1
00:00:09,480 --> 00:00:11,717
Herald: Okay, so you are the lucky ones
2
00:00:11,717 --> 00:00:12,835
who made it into Linus' talk.
3
00:00:12,835 --> 00:00:14,527
The talk is called: "Bullshit made in Germany-
4
00:00:14,527 --> 00:00:18,436
How to host your DE-Mail, E-Mail and Cloud directly at the German Intelligence Service.
5
00:00:18,436 --> 00:00:21,137
It will take an hour, from 8:30 pm to 9:30 pm.
6
00:00:21,137 --> 00:00:33,116
...
7
00:00:33,116 --> 00:00:39,892
Furthermore there are subtitles. You can find them on Twitter @c3subtitles.
8
00:00:45,893 --> 00:00:49,904
Many of you probably listen to the Podcast "Logbuch Netzpolitik" (Logbook Netpolitics)
9
00:00:49,904 --> 00:00:52,333
by Linus and Tim Pritlov.
10
00:00:52,333 --> 00:00:54,955
Those of you who do that have listened to Linus ranting
11
00:00:54,955 --> 00:00:58,101
about DE-Mail and the other mentioned topics.
12
00:00:58,101 --> 00:01:01,494
Linus happens to be an expert in this field and even made it his profession.
13
00:01:01,494 --> 00:01:04,979
He also attend the Bundestag (German Parliament), several hearings
14
00:01:04,979 --> 00:01:07,271
in committee, the committee of the Interior and the committee on legal affairs.
15
00:01:07,271 --> 00:01:09,630
And he is going to tell you more about that
16
00:01:09,630 --> 00:01:10,404
and I am really looking forward to that. Applaud for Linus.
17
00:01:10,404 --> 00:01:19,813
(Applauding)
18
00:01:23,050 --> 00:01:27,548
(Laughing and Applauding) The excrement pictogram resembles the logo of the controversial "You are Germany" marketing campaign
19
00:01:33,726 --> 00:01:35,376
Linus Neumann: Thank you very much for coming.
20
00:01:35,376 --> 00:01:37,464
Can you hear me? Yes. - Okay, great.
21
00:01:37,464 --> 00:01:39,953
Actually everything about the talk has already been said.
22
00:01:39,953 --> 00:01:42,119
We could just as well cancel it.
23
00:01:42,119 --> 00:01:45,272
But I guess I will still do it.
24
00:01:45,272 --> 00:01:49,523
I want to talk a little about Federal German Security-tech
25
00:01:49,523 --> 00:01:54,737
before and after Snowden.
26
00:01:54,737 --> 00:01:59,207
My hypothesis is that the "before and after" actually does not matter.
27
00:01:59,207 --> 00:02:04,973
Which I will illustrate through four examples.
28
00:02:04,973 --> 00:02:06,830
The first one is of course the DE-Mail.
29
00:02:06,830 --> 00:02:09,255
The second is the E-Mail made in Germany.
30
00:02:09,255 --> 00:02:11,646
Not to forget the "Schlandnet". (Cacography on Deut-schland-net)
31
00:02:11,646 --> 00:02:17,741
And at the end I allow myself to comment on the Deutschlandcloud.
32
00:02:17,741 --> 00:02:25,350
The De-Mail started actually a long time before Snowden.
33
00:02:25,350 --> 00:02:29,408
I already wrote an article about it back in 2011.
34
00:02:29,408 --> 00:02:33,772
Back then Harald Welte (FOS activist) was a member of a Bundestag committee
35
00:02:33,772 --> 00:02:36,544
and delivered a report for the CCC.
36
00:02:36,544 --> 00:02:40,296
One had the impression that the whole issue was taken care off.
37
00:02:40,296 --> 00:02:42,584
But suddenly it boiled up again.
38
00:02:42,584 --> 00:02:45,441
I want to explain right now how it came to this.
39
00:02:45,441 --> 00:02:51,016
Let's remember, De-Mail has the goal to enable secure, confidential,
40
00:02:51,016 --> 00:02:56,180
and verifiable correspondence for everyone.
41
00:02:56,180 --> 00:02:57,836
We created a law for this,
42
00:02:57,836 --> 00:03:01,604
in which the De-Mail services were somehow established.
43
00:03:01,604 --> 00:03:05,310
If one thinks about it, it becomes apparent:
44
00:03:05,310 --> 00:03:13,480
It is obvious that one can not have legally binding and verifiable correspondence vie E-Mail.
