[pbininda]

I find the german answers [1] surprisingly reasonable.

High Five for the final answer:

> 11. Are there other issues that you would like to raise in relation to encryption and the possible approach to these issues? Please share any relevant national experience or considerations arising from your practice that need to be taken into account.

> Yes. A regulation to prohibit or to weaken encryption for telecommunication and digital services has to be ruled out, in order to protect privacy and business secrets.

Go Germany!

[1] https://www.asktheeu.org/en/request/3347/response/11727/atta...

[hannob]

I come from Germany. The situation is complicated. The responsible politicians tend to make statements that are contradicting or don't make any sense. There have been multiple statements that at least could be interpreted as supportive of encryption regulation. In one occasion there was a joint statement by the french and german ministers of interior - with the slight problem that the french and german versions of the statement were different.

Recently they created a new institution supposed to help decrypting messages. They never explained what that actually means. (I mean you simply can't decrypt properly designed crypto systems.)

Germany isn't the privacy paradise that some people in the international debates sometimes like to see in it.

[grey-area]

On the other hand, it has a larger constituency in government who oppose undermining encryption than most other western nations and a good negative example in the recent past (the Stasi). Just look at the recent legislation passed in the UK, and the statements of Theresa May on encryption or the recent lawsuits by the FBI against Apple. It may be our best hope in stopping legislation mandating backdoors to encryption, which would damage everyone.

[Barrin92]

The most important difference is the parliamentary sovereignty of the UK. The biggest protector of privacy here in Germany is the constitution, and the Constitutional court rules fairly assertively on issues of privacy and civil rights, so what PM's do or don't do is not that important.

The UK has no such safeguard due to governmental structure.

[lima]

> Germany isn't the privacy paradise that some people in the international debates sometimes like to see in it.

In comparison with pretty much everyone else, it is.

[dom0]

> (I mean you simply can't decrypt properly designed crypto systems.)

Luckily most deployed crypto isn't properly designed :)

[akerro]

>Recently they created a new institution supposed to help decrypting messages.

Could you give me more info about it?

[raverbashing]

> Recently they created a new institution supposed to help decrypting messages.

BSI? They're not new

[pgeorgi]

I guess GP was referring to ZITIS, not BSI.

BSI's job generally is ensuring IT security, not breaking it.

Even the weirder jobs they're tasked with, such as certifying backdoor software for LEAs, it's not about ensuring its operation as a backdoor, but that it only does the designated job (and in particular doesn't bring additional capabilities that are outside their charter)

[detaro]

I sometimes wish BSI had more teeth (e.g. when it comes to stuff like reviewing official backdoor trojans, it's annoying that we need private initiatives and the constitutional court every single time, although that keeps the topic hot), on the other hand it also has a strong whiff of incompetence and bureaucracy that I don't want to see with actual power.

[hannob]

Yes, I was referring to ZITIS.

> BSI's job generally is ensuring IT security, not breaking it.

Unfortunately that's also not true. The role of the BSI is very mixed and they have a role as both being offensive and defensive. Which is one of the problems. They're not trustworthy.

[pgeorgi]

So which department shown on https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/BSI/Orga... has an offensive role?

The BND/BSI split as implemented in Germany is relatively unique precisely to separate offensive and defensive concerns. The biggest issue IMHO is that they both report to the same federal office.

[hannob]

Here's some (german) background info on the role. The BSI assisted the BKA in creating a trojan, but tried to hide it from the public: https://netzpolitik.org/2015/geheime-kommunikation-bsi-progr...