IA, ainsi que de nouvelles informations sur notre collaboration avec plusieurs grands fournisseurs d'hébergement tels que IONOS et OVHcloud pour vous proposer des options d'IA en tant que service !
Bechtle et Nextcloud ont annoncé aujourd'hui une plateforme de collaboration entièrement administrée pour le secteur public, qui ne nécessite pas d'appel d'offres et peut être déployée immédiatement.
Le 24 avril prochain, nous réunirons des professionnels de l'industrie et des acteurs clés dans le domaine des technologies de l'information pour favoriser le réseautage, partager des connaissances, présenter des cas d'usage et échanger sur les dernières avancées technologiques autour de Nextcloud.
Découvrez comment passer de ownCloud à Nextcloud. Notre outil d'aide à la migration fournit des informations sur le processus de migration et vous aide à effectuer la transition en douceur.
Au cours de la dernière année, l'IA est devenue un sujet à la mode. Il y a de l'engouement, mais aussi du fondement. Il y a du positif et du négatif. Nous voulons vous offrir le positif, pas le négatif, et ignorer le battage médiatique ! […]
Lisez ce guide pour savoir ce que sont les escroqueries de type "deepfake", comment les repérer et comment vous protéger à l'aide des bonnes techniques et des bons logiciels.
Join us at Nextcloud Enterprise Day on April 24 in Munich and meet our sponsor, plusserver. Discover how they embody the pinnacle of 'cloud Made in Germany' with their commitment to data sovereignty and secure workplace solutions.
We updated Nextcloud server releasing updates for Hub 4, 6, and 7. With current update, Hub 4 reaches its end of life. We recommend you to update your Nextcloud, as it is always a quick and safe process.
Nous enregistrons certains cookies pour compter les visiteurs et faciliter l'utilisation du site. Ces données ne quittent pas notre serveur et ne sont pas destinées à vous suivre personnellement ! Consultez notre politique de confidentialité pour plus d'informations Personnaliser
Les cookies utilisés pour enregistrer les données saisies dans les formulaires, telles que le nom, l'adresse électronique, le numéro de téléphone et la langue préférée.
nc_form_fields
Mémorise les données saisies dans les formulaires pour une prochaine visite (nom, adresse électronique, numéro de téléphone et langue préférée).
Les cookies statistiques collectent des informations de manière anonyme et nous aident à comprendre comment nos visiteurs utilisent notre site web. Nous utilisons la solution open source de mesure de statistiques web Matomo
Matomo
_pk_ses*: Compte la première visite de l'utilisateur
_pk_id*: Aide à ne pas compter deux fois les visites.