45
00:03:13,480 --> 00:03:18,668
46
00:03:18,668 --> 00:03:25,155
There are many who criticized the concept of the E-Mail for the longest time.
47
00:03:25,155 --> 00:03:31,452
Who had the wish that someone would develop something better.
48
00:03:31,452 --> 00:03:36,204
There are those who took matters into their own hands and made PGP.
49
00:03:36,204 --> 00:03:38,647
And the Federal Government of Germany did something too.
50
00:03:38,647 --> 00:03:44,924
We believed that maybe they are going to improve SMTP and IMAP,
51
00:03:44,924 --> 00:03:49,441
that it would become a great new thing, which somehow works.
52
00:03:49,441 --> 00:03:55,914
And everything started in 2009, when they said: "Yes we are creating an accredited provider,
53
00:03:55,914 --> 00:03:59,190
which has to offer the user a secure Mailbox
54
00:03:59,190 --> 00:04:02,525
for secure electronic messaging."
55
00:04:02,525 --> 00:04:04,651
Great, so we solved the problem.
56
00:04:04,651 --> 00:04:09,202
2011 came the law in which it was stated:
57
00:04:09,202 --> 00:04:14,604
"It is resolved, the De-Mail is the secure one!"
58
00:04:17,253 --> 00:04:24,874
And then...I thought another slide would come up, sorry.
59
00:04:24,874 --> 00:04:28,211
And what did they do?
60
00:04:28,211 --> 00:04:30,603
They took care of some of the problems with E-Mail.
61
00:04:30,603 --> 00:04:31,490
With their De-Mail.
62
00:04:31,490 --> 00:04:33,850
We have to admit that.
63
00:04:33,850 --> 00:04:36,913
They thought to themselves: anyone can register as "hasi69@yahoo.com"
64
00:04:36,913 --> 00:04:40,113
This does not mean that we are actually dealing with Hasi here
65
00:04:40,113 --> 00:04:41,866
if we get this E-Mail.
66
00:04:41,866 --> 00:04:43,529
And we have to make sure of that.
67
00:04:43,529 --> 00:04:45,571
Naturally we can now implement signatures.
68
00:04:45,571 --> 00:04:51,707
Also we have the problem of the verifiable correspondence.,
69
00:04:51,707 --> 00:04:54,465
written correspondence. 'laughing' (lame sex joke)
70
00:04:54,465 --> 00:05:00,430
This is stupid one should not laugh about it. (referring to the same lame sex joke)
71
00:05:00,430 --> 00:05:05,380
If I get a letter, and I don't like it,
72
00:05:05,380 --> 00:05:08,315
I can simply put it aside and claim
73
00:05:08,315 --> 00:05:09,490
that I never received the letter.
74
00:05:09,490 --> 00:05:13,651
Only if I receive a registered mail I am bound to it.
75
00:05:13,651 --> 00:05:17,209
Great advice which one can apply from time to time.
76
00:05:17,209 --> 00:05:20,860
And both problems, they thought, we can solve like this:
77
00:05:20,860 --> 00:05:25,610
Anyone who wants to register a De-Mail, has to show an ID.
78
00:05:25,610 --> 00:05:32,354
Great! Also we oblige the user to collect the De-Mails.
79
00:05:32,354 --> 00:05:35,779
And offer a fee-based service for the sender
80
00:05:35,779 --> 00:05:38,171
to receive a receipt.
81
00:05:38,171 --> 00:05:40,914
Pay a little more and you get a registred mail.
82
00:05:40,914 --> 00:05:46,451
And the person who got or didn't the De-Mail
83
00:05:46,451 --> 00:05:48,402
is the documented receiver.
84
00:05:48,402 --> 00:05:50,162
This was the first reason for me to say:
85
00:05:50,162 --> 00:05:53,510
"Okay I don't want a De-Mail"
86
00:05:53,510 --> 00:05:57,259
E-Mail has another little problem, you can't make profit out of it.
87
00:05:57,259 --> 00:06:01,354
But for that we also found an "intelligent" solution.
88
00:06:01,354 --> 00:06:03,459
39 Euro Cents is the cost of a De-Mail.
89
00:06:03,459 --> 00:06:06,426
(laughing)
90
00:06:06,426 --> 00:06:11,988
There are accounts for professionals with a discount down to 32 Cent,
91
00:06:14,187 --> 00:06:17,021
and 10 free De-Mails.
