The German Government and Political Parties on Encryption

Commentary and Translations by Christopher Kuner

Commentary: The German Government (made up of the conservative CDU/CSU faction and the liberal FDP) and German political parties have not yet crystallised their views on the crypto controversy, and there is in fact a wide variety of views among the various factions. The following represents a selection of writings on this theme by various participants in the cryptography debate in Germany on the political level. Broadly, it can be said that the CDU/CSU faction seems to favour some sort of regulation, while the left-wing SPD remains split on this issue. Both the FDP and the ecologically-oriented Bündnis 90/Die Grünen seem to be against regulation of cryptography. All materials were originally written in German.

CDU/CSU

E-mail of Dr. Gerhard Friedrich, Member of the CDU/CSU Parliamentary Faction

Commentary: The following e-mail was sent by Dr. Friedrich on January 30, 1996 in response to an e-mail question on this point:

January 30, 1996

Dear Mr. Hohrbacher,

Thank you for your e-mail.

Cryptography and its use in telecommunication is not within my area of responsibility. It was therefore necessary for me to gain information from the responsible parties, which took some time, also because the treatment and formation of opinion on this point in the Federal Government is not yet completed.

The present situation is as follows: It is not contested that there is a need for action by the Government in the area of the use of cryptography in electronic data communication.

Cryptography must be secure. I would in particular point to all areas of personal data (medicine, finance, applications, etc.) and commercial data (offers, financial statements, stock transactions, etc.).

At the same time it is clear that an offeror of cryptographic technology is in a position of great power.

In addition, a State must also, on grounds of State protection, be in a position to protect its citizens, i.e., if necessary to decrypt data and to have it decrypted.

At present different models are being discussed in the responsible Federal Ministries, which must satisfy basic legal and basic economic principles. This means that there can neither be a complete permanent content control of all cryptographic data by the State, nor a waiver by the State of its right to information in so far as its security or the security of its citizens seems to be endangered. A private company also cannot be completely free of sovereign oversight as a monopolist in the data which is encrypted by it.

The solution which is sought must fulfil the basic criteria set forth above. The Federal Government intends to decide on this point this year. In particular the final results of the commission appointed by the Federal Parliament (Bundestag) on "The Future of the Media in the Economy and Society - Germany's Way into the Information Society", which will also examine cryptographic issues, will be considered.

I hope that with this answer I have given you some insight into the present state of this discussion within the Federal Government and the CDU/CSU faction in the Federal Parliament.

Sincerely yours

Dr. Friedrich

FDP

Statement by Prof. Dr. Edzard Schmidt-Jorzig

Commentary: The following e-mail was sent in 1995 by Prof. Dr. Edzard Schmidt-Jortzig, a German law professor and presently Federal Minister of Justice, while he was still a member of Parliament and before he had been named to Justice Ministry. Prof. Dr. Schmidt-Jortzig gained particular fame in the Internet community as the result of an interview given to the German news magazine Der Spiegel on March 11, 1996, in which he recognised the futility of attempting to regulate the Internet by legal means. The present answer to a question illustrates that Prof. Dr. Schmidt-Jortzig seems to have a similar liberal attitude toward the regulation of cryptography.

Cryptographic Processes in the Internet

This question was posed to me many times in the last few weeks. I have answered it up to now as follows:

"This question is for me relatively new. I would therefore like to only answer to the extent which I believe that one should. Cryptographic processes are without a doubt necessary both for the development of commercial use of networks and for the protection of the private sphere. And a procedure must also be used which cannot easily be decrypted by third parties.

At the same time it cannot be denied that a method must be found which can, as in regard to mail and telephones, provide control by legal process (!) with regard to mailings of individual senders or recipients. And in this regard there are considerable technical problems, as in the case with cellular telephones. There are certainly secure codes, which cannot be broken or can be broken only at great expense. But this is also the case potentially in regard to letters. The problem must therefore be solved by the parties seeking to wiretap, and possibly to reach corresponding conclusions from extreme secrecy.

The practice up to now shows that suspects who are aware of the danger of wiretapping generally switch to other methods of communication and do not send encrypted messages. I cannot imagine that, while weighing the informational self-determination of the individual, which is worthy of protection, with the justified interest in the possibility of supervising electronic communications, one would forbid every form of effective secret communication. At my present state of knowledge this would seem to me rather out of proportion.

There is one point which is extremely problematic, and which I have been referred to in numerous mailings. I have hitherto assumed that reception and decryption of messages is possible. However, this point is contradicted by such mailings. I also assumed that powerful keys would only seldom be used. However, in reality, they seem to be widely used. If both of these points are true, then it means that one must either accept that there is absolutely no control possible in this regard, or that certain cryptographic processes must be forbidden, if such an unacceptable situation in regard to security policy is to be prohibited. However the question arises how such global structures will be regulated by means of national law."