< Return to Video

Bullshit made in Germany

  • 0:09 - 0:12
    Herald: Okay, so you are the lucky ones
  • 0:12 - 0:13
    who made it into Linus' talk.
  • 0:13 - 0:15
    The talk is called: "Bullshit made in Germany-
  • 0:15 - 0:18
    How to host your DE-Mail, E-Mail and Cloud directly at the German Intelligence Service.
  • 0:18 - 0:21
    It will take an hour, from 8:30 pm to 9:30 pm.
  • 0:21 - 0:33
    ...
  • 0:33 - 0:40
    Furthermore there are subtitles. You can find them on Twitter @c3subtitles.
  • 0:46 - 0:50
    Many of you probably listen to the Podcast "Logbuch Netzpolitik" (Logbook Netpolitics)
  • 0:50 - 0:52
    by Linus and Tim Pritlov.
  • 0:52 - 0:55
    Those of you who do that have listened to Linus ranting
  • 0:55 - 0:58
    about DE-Mail and the other mentioned topics.
  • 0:58 - 1:01
    Linus happens to be an expert in this field and even made it his profession.
  • 1:01 - 1:05
    He also attend the Bundestag (German Parliament), several hearings
  • 1:05 - 1:07
    in committee, the committee of the Interior and the committee on legal affairs.
  • 1:07 - 1:10
    And he is going to tell you more about that
  • 1:10 - 1:10
    and I am really looking forward to that. Applaud for Linus.
  • 1:10 - 1:20
    (Applauding)
  • 1:23 - 1:28
    (Laughing and Applauding) The excrement pictogram resembles the logo of the controversial "You are Germany" marketing campaign
  • 1:34 - 1:35
    Linus Neumann: Thank you very much for coming.
  • 1:35 - 1:37
    Can you hear me? Yes. - Okay, great.
  • 1:37 - 1:40
    Actually everything about the talk has already been said.
  • 1:40 - 1:42
    We could just as well cancel it.
  • 1:42 - 1:45
    But I guess I will still do it.
  • 1:45 - 1:50
    I want to talk a little about Federal German Security-tech
  • 1:50 - 1:55
    before and after Snowden.
  • 1:55 - 1:59
    My hypothesis is that the "before and after" actually does not matter.
  • 1:59 - 2:05
    Which I will illustrate through four examples.
  • 2:05 - 2:07
    The first one is of course the DE-Mail.
  • 2:07 - 2:09
    The second is the E-Mail made in Germany.
  • 2:09 - 2:12
    Not to forget the "Schlandnet". (Cacography on Deut-schland-net)
  • 2:12 - 2:18
    And at the end I allow myself to comment on the Deutschlandcloud.
  • 2:18 - 2:25
    The De-Mail started actually a long time before Snowden.
  • 2:25 - 2:29
    I already wrote an article about it back in 2011.
  • 2:29 - 2:34
    Back then Harald Welte (FOS activist) was a member of a Bundestag committee
  • 2:34 - 2:37
    and delivered a report for the CCC.
  • 2:37 - 2:40
    One had the impression that the whole issue was taken care off.
  • 2:40 - 2:43
    But suddenly it boiled up again.
  • 2:43 - 2:45
    I want to explain right now how it came to this.
  • 2:45 - 2:51
    Let's remember, De-Mail has the goal to enable secure, confidential,
  • 2:51 - 2:56
    and verifiable correspondence for everyone.
  • 2:56 - 2:58
    We created a law for this,
  • 2:58 - 3:02
    in which the De-Mail services were somehow established.
  • 3:02 - 3:05
    If one thinks about it, it becomes apparent:
  • 3:05 - 3:13
    It is obvious that one can not have legally binding and verifiable correspondence vie E-Mail.
  • 3:13 - 3:19
  • 3:19 - 3:25
    There are many who criticized the concept of the E-Mail for the longest time.
  • 3:25 - 3:31
    Who had the wish that someone would develop something better.
  • 3:31 - 3:36
    There are those who took matters into their own hands and made PGP.
  • 3:36 - 3:39
    And the Federal Government of Germany did something too.