92
00:06:20,482 --> 00:06:24,217
From a security standpoint you can criticize that
93
00:06:24,217 --> 00:06:27,570
it is a allocated system with competing providers.
94
00:06:27,570 --> 00:06:29,323
For that too there is a solution:
95
00:06:29,323 --> 00:06:31,466
Let's just introduce expensive certificates.
96
00:06:31,466 --> 00:06:34,834
Then we will have only a few providers which will only compete for a certain amount of time.
97
00:06:34,834 --> 00:06:38,545
Until they all shrink and at the end we have a centralized system.
98
00:06:40,529 --> 00:06:45,258
Another issue with E-Mail 2009 is,
99
00:06:45,258 --> 00:06:48,366
many providers offer unencrypted connections.
100
00:06:48,366 --> 00:06:49,626
We will come back to that later on.
101
00:06:51,041 --> 00:06:52,810
Then they said, we are going to make SSL universally.
102
00:06:52,810 --> 00:06:57,583
So the De-Mail will never be transmitted in plaintext.
103
00:06:59,860 --> 00:07:04,740
Then there is the problem that, with E-Mail, not every user supports
104
00:07:04,740 --> 00:07:08,858
end-to-end encryption, like PGP or SMIME, which would lead to secure encryption
105
00:07:08,858 --> 00:07:10,580
106
00:07:10,580 --> 00:07:13,242
Which would make it impossible for the providers
107
00:07:13,242 --> 00:07:14,643
to read the De-Mails.
108
00:07:15,673 --> 00:07:17,858
For that there is also a good solution, we still don't apply it.
109
00:07:20,842 --> 00:07:23,443
In the 90s there was a problem,
110
00:07:23,443 --> 00:07:24,234
I admit that,
111
00:07:24,234 --> 00:07:25,417
with E-Mail-Worms.
112
00:07:25,417 --> 00:07:30,330
Someone had this ide, outlook was primarily effected...or outlook express
113
00:07:30,330 --> 00:07:35,658
It would be great if you could write a Mail
114
00:07:35,658 --> 00:07:38,155
just implement JavaScript,
115
00:07:38,170 --> 00:07:40,298
the receiver gets it,
116
00:07:40,298 --> 00:07:43,271
and the computer executes said JavaScript
117
00:07:43,271 --> 00:07:45,978
and then we can...
118
00:07:45,978 --> 00:07:47,650
I don't know...let something blink.
119
00:07:47,650 --> 00:07:51,913
The result was that masses of E-Mails came with computer viruses,
120
00:07:51,913 --> 00:07:55,394
which infected Outlook via Script
121
00:07:55,394 --> 00:07:56,473
and sent other stuff.
122
00:07:56,473 --> 00:07:58,218
E-Mail-Worms were a problem.
123
00:07:59,433 --> 00:08:00,906
So they said, for that we have a solution too.
124
00:08:00,906 --> 00:08:02,898
We scan for viruses.
125
00:08:02,898 --> 00:08:05,773
A virus scan at the provider.
126
00:08:07,473 --> 00:08:09,345
Who thinks this is a good idea?
127
00:08:09,345 --> 00:08:11,180
(laughing)
128
00:08:11,180 --> 00:08:12,275
Audience member: McAffee!
129
00:08:12,275 --> 00:08:17,857
(applauding)
130
00:08:25,185 --> 00:08:27,299
Linus Neumann: This thing is registered on my name.
131
00:08:27,299 --> 00:08:34,315
If I plan to infect someone with a virus,
132
00:08:34,315 --> 00:08:37,553
I would never do this with an address,
133
00:08:37,553 --> 00:08:39,275
which is registred on my name,
134
00:08:39,275 --> 00:08:41,306
an for which I pay additional 39 Cent.
135
00:08:41,306 --> 00:08:44,777
(Laughing)
136
00:08:46,147 --> 00:08:49,514
(Incomprehensible Interjection by an audience member)
137
00:08:49,514 --> 00:08:52,496
Neumann: It could occur that the 39 Cent are actually worth it.
138
00:08:52,496 --> 00:08:55,445
It is way to expensive for a massive attack,
139
00:08:55,445 --> 00:08:58,260
if my goal is to build a huge botnet,
140
00:08:58,260 --> 00:09:00,433
in this case naturally I wouldn't do it over De-Mail,
141
00:09:00,433 --> 00:09:01,730
I would have to pay an arm and a leg for that.
