Interior ministers of Germany's states are discussing whether authorities should be able to bypass the security mechanisms in smart homes and connected cars -- but not, the federal interior ministry says, by installing backdoors in those mechanisms.
The proposal before the ministers, who are meeting at a conference in Leipzig this week, comes from Thomas de Maizière, the acting federal interior minister, as first reported late last week by RedaktionsNetzwerks Deutschland (RND).
However, the interior ministry has disputed key aspects of RND's report of the proposal, in particular the suggestion that it wants to mandate backdoors in all sorts of internet-connected devices, including tablets, computers and smart TVs. Some local outlets even extrapolated the notion of the government tapping into connected sex toys.
To counter the uproar that followed the initial report, the government on Monday tweeted a video explaining what it was actually hoping to achieve.
The core issue is that, while investigators have long been able to plant bugs in cars and houses when investigating or trying to prevent a crime, that's becoming increasingly difficult. When home and car doors are connected to the internet, they will often alert their owners as soon as they detect any signs of intrusions.
According to the interior ministry, de Maizière's plan has nothing to do with tapping into connected devices.
The government only wants to be able to go to the manufacturer of a smart home or connected car system, with a court order, and order them to withhold the notification of an opened door at a preordained time.
"The goal is that the operators of such alarms and security devices are involved so that the use of appropriate tools is possible without the person concerned becoming aware of it," ministry spokesman Johannes Dimroth said at a Friday press conference.
He said investigators had been stymied by such technology in 25 cases over the past two years.
The timing of the proposal was certainly awkward. Because de Maizière's party, Angela Merkel's Christian Democratic Union, has so far failed to find a coalition partner following September's elections, the ministers from her previous administration remain in place for now.
But at the moment, the CDU's only hope for avoiding a minority government or fresh elections lies with the Social Democratic Party (SPD), the second-largest party in Germany and Merkel's main coalition partners in her last administration. And the SPD is not very keen on what de Maizière is reportedly proposing.
"The federal interior minister has apparently lost all political decency," SPD interior expert Uli Grötsch told Der Spiegel. "More access and surveillance does not automatically mean more security."
The Greens have also turned their noses up at the reported proposal, with deputy leader Konstantin von Notz describing it as an "Orwellian nightmare" and raising comparisons with state surveillance under the Nazi and East German dictatorships.
It probably goes without saying that the Chaos Computer Club, Germany's venerable hacker organization, is also not a fan. "Access to the technology in a modern car means danger for life and limb: a literal kill switch," spokesman Frank Rieger told Netzpolitik.
Even the German Bar Association has weighed in, with association president Ulrich Schellenberg saying a backdoor regime would be inherently disproportionate, while also making citizens more vulnerable to attack by third parties.
The interior ministry says all this reaction is overblown. However, even if de Maizière really is only proposing that security system manufacturers withhold notifications, that still doesn't clear up the technical hurdles that investigators would face when trying to bug a connected car or smart home.
The doors to these things don't just notify the owner of intrusions. They also tend to lock and unlock by electronic means, leaving serious questions about how investigators might be able to open them without weakening their security.
The German government has already been accused of promoting weak cyber-defenses by earlier this year passing a law that drastically expands the ability of the authorities to hack into people's computing equipment in the investigation of a variety of offences.
The precise details of what is being discussed this week may only come out after the state interior ministers' conference wraps up on Friday. A press conference is likely to take place on Friday morning.
If the interior ministers want to move ahead with the plan, they will need to discuss it with other ministers in areas such as justice, and then come up with a law that goes before the Bundestag.
There was another notable aspect to the reported proposal: that the authorities get, as a last resort, the ability to remotely shut down servers that are being used in a massive cyberattack.
That conversation has been going on for a while though, the interior ministry said, and whether or not it goes ahead will really be up to the next government.
Previous and related coverage
The German parliament has waved through a massive expansion of police hacking powers.
Despite EU issues with Microsoft's personal data use, Germany is working on a Windows 10 client for federal staff.
The NetzDG or 'Facebook law' is now in force with big implications for social networks.
Read more on connected cars
- Connected cars: What happens to your data after you leave your rental car behind?
- BlackBerry pens framework for securing connected and autonomous cars
- Intel and Ericsson 5G connected cars trial attains 1Gbps speeds
- Hyundai and Cisco drive towards the connected car
- 4 ways wireless carriers will change to prepare for connected cars (TechRepublic)
- Hyundai and Smartcar to trial connected car services (CNET)