Germany Preparing Backdoor Law

The German Interior Minister is preparing a bill that allows the government to mandate backdoors in encryption.

No details about how likely this is to pass. I am skeptical.

Posted on December 6, 2017 at 9:06 AM • 47 Comments

Comments

Debora Weber-WulffDecember 6, 2017 9:42 AM

This would indeed be serious, but it is just a report on an upcoming consultation that was reported by one news outlet and then rather breathlessly and without addional facts reprinted in 30-40 others. There are no details available for discussion at the present time. The acting minister has stated (http://www.zeit.de/digital/datenschutz/2017-12/ueberwachung-wohnraum-de-maiziere) that he "only" wants to make it easier for law enforcement to bug houses or cars of suspects. We shall see. In any case, Germany will be without a government for 3 months come Christmas, so there will not be any new laws getting themselves passed in the near future.

caneDecember 6, 2017 9:42 AM

I'm a native German speaker and I know this proposal.

The German government do NOT want backdoors in encryption. It is the main line of the Germans to break encryption (by site channel attacks on bad implementations, attacks on keys or bugs in the security coancept oder trojan horses or anything like this).

The new proposal want backdoors in security for all devices, which may be connected with the internet to turn this devices in surveillance devices:

Examples:

- It should be possible to use Smart-TVs with internet connection for indoor surveillance of flats only be remote control via backdoor.

- It should be possible to hack the security systems of a car to avoid allarms if an GPS tracking devices is intalled in the car.

To be clear: the new prposal is NOTHING about encryption!


(Not all about security means "backdoor for encryption".)

oliverDecember 6, 2017 10:03 AM

Hallo Hier spricht ein Deutscher :-)
There is no way in hell that anything like that is going to pass through our Bundestag and Bundesrat.
The lobby groups are strong on tnis, to oppose it mightily.

Cheers, oliver

TatütataDecember 6, 2017 10:20 AM

It's a bit of old news or non-news. I can't find any recent relevant reports in outlets such Die Zeit, Der Spiegel, or Süddeutsche Zeitung, and I don't see what could be done in that area at this particular point in time. The holdover government presently in place can only be a caretaker for emergencies, while negotiations for forming a new coalition are still ongoing.

Last week the outgoing minister for agriculture Christian Schmidt (CSU, Bavarian conservative) pulled a fairly stupid stunt by sending unannounced his ministerial approval to Brussels renewing the EU-wide authorization for Monsanto's Roundup for another five years. That decision was technically within the limits of his authority, but it enraged the former, and possibly future, coalition partners. The Chancellor pretended that she had nothing to do with it.

I therefore don't think that this is the right juncture for any major legislative initiative, or even for secretly shoving garbage through the back door.

I have as much contempt for interior minister Thomas de Maizière (CDU) as his counterpart at justice Heiko Maas (SPD), and I trust that they would have no compunction whatsoever in weakening privacy. Everything they touch seems to turn to crap anyway. It's way too easier to pass new laws for show, than to fix what actually went wrong in events of recent years.

The source for the "bleepingcomputer.com" story, "RedaktionsNetzwerk Deutschland", seems to be an outsourcing shop for regional newsrooms: "Die Gemeinschaftsredaktion der MADSACK Mediengruppe liefert vom Textmodul bis zur kompletten Seite individuell konfektionierte Pakete." I have my doubts about the quality of their product.

Petre PeterDecember 6, 2017 10:22 AM

"The deficit mounts."
EU can learn from US https://www.apple.com/customer-letter/
US can learn from EU " data about me belongs to me not to the ones who store it"

Concerted efforts to weaken encryption across the globe.

Since Union and United are similar i need to pay attention to precedence--European American or American European? Again, precedence is the road block. First names had to be last names before last names became first names. Agreement is a right click away but alas i cannot build credit with pseudonyms unless i am talking about European Union, or United States.

readerDecember 6, 2017 10:30 AM

Well, parliament Bundestag of course could decide about bills - even it is uncommon in a time with no formal coalition. But it would not be the first time that the biggest party talks its (ex-)partner into something the (ex-)partner had flatly denied as impossible months before... Depending on outcome of possible coalition talks there is a good chance that the porposal will pass in one or another form. BUT: There is an even better chance that it will fail some months later with the judges of the constitutional court "Bundesverfassungsgericht" which hasn't shown to be very open to massive surveillance plans... But it is rare that a (this) minister's proposal completely disappears.