142
00:09:03,022 --> 00:09:04,889
But if I want to concentrate my attack,
143
00:09:04,889 --> 00:09:08,866
on someone sensitive who is worth the effort,
144
00:09:08,866 --> 00:09:12,363
that I would even pay the 39 Cents for transmitting my virus,
145
00:09:12,363 --> 00:09:15,546
and invest the better part of an afternoon
146
00:09:17,253 --> 00:09:20,385
to craft the virus, which I only craft solely for this particular person,
147
00:09:20,385 --> 00:09:22,590
which a virus scanner most likely won't even recognize,
148
00:09:22,590 --> 00:09:24,474
and then even get the possibility to test that,
149
00:09:24,474 --> 00:09:27,682
because I can send it 5 and more times to myself.
150
00:09:27,682 --> 00:09:30,597
Then see if the De-Mail virus scanner find the virus or not.
151
00:09:32,735 --> 00:09:34,430
Then I send it to someone, who says,
152
00:09:34,430 --> 00:09:36,539
great, scanned for viruses, I can execute this.
153
00:09:36,539 --> 00:09:39,609
Therefore not a very bright idea.
154
00:09:39,609 --> 00:09:41,338
Besides there are other ways,
155
00:09:41,338 --> 00:09:44,710
I can send an URL instead of a De-Mail,
156
00:09:44,710 --> 00:09:46,331
I can send an E-Mail.
157
00:09:46,331 --> 00:09:49,119
I can hope for them to download the software,
158
00:09:49,119 --> 00:09:51,238
I can put it on Flash or Java,
159
00:09:51,238 --> 00:09:54,609
generations of attackers do that for years now.
160
00:09:54,609 --> 00:09:55,684
With great success.
161
00:09:55,684 --> 00:09:58,791
This means that it leads to
162
00:09:58,791 --> 00:10:01,945
an effect which rumored to be correlating with wearing helmets.
163
00:10:01,945 --> 00:10:04,473
Risk-Compensation, I am protected,
164
00:10:04,473 --> 00:10:07,840
I can do whatever I want!
165
00:10:07,840 --> 00:10:11,214
But the truth is that you are wearing the helmet on your knee,
166
00:10:11,214 --> 00:10:13,365
and if you fall on your face...
167
00:10:13,365 --> 00:10:15,638
I know this comparison does not make much sense.
168
00:10:15,638 --> 00:10:21,972
(laughing)
169
00:10:21,972 --> 00:10:25,331
This means, at the end of the day we have a system,
170
00:10:25,331 --> 00:10:29,850
which is not encrypted, because it is only a transport encryption.
171
00:10:29,850 --> 00:10:34,676
Thus the De-Mail is stored unencrypted on the De-Mail-Server.
172
00:10:34,676 --> 00:10:40,502
Respectively they say it is encrypted but the key lies just next to it.
173
00:10:40,502 --> 00:10:45,990
I know it is a very nice point to show it like this.
174
00:10:45,990 --> 00:10:51,474
But the fact is that something is not encrypted if you have the key.
175
00:10:51,474 --> 00:10:58,126
There are only very few provider and only sensible communication is exchanged.
176
00:10:58,126 --> 00:11:02,214
It is a dream come true for the Federal Criminal Police Office
177
00:11:02,214 --> 00:11:05,209
and the Federal Office for the Protection of the Constitution.
178
00:11:05,209 --> 00:11:08,795
Because for them it resolves the issue of the spam.
179
00:11:08,795 --> 00:11:12,505
We remember that we had to suffer for quite a while,
180
00:11:12,505 --> 00:11:17,529
that E-Mails consisted of too much spam and it overload the filters of the agencies.
181
00:11:17,529 --> 00:11:20,686
This should be resolved with the D-Mail.
182
00:11:20,686 --> 00:11:29,272
The truth is that the provider based virus scanners are just an excuse,
183
00:11:29,272 --> 00:11:33,150
or an argument in favor of not offering an end-to-end encryption.
184
00:11:33,150 --> 00:11:36,258
Because if the provider can't read the messages,
185
00:11:36,258 --> 00:11:39,338
it can't check for viruses.