  • 3:39 - 3:45
    We believed that maybe they are going to improve SMTP and IMAP,
  • 3:45 - 3:49
    that it would become a great new thing, which somehow works.
  • 3:49 - 3:56
    And everything started in 2009, when they said: "Yes we are creating an accredited provider,
  • 3:56 - 3:59
    which has to offer the user a secure Mailbox
  • 3:59 - 4:03
    for secure electronic messaging."
  • 4:03 - 4:05
    Great, so we solved the problem.
  • 4:05 - 4:09
    2011 came the law in which it was stated:
  • 4:09 - 4:15
    "It is resolved, the De-Mail is the secure one!"
  • 4:17 - 4:25
    And then...I thought another slide would come up, sorry.
  • 4:25 - 4:28
    And what did they do?
  • 4:28 - 4:31
    They took care of some of the problems with E-Mail.
  • 4:31 - 4:31
    With their De-Mail.
  • 4:31 - 4:34
    We have to admit that.
  • 4:34 - 4:37
    They thought to themselves: anyone can register as "hasi69@yahoo.com"
  • 4:37 - 4:40
    This does not mean that we are actually dealing with Hasi here
  • 4:40 - 4:42
    if we get this E-Mail.
  • 4:42 - 4:44
    And we have to make sure of that.
  • 4:44 - 4:46
    Naturally we can now implement signatures.
  • 4:46 - 4:52
    Also we have the problem of the verifiable correspondence.,
  • 4:52 - 4:54
    written correspondence. 'laughing' (lame sex joke)
  • 4:54 - 5:00
    This is stupid one should not laugh about it. (referring to the same lame sex joke)
  • 5:00 - 5:05
    If I get a letter, and I don't like it,
  • 5:05 - 5:08
    I can simply put it aside and claim
  • 5:08 - 5:09
    that I never received the letter.
  • 5:09 - 5:14
    Only if I receive a registered mail I am bound to it.
  • 5:14 - 5:17
    Great advice which one can apply from time to time.
  • 5:17 - 5:21
    And both problems, they thought, we can solve like this:
  • 5:21 - 5:26
    Anyone who wants to register a De-Mail, has to show an ID.
  • 5:26 - 5:32
    Great! Also we oblige the user to collect the De-Mails.
  • 5:32 - 5:36
    And offer a fee-based service for the sender
  • 5:36 - 5:38
    to receive a receipt.
  • 5:38 - 5:41
    Pay a little more and you get a registred mail.
  • 5:41 - 5:46
    And the person who got or didn't the De-Mail
  • 5:46 - 5:48
    is the documented receiver.
  • 5:48 - 5:50
    This was the first reason for me to say:
  • 5:50 - 5:54
    "Okay I don't want a De-Mail"
  • 5:54 - 5:57
    E-Mail has another little problem, you can't make profit out of it.
  • 5:57 - 6:01
    But for that we also found an "intelligent" solution.
  • 6:01 - 6:03
    39 Euro Cents is the cost of a De-Mail.
  • 6:03 - 6:06
    (laughing)
  • 6:06 - 6:12
    There are accounts for professionals with a discount down to 32 Cent,
  • 6:14 - 6:17
    and 10 free De-Mails.
  • 6:20 - 6:24
    From a security standpoint you can criticize that
  • 6:24 - 6:28
    it is a allocated system with competing providers.
  • 6:28 - 6:29
    For that too there is a solution:
  • 6:29 - 6:31
    Let's just introduce expensive certificates.
  • 6:31 - 6:35
    Then we will have only a few providers which will only compete for a certain amount of time.
  • 6:35 - 6:39
    Until they all shrink and at the end we have a centralized system.
  • 6:41 - 6:45
    Another issue with E-Mail 2009 is,
  • 6:45 - 6:48
    many providers offer unencrypted connections.
  • 6:48 - 6:50
    We will come back to that later on.
  • 6:51 - 6:53
    Then they said, we are going to make SSL universally.
  • 6:53 - 6:58
    So the De-Mail will never be transmitted in plaintext.
  • 7:00 - 7:05
    Then there is the problem that, with E-Mail, not every user supports
  • 7:05 - 7:09
    end-to-end encryption, like PGP or SMIME, which would lead to secure encryption
  • 7:09 - 7:11
  • 7:11 - 7:13
    Which would make it impossible for the providers
  • 7:13 - 7:15
    to read the De-Mails.
