Press Release: IT Security Sabotage threatens the domestic Economy
Effective end-to-end encryption is a critical component in everyday and business life. Over 300 years ago, cryptanalysis, i.e. the method for decrypting secret codes, had its heyday in Europe. In so-called black chambers or black cabinets (also known as cabinet noir) in post offices all letters from certain people were secretly opened, viewed, copied and closed again. The letters intercepted in this way were then delivered. The purpose was to find dangerous or harmful news for the regents of the time. The most active and efficient chamber in Europe was the Secret Cabinet Chancellery in Vienna. This early form of wiretapping was only ended in the 19th century. And this scenario of the imperial and royal courts is now facing all European companies and individuals. End-to-end encryption is to be provided with back doors at the urging of the British secret service, as proposed by the EU Council of Ministers.
War on Mathematics
Algorithms for encryption and management of digital keys have long become an integral part of everyday life. Websites, apps on smartphones, going to the bank virtually, communicating with authorities, streaming music or videos, computer games, software upgrades, reading the digital newspapers, as well as ordering and accounting from companies all rely on the integrity and protection of what is transmitted on the Internet. The term end-to-end encryption describes a series of procedures in which only the communication partners themselves have the keys and no one else. At the latest since the documentation of mass surveillance and other illegal projects by secret services by Edward Snowden IT companies and standardization bodies have had methods for end-to-end encryption built into many transmission protocols so that companies can defend themselves against industrial espionage and related attacks. The technological background for these implementations is part of math, which describes, without any information technology, how encryption, decryption and the keys themselves look like.
Since the Cold War, the mathematics of cryptography has been actively fought. The US kept a list of dangerous goods that were not intended for export. This also included cryptographic algorithms. Strong encryption was not even accessible to companies for fear of the Soviet Union. In the 1990s, the war on cryptography shifted to personal computers (PCs). Affordable computing power in the hands of everyone was perceived as an existential threat. The climax of this dispute with IT experts and the US government culminated in the proposal to provide all voice and data transmissions with a back door for authorities via the so-called clipper chip. The project failed due to economic concerns. It was not until President Clinton’s Executive Order 13026 in 1996 that cryptographic algorithms were removed from the list of technologies to be regulated. These Crypto Wars have been repeated periodically since then.
No Relation to Reality
The evocation of evil in all forms of cryptography has no relation to reality. The attack on November 2, 2020 in Vienna was possible due to errors in the investigation by the authorities. The British investigative journalist Duncan Campbell gave a presentation at the DeepSec conference in 2011 entitled "How Terrorists Encrypt". He outlined cases and suspects who had been under investigation in previous years. The examples ranged as far as the September 11th attackers in the United States. No group, no individual used modern encryption. Instead, very old methods such as speaking boards (simply replacing words) were used together with unencrypted e-mail messages, telephone calls and meetings. All of these methods are much less conspicuous and easier to use. The more complex a communication system, the more dependencies there are. This sometimes makes it difficult to use such systems and makes it easier for criminal investigation, because it is very easy to discover encrypted communication between endpoints (the fact that encryption is used, not the content). This makes metadata analysis much easier than it is with harmless meetings for coffee or a movie.
Artificial Creation of an Underground
The conclusion from the Crypto Wars can be summed up in one statement: If you criminalize cryptography, then only criminals have cryptographic means. The basis for encryption lies in mathematics. The implementation takes place in software. It is therefore possible at any time to use forbidden algorithms on a universal computer, e.g. laptop / smartphone. This is not an academic example. The Los Zetas Cartel in Mexico maintains its own communications infrastructure, including its own cellular network with radio cells. Cellular networks contain monitoring interfaces as standard. This is known to experts as well as opponents. Confidential communication therefore only takes place via solutions that use secure encryption. The Los Zetas demonstrate the natural response that takes place to prohibitions and surveillance. The proposal of the EU Council of Ministers will therefore ultimately create an underground in which the forbidden methods will continue to be used. This will also include companies that can no longer protect their trade secrets in any other way. The meaningfulness of this concept must therefore be questioned. Furthermore, it does not take into account that there is no globally active organization with branches behind the terrorist attacks of the last decades. It's ideas that are shared through social media, conversations, and meetings. This strongly decentralized structure cannot be hindered by a ban on end-to-end encryption or the installation of back doors, but the work of companies and the everyday life of private individuals can. The digital economy as we know it now would not be possible without strong IT security.
Constitutional Conformity questionable
The introduction of back doors in encrypted communication is very questionable, both legally and socially questionable. The data retention is also one of the measures that are constantly put forward and repeatedly violate applicable law. Quite apart from that, the abolition of secure communications affects governments and agencies alike. A weakening of security measures will always be exploited. The wiretapping scandal in Greece in 2005 or the recently discussed back doors in network equipment of the US company Juniper are selected examples of this. Both and much more was discussed extensively at previous DeepSec security conferences. It is to be hoped that, despite all the panic, the economy will be able to legally protect itself against digital threats in the future. Europe as a business location would be worth it.
Schedule and Booking
The DeepINTEL Security Intelligence Conference will take place on November 18th. Since this is a closed event, we ask for direct inquiries about the program. We provide strong end-to-end encryption for communication: https://deepsec.net/contact.html
The DeepSec 2020 conference days are on November 19th and 20th.
The DeepSec trainings will take place on the two preceding days, November 17th and 18th.
Due to the current COVID-19 measures, all trainings and all lectures are of a virtual nature.
You can order tickets for the DeepSec conference itself and the training courses at any time under the link https://deepsec.net/register.html.
Sponsor discount codes are still available. Contact deepsec@deepsec.net if you are interested. Please note that we are still dependent on timely ticket orders due to planning security.