186
00:11:39,338 --> 00:11:43,211
Now we could evaluate, do I want an imperfect virus protection
187
00:11:43,211 --> 00:11:47,993
or do I want confidential communication.
188
00:11:47,993 --> 00:11:56,570
That was back in 2011 and after that happened...
189
00:11:56,570 --> 00:11:58,134
(laughing)
190
00:11:58,149 --> 00:11:59,272
....nothing.
191
00:12:08,226 --> 00:12:09,977
This made the De-Mail providers unhappy.
192
00:12:09,977 --> 00:12:11,757
They had paid all their money,
193
00:12:11,757 --> 00:12:13,796
for establishing the De-Mail infrastructure.
194
00:12:13,796 --> 00:12:16,646
There was a very nice article on Heise(.de)
195
00:12:16,646 --> 00:12:19,785
written by Detlef Borchers.(famous IT-Journalist and author)
196
00:12:19,785 --> 00:12:25,902
After the CCC wrote several reports on this topic,
197
00:12:25,902 --> 00:12:29,652
journalists were invited to the De-Mail-Center.
198
00:12:29,652 --> 00:12:34,305
Where they showed them defenses against bulldozer attacks.
199
00:12:34,305 --> 00:12:36,880
(laughing)
200
00:12:36,880 --> 00:12:38,810
So money was spent,
201
00:12:38,810 --> 00:12:43,176
to make it more secure.
202
00:12:43,176 --> 00:12:44,843
But somehow no one wanted it.
203
00:12:44,843 --> 00:12:47,271
So this great verifiable correspondence for everyone,
204
00:12:47,271 --> 00:12:49,369
no one jumped on it.
205
00:12:49,369 --> 00:12:51,921
I didn't know anyone who had De-Mail.
206
00:12:51,921 --> 00:12:55,390
Something had to be done.
207
00:12:55,390 --> 00:12:57,170
A new law had to be imposed.
208
00:12:57,170 --> 00:13:00,270
And this time a law which declares the De-Mail to a standard.
209
00:13:00,270 --> 00:13:03,147
By making it the most simple and cheap method,
210
00:13:03,147 --> 00:13:08,573
in comparison to a number of expensive and perhaps superior methods.
211
00:13:08,573 --> 00:13:10,564
But what we certainly know is
212
00:13:10,564 --> 00:13:13,948
that the lowest entrance level is the one
213
00:13:13,948 --> 00:13:15,541
on which the people will level themselves.
214
00:13:15,541 --> 00:13:21,102
This was then done 2013 with the E-Government and E-Justice laws.
215
00:13:21,102 --> 00:13:26,920
Those were laws to which I got invited into the committee
216
00:13:26,920 --> 00:13:28,867
as advocates of the CCC.
217
00:13:28,867 --> 00:13:30,857
The first one was about the E-Government law.
218
00:13:30,857 --> 00:13:35,910
I got this law-thingy.
219
00:13:35,910 --> 00:13:40,300
This was also the first time I had to look over something like this with the burden,
220
00:13:40,300 --> 00:13:44,335
to have to give an informed opinion about a legal text
221
00:13:44,569 --> 00:13:51,230
and that in a committee where Peter Uhl sits in front of you.
222
00:13:51,230 --> 00:13:55,470
(laughing) I thought: "Oh that is going to be hard."
223
00:13:55,470 --> 00:13:58,889
Then I got the legal text.
224
00:13:58,889 --> 00:14:05,220
And now it is like this: They had in this case a problem.
225
00:14:05,220 --> 00:14:08,579
because the way they had phrased their pretty De-Mail law,
226
00:14:08,579 --> 00:14:15,369
the De-Mail did not meet the requirements on security, which they had determined in other laws about transferring
227
00:14:15,369 --> 00:14:20,879
certain data. There it was stated: If X and Y are transmited
228
00:14:20,879 --> 00:14:23,889
then it has to be encrypted properly.
229
00:14:23,889 --> 00:14:28,939
Now they had to somehow fix it because their pretty De-Mail didn't work at all
230
00:14:28,939 --> 00:14:32,350
-at all! It would have violated the law
231
00:14:32,350 --> 00:14:36,600
to transmit De-Mail or to use it, because it was evident that it was not secure enough.
