-
Herald: Okay, so you are the lucky ones
-
who made it into Linus' talk.
-
The talk is called: "Bullshit made in Germany-
-
How to host your DE-Mail, E-Mail and Cloud directly at the German Intelligence Service.
-
It will take an hour, from 8:30 pm to 9:30 pm.
-
...
-
Furthermore there are subtitles. You can find them on Twitter @c3subtitles.
-
Many of you probably listen to the Podcast "Logbuch Netzpolitik" (Logbook Netpolitics)
-
by Linus and Tim Pritlov.
-
Those of you who do that have listened to Linus ranting
-
about DE-Mail and the other mentioned topics.
-
Linus happens to be an expert in this field and even made it his profession.
-
He also attend the Bundestag (German Parliament), several hearings
-
in committee, the committee of the Interior and the committee on legal affairs.
-
And he is going to tell you more about that
-
and I am really looking forward to that. Applaud for Linus.
-
(Applauding)
-
(Laughing and Applauding) The excrement pictogram resembles the logo of the controversial "You are Germany" marketing campaign
-
Linus Neumann: Thank you very much for coming.
-
Can you hear me? Yes. - Okay, great.
-
Actually everything about the talk has already been said.
-
We could just as well cancel it.
-
But I guess I will still do it.
-
I want to talk a little about Federal German Security-tech
-
before and after Snowden.
-
My hypothesis is that the "before and after" actually does not matter.
-
Which I will illustrate through four examples.
-
The first one is of course the DE-Mail.
-
The second is the E-Mail made in Germany.
-
Not to forget the "Schlandnet". (Cacography on Deut-schland-net)
-
And at the end I allow myself to comment on the Deutschlandcloud.
-
The De-Mail started actually a long time before Snowden.
-
I already wrote an article about it back in 2011.
-
Back then Harald Welte (FOS activist) was a member of a Bundestag committee
-
and delivered a report for the CCC.
-
One had the impression that the whole issue was taken care off.
-
But suddenly it boiled up again.
-
I want to explain right now how it came to this.
-
Let's remember, De-Mail has the goal to enable secure, confidential,
-
and verifiable correspondence for everyone.
-
We created a law for this,
-
in which the De-Mail services were somehow established.
-
If one thinks about it, it becomes apparent:
-
It is obvious that one can not have legally binding and verifiable correspondence vie E-Mail.
-
-
There are many who criticized the concept of the E-Mail for the longest time.
-
Who had the wish that someone would develop something better.
-
There are those who took matters into their own hands and made PGP.
-
And the Federal Government of Germany did something too.
-
We believed that maybe they are going to improve SMTP and IMAP,
-
that it would become a great new thing, which somehow works.
-
And everything started in 2009, when they said: "Yes we are creating an accredited provider,
-
which has to offer the user a secure Mailbox
-
for secure electronic messaging."
-
Great, so we solved the problem.
-
2011 came the law in which it was stated:
-
"It is resolved, the De-Mail is the secure one!"
-
And then...I thought another slide would come up, sorry.
-
And what did they do?
-
They took care of some of the problems with E-Mail.
-
With their De-Mail.
-
We have to admit that.
-
They thought to themselves: anyone can register as "hasi69@yahoo.com"
-
This does not mean that we are actually dealing with Hasi here
-
if we get this E-Mail.
-
And we have to make sure of that.
-
Naturally we can now implement signatures.
-
Also we have the problem of the verifiable correspondence.,
-
written correspondence. 'laughing' (lame sex joke)
-
This is stupid one should not laugh about it. (referring to the same lame sex joke)
-
If I get a letter, and I don't like it,
-
I can simply put it aside and claim
-
that I never received the letter.
-
Only if I receive a registered mail I am bound to it.
-
Great advice which one can apply from time to time.
-
And both problems, they thought, we can solve like this:
-
Anyone who wants to register a De-Mail, has to show an ID.
-
Great! Also we oblige the user to collect the De-Mails.
-
And offer a fee-based service for the sender
-
to receive a receipt.
-
Pay a little more and you get a registred mail.
-
And the person who got or didn't the De-Mail
-
is the documented receiver.
-
This was the first reason for me to say:
-
"Okay I don't want a De-Mail"
-
E-Mail has another little problem, you can't make profit out of it.
-
But for that we also found an "intelligent" solution.
-
39 Euro Cents is the cost of a De-Mail.
-
(laughing)
-
There are accounts for professionals with a discount down to 32 Cent,
-
and 10 free De-Mails.
-
From a security standpoint you can criticize that
-
it is a allocated system with competing providers.
-
For that too there is a solution:
-
Let's just introduce expensive certificates.
-
Then we will have only a few providers which will only compete for a certain amount of time.
-
Until they all shrink and at the end we have a centralized system.
-
Another issue with E-Mail 2009 is,
-
many providers offer unencrypted connections.
-
We will come back to that later on.
-
Then they said, we are going to make SSL universally.
-
So the De-Mail will never be transmitted in plaintext.
