1. What has happened?
This is to inform you of upcoming political activities of the
German government with regard to legal regulations of the
distribution and use of cryptographic technology, including
software as PGP or the like.
According to brief notices published
today by the weekly newsmagazine "DER SPIEGEL" as well as by some dayly
newspapers, last week a secret meeting of high-ranked officials was closed
with an urgent recommendation in favour of a strongly restricted key-escrow
The list of participators is said to have included Mr. Peter
Frisch, who is the head of the German Verfassungsschutz (a secret
service responsible for counteracting domestic anti-constitutional
activities in Germany), as well as a Secretary of State delegated
by the minister of domestic affairs of the Federal Republic of
Germany, Mr. Kanther, and other Secretaries of State delegated by
the local governments of all of the 14 States of which Germany is
2. About the outcoming of the meeting
It is said that up to now there is only a draft proposal which
will be subject to further consulations of the Cabinet of the
German government. However, there are rumors saying the German
Cancellor, Mr. Kohl, intends to make decisions immediately after
the christmas break in early January, 1997.
The envisaged crypto regulation would impose a *general ban* on
all distribution and/or use of cryptography with regard to the
German territory, including the German part of the internet. This
would, of course, also affect PGP. After such law would have
entered into force, even downloading PGP or handing over a disk
with a PGP copy would be illegal.
Legal use of cryptography would then be granted if and only if a
general license has been obtained by the manufacturer and/or
distributor of crypto equipment from some dedicated authority for
that crypto software and/or the crypto device. This license
will, in particular, require that
- the secret keys are always escrowed by depositing them in a
secret official database which is accessible by secret serivices
and law enforcement authorities, and
- also the source code of the crypto software is deposited.
Private as well as commerical use of cryptography will be licensed
only under these restrictions.
3. Possible consequences
It is clear that PGP does not fit these requirements. Of course,
also things like RSA encryption included in Netscape browsers,
although crippeld by U.S.-ITAR, would not be allowable.
Furthermore, it is said that the envisaged crypto regulation also
would cover all crypto software and/or devices required for
dealing with digital signatures.
This means that anyone who actually has access to the secret key
escrow database, whether legal or not, would be able to monitor
all intercepted encrypted traffic and would as well be able to
fake any digital signature.
4. Scope of present available information
At present it is not clear to what extent current reporting about
the crypto politics of the German government can be validated.
There seems to be little doubt that some roundtable meeting of
high-ranked officials was held behind closed doors last week, but
there are contradictory reports about the results. Some say that
the report finished by said conference is merely a noncommittal
collection of papers and materials. Others claim that said report
comprises, inter alia, at least key phrases of an upcoming crypto
regulation if not a draft wording therefor. Anyway, it seems to be
clear that Mr. Frisch and other security officials
are strongly pushing towards a legal ban on strong crypto.
5. Political background and related issues
A broad discussion among relevant experts outside secret services
and law enforcement authorities has shown that such crypto ban is
useless for fighting against crime. This in particular holds
because criminals might use steganography. Moreover, it is not
very likely that criminals will decide to make use of any licensed
crypto devices, knowing that the secret keys are escrowed.
But why how and here this nervous attempt of the German government
to push back the ghost into the bottle? They seem to feel that it
is just only a question of months, or maybe one year or so, until
strong cryptography is so widespread that any attempt to ban it
would inevitably fail.
During a hearing recently held by an enquete commission of the
Bundestag (=German Parliament) labeled "Future of Media in
Germany", a representative of the Federal Ministry for Domestic
Affairs (Bundesinnenministerium) argued that that he is well
knowing that strong crypto methods are widely available and that
he does not assume that a ban on strong crypto would discourage
criminals. However, if e.g. by means of a wiretap any illegal use
of encrypted communication would be detected, this would consitute
an important hint which would cause further investigations.
Moreover, he argued that there is a further benefit of being able
to perform traffic analysis on the basis of identified individuals
under suspicion who use certain methods of illegal cryptography,
enabling law enforcement authorities to draw conclusions with
regard to the structure of organized crime.
As far as it can be seen today, only two ministers might argue
against that crypto proposal: First, Mr. Schmidt-Jortzig, Minister
of Justice, and second, Mr. Rüttgers, responsible for research
promotion and technology. Chancellor Kohl and in particular Mr.
Kanther are said to be strong proponents of an illiberal crypto
With regard to the domestic situation within Germany, one big
question is how business, in particular big business, will respond
to these plans. Of course, anyone who uses cryptography for
commercial purposes might desire to use strong crypto without any
key escrowing. However, as recently seen in the U.S., industry
might prefer to have some kind of compromise with the government.
Most of the private people in Germany are not aware of the
internet and any privacy problems related therewith. Please note
that Germany in general is five up to ten years behind the U.S.
with regard to penetration of the internet into everyday life.
Moreover, there is a big public discussion on organized crime and
domestic security promoted by right-wing politicans of CDU, CSU,
FDP and even SPD.
It should be understood that the intended ban on strong crypto in
Germany might perhaps be avioded by strong protests on a domestic
as well as on an international scale.