Germany: New government plans 'right to encryption'.

The coalition contract of the newly elected German government contains right to encryption.

The coalition contract of the new German government (SPD, Grüne, FDP) satisfies a lot of expectations by digital rights activists. A 'right to encryption', 'a right to anonymity', 'increased IT security', 'public money for public code' are just some of the digital promises contained in the contract that give reason to celebrate to all privacy enthusiasts.


Right to encryption

As “amazingly specific” judges the German news magazine Die Zeit the coalition plan for a ‘right to encryption’.

Consequently, the coalition agreement was met with great approval, especially among net activists. The website Netzpolitik.org sees “many good and exciting promises,” but it is now a matter of implementation. And members of the Chaos Computer Club point out the great similarities between the new coalition paper and a formulation aid from the hacker association.

Taken together, the coaliation agreement signals a change in politics in Berlin. The former government led by the conversatives CDU/CSU repeatedly pushed for more surveillance, but fortunately, the new one plans to take a different road.

Digital rights

Under the heading “Dare more progress. Alliance for Freedom, Justice and Sustainability,” the future German coalition partners SPD, Bündnis 90/Die Grünen and FDP presented their coalition agreement last week.

Digital rights activists’ expectations were high, especially since the conservative parties CDU and CSU are no longer involved.

A clear win for digital rights

Included in the coalition paper are numerous digital rights that activists have asked for for decades. Now, these rights are written down in the official agreement of the next German government: There is a “right to encryption”, and a prohibition of state authorities to keep vulnerabilities a secret (which is common practice by many secret services to hack potential criminals as you may read in our best of backdoor fails). Now the contract says: “We require all government agencies to report security vulnerabilities they are aware of to the Federal Office for Information Security (BSI) and to undergo regular external audits of their IT systems.”

From supporting open source software to the right to anonymity: The new coalition contract has it all.

The coalition plans to invest in better IT security for all citizens: “We will strengthen digital civil rights and IT security. It is the state’s duty to guarantee them”.”The right to anonymity both in public spaces and on the internet must be guaranteed” is also included in the paper.

In the future, development contracts will be regularly commissioned as open source, and the software will be made public as a matter of principle. There will be a right to encryption, and the state must also offer the option of genuine encrypted communication.

Independent oversight

On top that all future security legislation will be subject to an evaluation by a panel of independent experts who have to look into issues with any potential restrictions on freedom. Along with this, the coalition contract already says very specifically that biometric recognition in public spaces is to be prohibited, which is inline with a recent decision by the European Parliament on banning biometric mass surveillance.

Controversial hackbacks, i.e., the hacking back of attacks, are rejected as a “means of cyber defense in principle.” All security authorities should be better controlled by parliament and data protection authorities.

Conclusion

As an encrypted email service, we welcome these plans by the new coalition. Finally, there will be a government in Germany that understands the need for encryption for all citizens to protect their private data and to defend themselves against malicious attackers on the internet.

This coalition agreement outlines very good plans and has great potential for Germany’s IT industry.

History of German encryption politics

The right to privacy is protected as a fundamental right in the German constitution.

Following the oppressive German regimes under Hitler with the Gestapo (secret State Police) and in East Germany with the Stasi (Ministry of State Security), Germans are very aware of the dangers that a lack of privacy rights can mean for a society as well as for individuals. Thus, civil society is very active when it comes to fighting for privacy rights.

This awareness is also mirrored in German politics in recent history. However, in politics there is a clear tension between guaranteeing citizens’ privacy rights and the authorities’ wish for retaining more data to prosecute potential criminals. Nevertheless, while many democratic countries have introduced comprehensive surveillance laws in recent years, such as the UK, the USA, and Australia, Germany has not.

Already back in 2015, the German government under Angela Merkel signed a charta containing plans to become the “Encryption site number one”.

However, shortly after the signing of this charta, the German government led by the conservative party CDU changed its course and aligned with other European nations to call for a ‘legal access to encrypted data’. On a national level, the government faced heavy opposition, also in parliament.

The FDP, for instance, has called for a ‘right to encryption’ in 2018 already:

“Among other things, the FDP parliamentary group is calling on the German government to support a right to encryption,” said Jimmy Schulz (FDP) in the debate. Such a right would help to increase “the acceptance and widespread use of encryption technologies among the population, the economy and public institutions. The same right that is needed in the analog world is also needed in the digital world.”

In this debate, Dr. Konstantin von Notz (Bündnis 90/ Die Grünen) also called on the then leading government:

“Finally make Germany the encryption site number one. Not through speeches, but through laws.”

Instead, the German government aligned with several other nations to launch the idea of backdooring encryption via the European Council. The plan was to push this through on a European level also because of the heavy civil and political opposition on a national level.

In December 2020, the European Council under a German presidency adopted a resolution called “Security through encryption and security despite encryption”, which on the one hand underlines the importance of encryption for security, and on the other hand indirectly asks for backdoors to encryption for the authorities.

For digital rights activists this paper was a clear declaration of war as the integrity of end-to-end encryption is non negotiable in regards to security and privacy.

Fortunately, the parties of the new German coalition have no plans for weakening encryption. Instead, the new coalition paper demonstrates that they plan to realize the digital rights politics many activists in Germany and beyond have been waiting for.

Given that the German Greens and the FDP are also much younger and much more knowledgeable in the digital sphere than the formerly leading CDU, digital rights in Germany have a very good chance of prospering in the coming years - despite the ongoing global crypto wars.

What this means for the future

The new coalition agreement paints a very positive picture of the future. Finally, it looks like a truly pro-encryption government is taking over in Germany.

This might also shift politics on a European level and put an end to tendencies of undermining strong encryption.

As the Head of MI6 has just warned: With the rise of quantum computers a lot of new threats arise, particularly in the digital sphere.

Strong end-to-end encryption is one of the best tools to defend ourselves and our data against all kinds of threats online. To also fight off future attacks from quantum computers, we need to invest in post-quantum secure encryption, like Tutanota’s PQmail project.

With current and future threats in mind, it is very promising that Germany will finally have a government that

  1. has a good understanding of the digital sphere, its threats and its potential, and
  2. is not willing to sacrifice citizens’ right to privacy.

The next four years will show whether this government will achieve what was promised to us in 2015 already:

Make Germany the encryption site number one!