-
Then there is the problem that, with E-Mail, not every user supports
-
end-to-end encryption, like PGP or SMIME, which would lead to secure encryption
-
-
Which would make it impossible for the providers
-
to read the De-Mails.
-
For that there is also a good solution, we still don't apply it.
-
In the 90s there was a problem,
-
I admit that,
-
with E-Mail-Worms.
-
Someone had this ide, outlook was primarily effected...or outlook express
-
It would be great if you could write a Mail
-
just implement JavaScript,
-
the receiver gets it,
-
and the computer executes said JavaScript
-
and then we can...
-
I don't know...let something blink.
-
The result was that masses of E-Mails came with computer viruses,
-
which infected Outlook via Script
-
and sent other stuff.
-
E-Mail-Worms were a problem.
-
So they said, for that we have a solution too.
-
We scan for viruses.
-
A virus scan at the provider.
-
Who thinks this is a good idea?
-
(laughing)
-
Audience member: McAffee!
-
(applauding)
-
Linus Neumann: This thing is registered on my name.
-
If I plan to infect someone with a virus,
-
I would never do this with an address,
-
which is registred on my name,
-
an for which I pay additional 39 Cent.
-
(Laughing)
-
(Incomprehensible Interjection by an audience member)
-
Neumann: It could occur that the 39 Cent are actually worth it.
-
It is way to expensive for a massive attack,
-
if my goal is to build a huge botnet,
-
in this case naturally I wouldn't do it over De-Mail,
-
I would have to pay an arm and a leg for that.
-
But if I want to concentrate my attack,
-
on someone sensitive who is worth the effort,
-
that I would even pay the 39 Cents for transmitting my virus,
-
and invest the better part of an afternoon
-
to craft the virus, which I only craft solely for this particular person,
-
which a virus scanner most likely won't even recognize,
-
and then even get the possibility to test that,
-
because I can send it 5 and more times to myself.
-
Then see if the De-Mail virus scanner find the virus or not.
-
Then I send it to someone, who says,
-
great, scanned for viruses, I can execute this.
-
Therefore not a very bright idea.
-
Besides there are other ways,
-
I can send an URL instead of a De-Mail,
-
I can send an E-Mail.
-
I can hope for them to download the software,
-
I can put it on Flash or Java,
-
generations of attackers do that for years now.
-
With great success.
-
This means that it leads to
-
an effect which rumored to be correlating with wearing helmets.
-
Risk-Compensation, I am protected,
-
I can do whatever I want!
-
But the truth is that you are wearing the helmet on your knee,
-
and if you fall on your face...
-
I know this comparison does not make much sense.
-
(laughing)
-
This means, at the end of the day we have a system,
-
which is not encrypted, because it is only a transport encryption.
-
Thus the De-Mail is stored unencrypted on the De-Mail-Server.
-
Respectively they say it is encrypted but the key lies just next to it.
-
I know it is a very nice point to show it like this.
-
But the fact is that something is not encrypted if you have the key.
-
There are only very few provider and only sensible communication is exchanged.
-
It is a dream come true for the Federal Criminal Police Office
-
and the Federal Office for the Protection of the Constitution.
-
Because for them it resolves the issue of the spam.
-
We remember that we had to suffer for quite a while,
-
that E-Mails consisted of too much spam and it overload the filters of the agencies.
-
This should be resolved with the D-Mail.
-
The truth is that the provider based virus scanners are just an excuse,
-
or an argument in favor of not offering an end-to-end encryption.
-
Because if the provider can't read the messages,
-
it can't check for viruses.
-
Now we could evaluate, do I want an imperfect virus protection
-
or do I want confidential communication.
-
That was back in 2011 and after that happened...
-
(laughing)
-
....nothing.
-
This made the De-Mail providers unhappy.
-
They had paid all their money,
-
for establishing the De-Mail infrastructure.
-
There was a very nice article on Heise(.de)
-
written by Detlef Borchers.(famous IT-Journalist and author)
-
After the CCC wrote several reports on this topic,
-
journalists were invited to the De-Mail-Center.
-
Where they showed them defenses against bulldozer attacks.
-
(laughing)
-
So money was spent,
-
to make it more secure.
-
But somehow no one wanted it.
-
So this great verifiable correspondence for everyone,
-
no one jumped on it.
-
I didn't know anyone who had De-Mail.
-
Something had to be done.
-
A new law had to be imposed.
-
And this time a law which declares the De-Mail to a standard.
-
By making it the most simple and cheap method,
-
in comparison to a number of expensive and perhaps superior methods.
-
But what we certainly know is
-
that the lowest entrance level is the one
-
on which the people will level themselves.
-
This was then done 2013 with the E-Government and E-Justice laws.
-
Those were laws to which I got invited into the committee
-
as advocates of the CCC.
-
The first one was about the E-Government law.
-
I got this law-thingy.
-
This was also the first time I had to look over something like this with the burden,
-
to have to give an informed opinion about a legal text
-
and that in a committee where Peter Uhl sits in front of you.
-
(laughing) I thought: "Oh that is going to be hard."
-
Then I got the legal text.
-
And now it is like this: They had in this case a problem.