  • 7:16 - 7:18
    For that there is also a good solution, we still don't apply it.
  • 7:21 - 7:23
    In the 90s there was a problem,
  • 7:23 - 7:24
    I admit that,
  • 7:24 - 7:25
    with E-Mail-Worms.
  • 7:25 - 7:30
    Someone had this ide, outlook was primarily effected...or outlook express
  • 7:30 - 7:36
    It would be great if you could write a Mail
  • 7:36 - 7:38
    just implement JavaScript,
  • 7:38 - 7:40
    the receiver gets it,
  • 7:40 - 7:43
    and the computer executes said JavaScript
  • 7:43 - 7:46
    and then we can...
  • 7:46 - 7:48
    I don't know...let something blink.
  • 7:48 - 7:52
    The result was that masses of E-Mails came with computer viruses,
  • 7:52 - 7:55
    which infected Outlook via Script
  • 7:55 - 7:56
    and sent other stuff.
  • 7:56 - 7:58
    E-Mail-Worms were a problem.
  • 7:59 - 8:01
    So they said, for that we have a solution too.
  • 8:01 - 8:03
    We scan for viruses.
  • 8:03 - 8:06
    A virus scan at the provider.
  • 8:07 - 8:09
    Who thinks this is a good idea?
  • 8:09 - 8:11
    (laughing)
  • 8:11 - 8:12
    Audience member: McAffee!
  • 8:12 - 8:18
    (applauding)
  • 8:25 - 8:27
    Linus Neumann: This thing is registered on my name.
  • 8:27 - 8:34
    If I plan to infect someone with a virus,
  • 8:34 - 8:38
    I would never do this with an address,
  • 8:38 - 8:39
    which is registred on my name,
  • 8:39 - 8:41
    an for which I pay additional 39 Cent.
  • 8:41 - 8:45
    (Laughing)
  • 8:46 - 8:50
    (Incomprehensible Interjection by an audience member)
  • 8:50 - 8:52
    Neumann: It could occur that the 39 Cent are actually worth it.
  • 8:52 - 8:55
    It is way to expensive for a massive attack,
  • 8:55 - 8:58
    if my goal is to build a huge botnet,
  • 8:58 - 9:00
    in this case naturally I wouldn't do it over De-Mail,
  • 9:00 - 9:02
    I would have to pay an arm and a leg for that.
  • 9:03 - 9:05
    But if I want to concentrate my attack,
  • 9:05 - 9:09
    on someone sensitive who is worth the effort,
  • 9:09 - 9:12
    that I would even pay the 39 Cents for transmitting my virus,
  • 9:12 - 9:16
    and invest the better part of an afternoon
  • 9:17 - 9:20
    to craft the virus, which I only craft solely for this particular person,
  • 9:20 - 9:23
    which a virus scanner most likely won't even recognize,
  • 9:23 - 9:24
    and then even get the possibility to test that,
  • 9:24 - 9:28
    because I can send it 5 and more times to myself.
  • 9:28 - 9:31
    Then see if the De-Mail virus scanner find the virus or not.
  • 9:33 - 9:34
    Then I send it to someone, who says,
  • 9:34 - 9:37
    great, scanned for viruses, I can execute this.
  • 9:37 - 9:40
    Therefore not a very bright idea.
  • 9:40 - 9:41
    Besides there are other ways,
  • 9:41 - 9:45
    I can send an URL instead of a De-Mail,
  • 9:45 - 9:46
    I can send an E-Mail.
  • 9:46 - 9:49
    I can hope for them to download the software,
  • 9:49 - 9:51
    I can put it on Flash or Java,
  • 9:51 - 9:55
    generations of attackers do that for years now.
  • 9:55 - 9:56
    With great success.
  • 9:56 - 9:59
    This means that it leads to
  • 9:59 - 10:02
    an effect which rumored to be correlating with wearing helmets.
  • 10:02 - 10:04
    Risk-Compensation, I am protected,
  • 10:04 - 10:08
    I can do whatever I want!