232
00:14:36,600 --> 00:14:42,879
But of course for every technical difficulty there is a legal solution:
233
00:14:42,879 --> 00:14:49,879
And then we find such great sentences as:"The sending of social data through a De-Mail-message to a respective accredited provider - for short dated decryption for the purpose of checking for malware and the purpose of forwarding it to the recipient of the De-Mail-message - is not transmitting!"
234
00:15:01,209 --> 00:15:08,209
(laughing) Problem solved!
235
00:15:09,589 --> 00:15:16,589
"A decryption does not violate
236
00:15:18,579 --> 00:15:21,619
the prohibition on decryption." Is what this longe sentence,
237
00:15:21,619 --> 00:15:25,579
which I want to spare, you is saying.
238
00:15:25,579 --> 00:15:30,809
This is roughly the face I made, because I was not sure if I really understood that sentence.
239
00:15:30,809 --> 00:15:34,290
But it was actually the case.
240
00:15:34,290 --> 00:15:41,290
Then I came into the committee of interior affairs and said: "Hello, I looked over
241
00:15:41,529 --> 00:15:46,189
what you have written. And I believe that it is dangerous what you are doing here."
242
00:15:46,189 --> 00:15:49,769
You should - that was my main argument - you have to know
243
00:15:49,769 --> 00:15:55,050
you have to argument in a way in which they find it interessting
244
00:15:55,050 --> 00:15:58,050
and listen to you, I just wanted to help them.
245
00:15:58,050 --> 00:16:01,730
So I say: "Okay, if you do this then
246
00:16:01,730 --> 00:16:03,800
we will have all this unencrypted sensitive E-Mails
247
00:16:03,800 --> 00:16:10,699
on the 4 or even just 3 De-Mail Servers, around which you have built you bulldozer protection
248
00:16:10,699 --> 00:16:12,170
- which I did not know at that point -
249
00:16:12,170 --> 00:16:19,170
guess how attractive those will be as a target for attackers?
250
00:16:22,009 --> 00:16:27,499
Where I know: The content is so confidential
251
00:16:27,499 --> 00:16:32,759
that people are even willing to pay 39 Cent to be lulled into a false sense of security.
252
00:16:32,759 --> 00:16:39,329
From a security standpoint I rate this as problematic.
253
00:16:39,329 --> 00:16:45,369
And then...you have to...I maybe have to explain this:
254
00:16:45,369 --> 00:16:49,300
If you are invited to a hearing like this and you are an expert witness -
255
00:16:49,300 --> 00:16:53,689
I thought that this word actually means what it says. (laughing)
256
00:16:53,689 --> 00:16:57,629
I felt honored, I thought: "WOW, great they have acknowledged
257
00:16:57,629 --> 00:17:04,627
my expert knowledge and thus invited me. As a rule it is an act
258
00:17:08,309 --> 00:17:11,970
with people who of course get invited
259
00:17:11,970 --> 00:17:17,480
to say what they say. And they invite any judgedes
260
00:17:17,480 --> 00:17:21,079
from obscure groups. At the end they are
261
00:17:21,079 --> 00:17:27,209
lobbyists, which urge:" We like this
262
00:17:27,209 --> 00:17:34,209
We have to do this!" One of the expert witnesses literally said:
263
00:17:34,789 --> 00:17:41,789
"It might be true that there is a consensus in the hacker scene which states that there is no server on this planet which is unhackable and that they are the prefered targets of intelligence services, NASA etc.
264
00:17:46,100 --> 00:17:53,100
- As I mentioned before a few weeks before Snowden - But you can't use this as a basis for a reasonable standard for everyday communication"
265
00:17:54,580 --> 00:18:00,250
This jolly fellow completely missed the point. Everyday communication is
266
00:18:00,250 --> 00:18:03,700
a Facebookmessage, I don't need to implement De-Mail
267
00:18:03,700 --> 00:18:06,960
for that. So I said:
268
00:18:06,960 --> 00:18:13,960
"Attention my friends, I have a suggestion. Every E-Mail client supports even S/MIME
269
00:18:14,760 --> 00:18:19,279
and you just tried to sell new ID cards to the people,
270
00:18:19,279 --> 00:18:23,610
which they also did not want. And on this ID cards there is
271
00:18:23,610 --> 00:18:26,830
a Smartcard and you could put a certificate on it
272
00:18:26,830 --> 00:18:31,049
and people could use them to encrypt their De-Mails and
273
00:18:31,049 --> 00:18:33,289
even sign them. You would kill two birds with one stone.
