Can the state collect the data of its citizens in the name of security? Can citizens encrypt their data to combat such an intrusion? Europe's largest meeting of hackers debates the issues.
It is unusually dark in the Hamburg Congress Center these days. Lighting has been dimmed to a minimum in a space normally lit by thousands of bright lights. The 12,000 attendees of the 33rd Chaos Communication Congress - most, dyed-in-the-wool computer experts - apparently feel more at home in the dark. Once a year, hackers from around the world meet at the conference to exchange new ideas and to share their experiences.
One topic that has preoccupied the scene for years is that of data security, and the efforts of governments to peer into citizens' computers and cellphones. This year, discussions are being driven by recent violence in Berlin: The terrorist truck attack at a Christmas market in the German capital and the suspected attempted murder of a homeless man by a group of youths have ignited a debate over increased surveillance.
How can authorities stop potential attackers?
The Christian Social Union (CSU), Bavarian sister party to German Chancellor Angela Merkel's conservative Christian Democratic Union (CDU), for instance, wants to allow authorities to surveil and monitor citizens as young as 14 years old if there are grounds to suspect they may be potential attackers. The CSU also received approval for its proposal of arresting and deporting foreigners if they are prepared to take violent action against the state - even if they have yet to commit a crime. In order to discern who is planning potential attacks, surveillance of telephone calls, e-mails and short text messages is to be expanded.
Automatic surveillance has failed
Many visitors at the Hamburg hacker conference view these plans with skepticism. Frank Rieger is a spokesperson for the organizers. It is clear to him - despite current events - that "the automatization of surveillance has failed." Video surveillance, says Rieger, does not stop crime. Instead, criminals simply move to areas that are not monitored, or perpetrators cover their faces. More safety can only be brought about by putting more security personnel "on the street."
FBI hacking computers around the world
The question of whether law enforcement is playing by the rules in its pursuit of criminals is also an issue that occupies hackers. Journalist Joseph Cox, for instance, is convinced that laws are being broken. At the Hamburg conference, Cox showed attendees how the US domestic intelligence agency, the FBI (Federal Bureau of Investigation), overstepped established boundaries in busting a virtual child pornography ring.
Some two years ago, authorities identified the operators of the child pornography platform "Playpen," and took control of its server in February 2015. The FBI was given a court order allowing the agency to upload Trojans onto the computers of those who visited the site. The FBI sought to use these to determine the location of pedophiles accessing "Playpen." Cox said that the court had only given permission for one particular district in the US. But the FBI investigated some 8,700 locations in 120 countries, later notifying local law enforcement of its findings. "Child pornography is one of the most disgusting crimes there is, and it must be prosecuted," said Cox. "But those who rightly want to pass new laws, must also abide by existing laws." Cox garnered loud applause for his demand.
Smartphones in the crosshairs
How far do laws go? Can businesses be forced to cooperate with authorities? Kurt Opsahl, deputy executive director of the US civil liberties organization Electronic Frontier Foundation, addressed these issues in Hamburg. He used the example of a hotly debated fight between the FBI and Apple, in which authorities sought a court order to force the smartphone manufacturer to crack the encryption of an iPhone owned by a suspected terrorist.
Cellphone as the door to a user's soul
For Opsahl, the example illustrates two major developments: Firstly, that encryption technology and other security measures are constantly improving and better protecting citizens against access by authorities. And secondly, that intelligence services are trying to forbid the use of such tools by private citizens to ensure that law enforcement will always have access to a user's data. "Today, everything is saved on a cellphone - anyone who looks inside a phone looks into the soul of its owner," says Opsahl. He adds that users should therefore not only encrypt the data on their cellphones, but also their computers and in their e-mail communication.
Tips for personal data security
But, he also warned that anyone who suddenly encrypts everything could draw attention from authorities. For that reason, Opsahl's organization has developed tips for "Surveillance Self-Defense," meant to advise users on how they can most effectively protect their data.
Opsahl is convinced that US President-elect Donald Trump will increase pressure on companies to cooperate with police and intelligence services. He is concerned about the prospect. Thus, he has great expectations of the German government. "I would welcome it, if Germany, an important economic power within the EU, would support strong encryption technology."