No, we’re not trying to get backdoors in smart homes, cars, says Germany

The German government wants to be able to go to connected-car and smart-home systems makers with a court order, and order them to withhold the notification of an opened door at a preordained time.
BMW
Interior ministers of Germany’s states are discussing whether authorities should be able to bypass the security mechanisms in smart homes and connected cars — but not, the federal interior ministry says, by installing backdoors in those mechanisms.

The proposal before the ministers, who are meeting at a conference in Leipzig this week, comes from Thomas de Maizière, the acting federal interior minister, as first reported late last week by RedaktionsNetzwerks Deutschland (RND).
However, the interior ministry has disputed key aspects of RND’s report of the proposal, in particular the suggestion that it wants to mandate backdoors in all sorts of internet-connected devices, including tablets, computers and smart TVs. Some local outlets even extrapolated the notion of the government tapping into connected sex toys.
To counter the uproar that followed the initial report, the government on Monday tweeted a video explaining what it was actually hoping to achieve.
The core issue is that, while investigators have long been able to plant bugs in cars and houses when investigating or trying to prevent a crime, that’s becoming increasingly difficult. When home and car doors are connected to the internet, they will often alert their owners as soon as they detect any signs of intrusions.
According to the interior ministry, de Maizière’s plan has nothing to do with tapping into connected devices.
The government only wants to be able to go to the manufacturer of a smart home or connected car system, with a court order, and order them to withhold the notification of an opened door at a preordained time.
“The goal is that the operators of such alarms and security devices are involved so that the use of appropriate tools is possible without the person concerned becoming aware of it,” ministry spokesman Johannes Dimroth said at a Friday press conference.
He said investigators had been stymied by such technology in 25 cases over the past two years.
The timing of the proposal was certainly awkward. Because de Maizière’s party, Angela Merkel’s Christian Democratic Union, has so far failed to find a coalition partner following September’s elections, the ministers from her previous administration remain in place for now.
But at the moment, the CDU’s only hope for avoiding a minority government or fresh elections lies with the Social Democratic Party (SPD), the second-largest party in Germany and Merkel’s main coalition partners in her last administration. And the SPD is not very keen on what de Maizière is reportedly proposing.
“The federal interior minister has apparently lost all political decency,” SPD interior expert Uli Grötsch told Der Spiegel. “More access and surveillance does not automatically mean more security.”
The Greens have also turned their noses up at the reported proposal, with deputy leader Konstantin von Notz describing it as an “Orwellian nightmare” and raising comparisons with state surveillance under the Nazi and East German dictatorships.
It probably goes without saying that the Chaos Computer Club, Germany’s venerable hacker organization, is also not a fan. “Access to the technology in a modern car means danger for life and limb: a literal kill switch,” spokesman Frank Rieger told Netzpolitik.
Even the German Bar Association has weighed in, with association president Ulrich Schellenberg saying a backdoor regime would be inherently disproportionate, while also making citizens more vulnerable to attack by third parties.
The interior ministry says all this reaction is overblown. However, even if de Maizière really is only proposing that security system manufacturers withhold notifications, that still doesn’t clear up the technical hurdles that investigators would face when trying to bug a connected car or smart home.
我们部署信息安全控制措施,力求对用户的影响最小,即在安全性和便利性之间的获得适当的平衡,同时我们也在寻求安全投入和回报期望之间的平衡,整合最少的资源,获得最大的回报,还要用户的理解和接受,是一份艰巨的工作。
The doors to these things don’t just notify the owner of intrusions. They also tend to lock and unlock by electronic means, leaving serious questions about how investigators might be able to open them without weakening their security.
The German government has already been accused of promoting weak cyber-defenses by earlier this year passing a law that drastically expands the ability of the authorities to hack into people’s computing equipment in the investigation of a variety of offences.
The precise details of what is being discussed this week may only come out after the state interior ministers’ conference wraps up on Friday. A press conference is likely to take place on Friday morning.
If the interior ministers want to move ahead with the plan, they will need to discuss it with other ministers in areas such as justice, and then come up with a law that goes before the Bundestag.
There was another notable aspect to the reported proposal: that the authorities get, as a last resort, the ability to remotely shut down servers that are being used in a massive cyberattack.
That conversation has been going on for a while though, the interior ministry said, and whether or not it goes ahead will really be up to the next government.Previous and related coveragePolice get broad phone and computer hacking powers in GermanyThe German parliament has waved through a massive expansion of police hacking powers.Windows 10 picked as ‘initial’ OS for Germany’s new government client Despite EU issues with Microsoft’s personal data use, Germany is working on a Windows 10 client for federal staff.Germany’s new hate speech law goes live: So who’s in its sights? The NetzDG or ‘Facebook law’ is now in force with big implications for social networks.
Related Topics:
上海 探索大型超市食品安全"共治"新路径
EU
Security TV
Data Management
公司应该规范化管理信息系统相关硬件设备,规范设备选型、购置、登记、保养、维修、报废等相关流程,实时动态监控设备运行状态,定期进行巡检、维护和保养并保留相关记录。

猜您喜欢

【网安智库】信息安全监管工作评价指标设计浅谈
信息安全基础测试
网络安全法在线讲解-《网络安全法》的突出亮点 https://v.qq.com/x/page/u0514qmyllg.html
"绿色交通"发展蓝图出炉 鼓励城里人这样出行
RECIPES HEART
云计算安全的出路在“共享职责”