  • 10:08 - 10:11
    But the truth is that you are wearing the helmet on your knee,
  • 10:11 - 10:13
    and if you fall on your face...
  • 10:13 - 10:16
    I know this comparison does not make much sense.
  • 10:16 - 10:22
    (laughing)
  • 10:22 - 10:25
    This means, at the end of the day we have a system,
  • 10:25 - 10:30
    which is not encrypted, because it is only a transport encryption.
  • 10:30 - 10:35
    Thus the De-Mail is stored unencrypted on the De-Mail-Server.
  • 10:35 - 10:41
    Respectively they say it is encrypted but the key lies just next to it.
  • 10:41 - 10:46
    I know it is a very nice point to show it like this.
  • 10:46 - 10:51
    But the fact is that something is not encrypted if you have the key.
  • 10:51 - 10:58
    There are only very few provider and only sensible communication is exchanged.
  • 10:58 - 11:02
    It is a dream come true for the Federal Criminal Police Office
  • 11:02 - 11:05
    and the Federal Office for the Protection of the Constitution.
  • 11:05 - 11:09
    Because for them it resolves the issue of the spam.
  • 11:09 - 11:13
    We remember that we had to suffer for quite a while,
  • 11:13 - 11:18
    that E-Mails consisted of too much spam and it overload the filters of the agencies.
  • 11:18 - 11:21
    This should be resolved with the D-Mail.
  • 11:21 - 11:29
    The truth is that the provider based virus scanners are just an excuse,
  • 11:29 - 11:33
    or an argument in favor of not offering an end-to-end encryption.
  • 11:33 - 11:36
    Because if the provider can't read the messages,
  • 11:36 - 11:39
    it can't check for viruses.
  • 11:39 - 11:43
    Now we could evaluate, do I want an imperfect virus protection
  • 11:43 - 11:48
    or do I want confidential communication.
  • 11:48 - 11:57
    That was back in 2011 and after that happened...
  • 11:57 - 11:58
    (laughing)
  • 11:58 - 11:59
    ....nothing.
  • 12:08 - 12:10
    This made the De-Mail providers unhappy.
  • 12:10 - 12:12
    They had paid all their money,
  • 12:12 - 12:14
    for establishing the De-Mail infrastructure.
  • 12:14 - 12:17
    There was a very nice article on Heise(.de)
  • 12:17 - 12:20
    written by Detlef Borchers.(famous IT-Journalist and author)
  • 12:20 - 12:26
    After the CCC wrote several reports on this topic,
  • 12:26 - 12:30
    journalists were invited to the De-Mail-Center.
  • 12:30 - 12:34
    Where they showed them defenses against bulldozer attacks.
  • 12:34 - 12:37
    (laughing)
  • 12:37 - 12:39
    So money was spent,
  • 12:39 - 12:43
    to make it more secure.
  • 12:43 - 12:45
    But somehow no one wanted it.
  • 12:45 - 12:47
    So this great verifiable correspondence for everyone,
  • 12:47 - 12:49
    no one jumped on it.
  • 12:49 - 12:52
    I didn't know anyone who had De-Mail.
  • 12:52 - 12:55
    Something had to be done.
  • 12:55 - 12:57
    A new law had to be imposed.
  • 12:57 - 13:00
    And this time a law which declares the De-Mail to a standard.
  • 13:00 - 13:03
    By making it the most simple and cheap method,
  • 13:03 - 13:09
    in comparison to a number of expensive and perhaps superior methods.
  • 13:09 - 13:11
    But what we certainly know is
  • 13:11 - 13:14
    that the lowest entrance level is the one
  • 13:14 - 13:16
    on which the people will level themselves.
  • 13:16 - 13:21
    This was then done 2013 with the E-Government and E-Justice laws.
  • 13:21 - 13:27
    Those were laws to which I got invited into the committee
  • 13:27 - 13:29
    as advocates of the CCC.
  • 13:29 - 13:31
    The first one was about the E-Government law.
  • 13:31 - 13:36
    I got this law-thingy.
  • 13:36 - 13:40
    This was also the first time I had to look over something like this with the burden,
  • 13:40 - 13:44
    to have to give an informed opinion about a legal text
  • 13:45 - 13:51
    and that in a committee where Peter Uhl sits in front of you.