Not sure whether there is more risk for the proposal when industry decides to give it flak due to insurance and liability questions. The hidden wish to influence connected things from the outside allows for terrible fantasies...

phred14December 6, 2017 10:34 AM

Let's assume for the moment that this was about encryption, though it has been stated that it is not.

What if the US government requires a backdoor, and the German government requires a backdoor, and no doubt the UK, and China, and Russia, and the list goes on.

Are these nations willing to share the backdoor, or do they all want to continue pretending that they're the only ones with a backdoor? As if one backdoor isn't too much, it sounds as if commercial software will be riddled with them. It also sounds as if software will need to be nation-targeted, to make sure people buy the right backdoor.

Can't they make do with metadata?

ParkerDecember 6, 2017 10:36 AM

@cane

I don't know about Germany, except the people have strong resistance not present in the US. The reason I am watching this is because of similar, seemingly crazy, demands and proposals in the US. In the US, it remains possible by incredible legal maneuvering.

But something doesn't add up.

See "he also wants to require the industry to disclose its 'programming protocols' for future analysis." Presumably, this is what you mean by attack by side-channels, etc.
But, isn't that a chief tenet of encryption, that full-disclosure does not weaken protection? So what if the protocol is disclosed? I don't get it.

Security SamDecember 6, 2017 11:21 AM

Behold the bold German artifice
Mandating use of a back orifice
With each vendor an accomplice
That will bring down the edifice.

EvanDecember 6, 2017 11:34 AM

@cane, others:

It's a specious argument that this proposal isn't backdooring encryption. Mandating a backdoor in a device to circumvent normal authentication procedures that use encryption will accomplish the exact same thing as mandating a specific encryption protocol with a backdoor in it. You might as well say sticking up a bank with a gun isn't robbery because the bank is choosing to hand you their money.

In any event, such a law is unlikely to pass, unlikely to be approved by the Federal President if it does pass, and still less likely to be permitted by the constitutional court if it were enacted, and lead to the complete death of the German IT industry if it were permitted.

AnonDecember 6, 2017 11:51 AM

I'm beginning to think that we should just allow some country to try this inanity out (as long as it's some other country than the one I live in - which this is).

The immediate collapse of the system, and people turning the surveillance apparatus back on the politicians peddling this crap would be both entertaining and instructional.

After all, it will be only a matter of hours/days/weeks before someone legitimately entrusted (of the millions who will need to be) with the keys makes them public on the internet. Then, since there's no hope of timely software/hardware fixes, privacy will effectively be dead for everyone, and hilarity will ensue... if you're not German, at least.

TatütataDecember 6, 2017 11:59 AM

Why does it suffice
That through artifice
and a lot of malice
to make all dark like licorice

(I know, I know, it's awful. Not on the head, please.)

I found this item from 8 November which de Misère tried to push during the failed attempt at a "Jamaika" ("Black"+"Yellow"+"Green") coalition.

However, at the state level, some are pushing for Trojans that provide quite the opposite of protection...

In Hesse, the CDU+Green coalition was indeed very recently preparing a law providing authority to implant spyware on computers, but this attempt was apparently foiled by a campaign initiated by the CCC.

WaelDecember 6, 2017 12:10 PM

@Security Sam,

:)

@Tatütata,

(I know, I know, it's awful. Not on the head, please.)

No. Pretty good. Next time steckenbleiben a German word in it.

to make all dark like licorice

Darken it like licorice :)

AlejandroDecember 6, 2017 1:06 PM

Is it coincidence we found out just very recently about the built in back door to Apple's macOS High Sierra devices: type in "root" as the user, click twice, you are in. (After being fixed, the next update re-created the feature.)

Very convenient for use by in the know LEOs, etc.

Also, certain operating systems have built key loggers, as a feature, that can and do legally log everything then faithfully report back to the mother ship. Which I suppose includes passwords. Is it possible passwords are made available to LEOs from time to time?

My point is, a lot of this backdoor talk could already be, secretly, operational and the various governments are working ever so quietly to legislate to make them legal, just like the Patriot Act and all the other vermin that followed.

I would be one of the first to say that's all foil hat stuff, but so many times it has been the real deal. Would anyone be surprised anymore?