-
because the way they had phrased their pretty De-Mail law,
-
the De-Mail did not meet the requirements on security, which they had determined in other laws about transferring
-
certain data. There it was stated: If X and Y are transmited
-
then it has to be encrypted properly.
-
Now they had to somehow fix it because their pretty De-Mail didn't work at all
-
-at all! It would have violated the law
-
to transmit De-Mail or to use it, because it was evident that it was not secure enough.
-
But of course for every technical difficulty there is a legal solution:
-
And then we find such great sentences as:"The sending of social data through a De-Mail-message to a respective accredited provider - for short dated decryption for the purpose of checking for malware and the purpose of forwarding it to the recipient of the De-Mail-message - is not transmitting!"
-
(laughing) Problem solved!
-
"A decryption does not violate
-
the prohibition on decryption." Is what this longe sentence,
-
which I want to spare, you is saying.
-
This is roughly the face I made, because I was not sure if I really understood that sentence.
-
But it was actually the case.
-
Then I came into the committee of interior affairs and said: "Hello, I looked over
-
what you have written. And I believe that it is dangerous what you are doing here."
-
You should - that was my main argument - you have to know
-
you have to argument in a way in which they find it interessting
-
and listen to you, I just wanted to help them.
-
So I say: "Okay, if you do this then
-
we will have all this unencrypted sensitive E-Mails
-
on the 4 or even just 3 De-Mail Servers, around which you have built you bulldozer protection
-
- which I did not know at that point -
-
guess how attractive those will be as a target for attackers?
-
Where I know: The content is so confidential
-
that people are even willing to pay 39 Cent to be lulled into a false sense of security.
-
From a security standpoint I rate this as problematic.
-
And then...you have to...I maybe have to explain this:
-
If you are invited to a hearing like this and you are an expert witness -
-
I thought that this word actually means what it says. (laughing)
-
I felt honored, I thought: "WOW, great they have acknowledged
-
my expert knowledge and thus invited me. As a rule it is an act
-
with people who of course get invited
-
to say what they say. And they invite any judgedes
-
from obscure groups. At the end they are
-
lobbyists, which urge:" We like this
-
We have to do this!" One of the expert witnesses literally said:
-
"It might be true that there is a consensus in the hacker scene which states that there is no server on this planet which is unhackable and that they are the prefered targets of intelligence services, NASA etc.
-
- As I mentioned before a few weeks before Snowden - But you can't use this as a basis for a reasonable standard for everyday communication"
-
This jolly fellow completely missed the point. Everyday communication is
-
a Facebookmessage, I don't need to implement De-Mail
-
for that. So I said:
-
"Attention my friends, I have a suggestion. Every E-Mail client supports even S/MIME
-
and you just tried to sell new ID cards to the people,
-
which they also did not want. And on this ID cards there is
-
a Smartcard and you could put a certificate on it
-
and people could use them to encrypt their De-Mails and
-
even sign them. You would kill two birds with one stone.
-
And additionally you would get a secure De-Mail-System."
-
By the way: A little side hint, what I didn't tell them:
-
At this moment they could have quit the whole thing.
-
Because if someone is able to
-
sign a document properly, it does not matter with what he transmits it to me.
-
The cryptographic signature on a document is there for exactly this.
-
Then it was said, that they had to somehow
-
discredit my my suggestion for an end to end encryption and get rid of it.
-
And then they asked:"Yes but is that possible with smartphones?!"
-
I said: "Yes." (laughing)
-
(applauding) And it is true, it is a tipp to
-
load S/MIME and S/MIME certificates onto your iPhone. Well and then
-
- I am always friendly and honest - I said:
-
"But I don't think that this would be a good idea." (laughing)
-
And then it was asked: "with the end to end encryption,
-
you have to explain, how one would do that,
-
if they are on a vacation in Turkey, in an internet shop,
-
and wants to collect his end to end encrypted De-Mails." (laughing)
-
The right answer is of course:
-
"You do NOT do it!" (laughing)
-
(applauding) So I was talking and I knew
-
if a law has come this far...
-
To be in such a hearing is, as mentioned, just an act
-
and it was clear to me that
-
I can't bring this law to fall. I took my role serious
-
and tried to apply my knowhow but it was a lost cause.
-
By the way, the young man who asked me that question -
-
when I came out of the committee room and was heading to the elevator-
-
he came to me and said: "I know you are right but...that is how it goes."
-
Exactly!
-
And I thought: "Well, okay hm..there is nothing one can do"
-
Let's recall: This is a committee for internal affairs
-
I believed that those people are interested in internal security
-
I am just going to tell them about the Cyberwar and Cybercrime and they will surely listen to me.
-
What I did not notice is,
-
that I put my focus on security
-
and not on verifiability. But they noticed it and therefore
-
they wrote a second bill. The eJustice law,
-
where they say that we have to rewrite the whole justice procedure,
-
so we can somehow apply De-Mail in justice court communication.
-
And now it was about verifiability.
-
It was about making the De-Mail verifiable.
-
It is about making the De-Mail
-
Not Synced
worth the paper it was printed on.
-
Not Synced
(laughing)
-
Not Synced