  • 13:51 - 13:55
    (laughing) I thought: "Oh that is going to be hard."
  • 13:55 - 13:59
    Then I got the legal text.
  • 13:59 - 14:05
    And now it is like this: They had in this case a problem.
  • 14:05 - 14:09
    because the way they had phrased their pretty De-Mail law,
  • 14:09 - 14:15
    the De-Mail did not meet the requirements on security, which they had determined in other laws about transferring
  • 14:15 - 14:21
    certain data. There it was stated: If X and Y are transmited
  • 14:21 - 14:24
    then it has to be encrypted properly.
  • 14:24 - 14:29
    Now they had to somehow fix it because their pretty De-Mail didn't work at all
  • 14:29 - 14:32
    -at all! It would have violated the law
  • 14:32 - 14:37
    to transmit De-Mail or to use it, because it was evident that it was not secure enough.
  • 14:37 - 14:43
    But of course for every technical difficulty there is a legal solution:
  • 14:43 - 14:50
    And then we find such great sentences as:"The sending of social data through a De-Mail-message to a respective accredited provider - for short dated decryption for the purpose of checking for malware and the purpose of forwarding it to the recipient of the De-Mail-message - is not transmitting!"
  • 15:01 - 15:08
    (laughing) Problem solved!
  • 15:10 - 15:17
    "A decryption does not violate
  • 15:19 - 15:22
    the prohibition on decryption." Is what this longe sentence,
  • 15:22 - 15:26
    which I want to spare, you is saying.
  • 15:26 - 15:31
    This is roughly the face I made, because I was not sure if I really understood that sentence.
  • 15:31 - 15:34
    But it was actually the case.
  • 15:34 - 15:41
    Then I came into the committee of interior affairs and said: "Hello, I looked over
  • 15:42 - 15:46
    what you have written. And I believe that it is dangerous what you are doing here."
  • 15:46 - 15:50
    You should - that was my main argument - you have to know
  • 15:50 - 15:55
    you have to argument in a way in which they find it interessting
  • 15:55 - 15:58
    and listen to you, I just wanted to help them.
  • 15:58 - 16:02
    So I say: "Okay, if you do this then
  • 16:02 - 16:04
    we will have all this unencrypted sensitive E-Mails
  • 16:04 - 16:11
    on the 4 or even just 3 De-Mail Servers, around which you have built you bulldozer protection
  • 16:11 - 16:12
    - which I did not know at that point -
  • 16:12 - 16:19
    guess how attractive those will be as a target for attackers?
  • 16:22 - 16:27
    Where I know: The content is so confidential
  • 16:27 - 16:33
    that people are even willing to pay 39 Cent to be lulled into a false sense of security.
  • 16:33 - 16:39
    From a security standpoint I rate this as problematic.
  • 16:39 - 16:45
    And then...you have to...I maybe have to explain this:
  • 16:45 - 16:49
    If you are invited to a hearing like this and you are an expert witness -
  • 16:49 - 16:54
    I thought that this word actually means what it says. (laughing)
  • 16:54 - 16:58
    I felt honored, I thought: "WOW, great they have acknowledged
  • 16:58 - 17:05
    my expert knowledge and thus invited me. As a rule it is an act
  • 17:08 - 17:12
    with people who of course get invited
  • 17:12 - 17:17
    to say what they say. And they invite any judgedes
  • 17:17 - 17:21
    from obscure groups. At the end they are
  • 17:21 - 17:27
    lobbyists, which urge:" We like this
  • 17:27 - 17:34
    We have to do this!" One of the expert witnesses literally said:
  • 17:35 - 17:42
    "It might be true that there is a consensus in the hacker scene which states that there is no server on this planet which is unhackable and that they are the prefered targets of intelligence services, NASA etc.