274
00:18:33,289 --> 00:18:38,840
And additionally you would get a secure De-Mail-System."
275
00:18:38,840 --> 00:18:42,490
By the way: A little side hint, what I didn't tell them:
276
00:18:42,490 --> 00:18:45,590
At this moment they could have quit the whole thing.
277
00:18:45,590 --> 00:18:48,010
Because if someone is able to
278
00:18:48,010 --> 00:18:52,700
sign a document properly, it does not matter with what he transmits it to me.
279
00:18:52,700 --> 00:18:59,700
The cryptographic signature on a document is there for exactly this.
280
00:19:00,210 --> 00:19:05,649
Then it was said, that they had to somehow
281
00:19:05,649 --> 00:19:08,070
discredit my my suggestion for an end to end encryption and get rid of it.
282
00:19:08,070 --> 00:19:10,360
And then they asked:"Yes but is that possible with smartphones?!"
283
00:19:10,360 --> 00:19:17,049
I said: "Yes." (laughing)
284
00:19:17,049 --> 00:19:24,049
(applauding) And it is true, it is a tipp to
285
00:19:25,570 --> 00:19:29,289
load S/MIME and S/MIME certificates onto your iPhone. Well and then
286
00:19:29,289 --> 00:19:31,669
- I am always friendly and honest - I said:
287
00:19:31,669 --> 00:19:34,149
"But I don't think that this would be a good idea." (laughing)
288
00:19:34,149 --> 00:19:38,769
And then it was asked: "with the end to end encryption,
289
00:19:38,769 --> 00:19:42,320
you have to explain, how one would do that,
290
00:19:42,320 --> 00:19:47,799
if they are on a vacation in Turkey, in an internet shop,
291
00:19:47,799 --> 00:19:49,179
and wants to collect his end to end encrypted De-Mails." (laughing)
292
00:19:49,179 --> 00:19:55,890
The right answer is of course:
293
00:19:55,890 --> 00:20:01,510
"You do NOT do it!" (laughing)
294
00:20:01,510 --> 00:20:08,510
(applauding) So I was talking and I knew
295
00:20:12,870 --> 00:20:16,970
if a law has come this far...
296
00:20:16,970 --> 00:20:20,149
To be in such a hearing is, as mentioned, just an act
297
00:20:20,149 --> 00:20:23,389
and it was clear to me that
298
00:20:23,389 --> 00:20:27,850
I can't bring this law to fall. I took my role serious
299
00:20:27,850 --> 00:20:31,519
and tried to apply my knowhow but it was a lost cause.
300
00:20:31,519 --> 00:20:33,899
By the way, the young man who asked me that question -
301
00:20:33,899 --> 00:20:40,899
when I came out of the committee room and was heading to the elevator-
302
00:20:40,950 --> 00:20:46,649
he came to me and said: "I know you are right but...that is how it goes."
303
00:20:46,649 --> 00:20:48,480
Exactly!
304
00:20:48,480 --> 00:20:53,440
And I thought: "Well, okay hm..there is nothing one can do"
305
00:20:53,440 --> 00:20:59,210
Let's recall: This is a committee for internal affairs
306
00:20:59,210 --> 00:21:03,590
I believed that those people are interested in internal security
307
00:21:03,590 --> 00:21:08,830
I am just going to tell them about the Cyberwar and Cybercrime and they will surely listen to me.
308
00:21:08,830 --> 00:21:12,880
What I did not notice is,
309
00:21:12,880 --> 00:21:17,139
that I put my focus on security
310
00:21:17,139 --> 00:21:20,740
and not on verifiability. But they noticed it and therefore
311
00:21:20,740 --> 00:21:23,970
they wrote a second bill. The eJustice law,
312
00:21:23,970 --> 00:21:30,100
where they say that we have to rewrite the whole justice procedure,
313
00:21:30,100 --> 00:21:35,690
so we can somehow apply De-Mail in justice court communication.
314
00:21:35,690 --> 00:21:41,769
And now it was about verifiability.
315
00:21:41,769 --> 00:21:41,929
It was about making the De-Mail verifiable.
316
00:21:41,929 --> 00:21:42,019
It is about making the De-Mail
317
99:59:59,999 --> 99:59:59,999
worth the paper it was printed on.
318
99:59:59,999 --> 99:59:59,999
(laughing)
319
99:59:59,999 --> 99:59:59,999