  • 17:46 - 17:53
    - As I mentioned before a few weeks before Snowden - But you can't use this as a basis for a reasonable standard for everyday communication"
  • 17:55 - 18:00
    This jolly fellow completely missed the point. Everyday communication is
  • 18:00 - 18:04
    a Facebookmessage, I don't need to implement De-Mail
  • 18:04 - 18:07
    for that. So I said:
  • 18:07 - 18:14
    "Attention my friends, I have a suggestion. Every E-Mail client supports even S/MIME
  • 18:15 - 18:19
    and you just tried to sell new ID cards to the people,
  • 18:19 - 18:24
    which they also did not want. And on this ID cards there is
  • 18:24 - 18:27
    a Smartcard and you could put a certificate on it
  • 18:27 - 18:31
    and people could use them to encrypt their De-Mails and
  • 18:31 - 18:33
    even sign them. You would kill two birds with one stone.
  • 18:33 - 18:39
    And additionally you would get a secure De-Mail-System."
  • 18:39 - 18:42
    By the way: A little side hint, what I didn't tell them:
  • 18:42 - 18:46
    At this moment they could have quit the whole thing.
  • 18:46 - 18:48
    Because if someone is able to
  • 18:48 - 18:53
    sign a document properly, it does not matter with what he transmits it to me.
  • 18:53 - 19:00
    The cryptographic signature on a document is there for exactly this.
  • 19:00 - 19:06
    Then it was said, that they had to somehow
  • 19:06 - 19:08
    discredit my my suggestion for an end to end encryption and get rid of it.
  • 19:08 - 19:10
    And then they asked:"Yes but is that possible with smartphones?!"
  • 19:10 - 19:17
    I said: "Yes." (laughing)
  • 19:17 - 19:24
    (applauding) And it is true, it is a tipp to
  • 19:26 - 19:29
    load S/MIME and S/MIME certificates onto your iPhone. Well and then
  • 19:29 - 19:32
    - I am always friendly and honest - I said:
  • 19:32 - 19:34
    "But I don't think that this would be a good idea." (laughing)
  • 19:34 - 19:39
    And then it was asked: "with the end to end encryption,
  • 19:39 - 19:42
    you have to explain, how one would do that,
  • 19:42 - 19:48
    if they are on a vacation in Turkey, in an internet shop,
  • 19:48 - 19:49
    and wants to collect his end to end encrypted De-Mails." (laughing)
  • 19:49 - 19:56
    The right answer is of course:
  • 19:56 - 20:02
    "You do NOT do it!" (laughing)
  • 20:02 - 20:09
    (applauding) So I was talking and I knew
  • 20:13 - 20:17
    if a law has come this far...
  • 20:17 - 20:20
    To be in such a hearing is, as mentioned, just an act
  • 20:20 - 20:23
    and it was clear to me that
  • 20:23 - 20:28
    I can't bring this law to fall. I took my role serious
  • 20:28 - 20:32
    and tried to apply my knowhow but it was a lost cause.
  • 20:32 - 20:34
    By the way, the young man who asked me that question -
  • 20:34 - 20:41
    when I came out of the committee room and was heading to the elevator-
  • 20:41 - 20:47
    he came to me and said: "I know you are right but...that is how it goes."
  • 20:47 - 20:48
    Exactly!
  • 20:48 - 20:53
    And I thought: "Well, okay hm..there is nothing one can do"
  • 20:53 - 20:59
    Let's recall: This is a committee for internal affairs
  • 20:59 - 21:04
    I believed that those people are interested in internal security
  • 21:04 - 21:09
    I am just going to tell them about the Cyberwar and Cybercrime and they will surely listen to me.
  • 21:09 - 21:13
    What I did not notice is,
  • 21:13 - 21:17
    that I put my focus on security
  • 21:17 - 21:21
    and not on verifiability. But they noticed it and therefore
  • 21:21 - 21:24
    they wrote a second bill. The eJustice law,
  • 21:24 - 21:30
    where they say that we have to rewrite the whole justice procedure,
  • 21:30 - 21:36
    so we can somehow apply De-Mail in justice court communication.
  • 21:36 - 21:42
    And now it was about verifiability.
  • 21:42 - 21:42
    It was about making the De-Mail verifiable.
  • 21:42 - 21:42
    It is about making the De-Mail
  • Not Synced
    worth the paper it was printed on.
  • Not Synced
    (laughing)
  • Not Synced
Title:
Bullshit made in Germany
Video Language:
German
Duration:
01:00:48

English subtitles

Incomplete

Revisions