Clive RobinsonDecember 6, 2017 1:13 PM

@ Bruce,

No details about how likely this is to pass. I am skeptical.

Don't be skeptical, treat it as a very real threat and act accordingly.

Those pushing for this sort of nonsense are parasites wispering in the ears of politicos... The way to stop that sort of "pillow talk" working is to scare the politicos that they will be either strung up from the nearest lamp post or worse still cast into the political wilderness forever branded as fools and knaves.

Being nice does not work with the parasites as they quite literally have nothing to lose, thus you have to scare the legislators more than they can ever do. It's kind of power politics 101.

Clive RobinsonDecember 6, 2017 1:49 PM

@ Tatütata, Wael,

to make all dark like licorice

In the UK it's not pronounced as "lick-or-ice" but "lick-or-ish"

So a new line,

    to make all as sinfull vice

WaelDecember 6, 2017 2:00 PM

@Clive Robinson, @Tatütata,

Strange! It's pronounced the same in the US. I just wrote the suggestion without actually pronouncing the word. Amazing, I'm weird.

WaelDecember 6, 2017 2:25 PM

No details about how likely this is to pass. I am skeptical.

So if it doesn't pass does that mean Germany won't allow backdoors? Can companies be sued if a backdoor is discovered in devices they manufacture? What's the implications?

And if it passes, would it be illegal for an owner of a device to disable a backdoor (close it shut?)

hmmDecember 6, 2017 3:53 PM

"Can companies be sued if a backdoor is discovered in devices they manufacture? What's the implications?"

Same as before. This new law is only about their GOVERNMENT putting in backdoors.

de La BoetieDecember 6, 2017 3:57 PM

@clive's comments are spot on. The truly dangerous thing going on is the deliberately concerted messages being fed into various nominal democracies, via compliant toerag politicians. Let's say, by the dark IC community who have a global vision of their expanding empire of rent-seeking.

It's a salami-slicing approach with sometimes outrageous proposals, but aimed to soften up the body politic for imposition.

There have been a wave of similar examples referring to device encryption, end-to-end messaging, and compulsion on "communications providers" to alter their products according to a nation government - and after all this is already in the UK's Investigatory Powers Act in a notoriously vague way, which makes no sense at all as a single jurisdiction thing.

TatütataDecember 6, 2017 9:47 PM

Aaargh, I'm embarrassed, but it that both pronunciations of licorice exist, even though the -ish version does appear to be the more widespread. Another barrel of ghoti

So either fix it by using another word such as kiss, miss, swiss, but not lice or mice.

Or insert gratuitous German as requested, pulling something out of a rhyme dictionary that ends in "-is", "-iß" or "-iss".

Candidates include Wildnis, Fliegenschiss, Filmriss, Dünschiss, Abriss, Imbiß, Beschiß
Zungenbiß, or Zervixriß (ouch).

But I will instead insert some gratuitous French instead of German, and replace "licorice" with "réglisse", which is the actual translation. Et voilà, done!

WaelDecember 6, 2017 10:48 PM

@Tatütata,

World-class literature 101 and lab. Thank you very much.

(After she found out that Obama was eavesdropping on her. He was basically hiding inside her cell phone)

But I will instead insert some gratuitous French

I never got into French! Took one course and dropped out after one class. They spell missio as Mansour or something like that. If I ever use a French expression, rest assured that I copied it from somewhere (and I probably don't know what it means either.)

Clive RobinsonDecember 6, 2017 11:21 PM

@ Tatütata, Wael,

Yes ghoti and tchoghs is a phaighpheawraibt especially when brought to me by the psourrphuakntw.

I suspect that Ketchup was not a word when Alexander John Ellis did his word list, but it's forerunner kat-sup certainly was in 1845 but did not make it on to his list.

Mad as it might sound there are little clubs of people that hunt these spellings out and the humble potato has something like fifteen of them...

How I aquire this sort of odd fact is almost as much of a mystery to me as it is to those who ask, so that's saved you a question...

Oh if you live in Leicester (pronounced "lester") you might well of heard of "Beaver Castle", but you will not see it on a map but you will find the vale of "Beauvoir" with the Duchess of Rutlands little pile. Beauvoir is a not uncommon mangling of French into English, in this case it would be "Good view" Castle which if you go there realy does have a nice view down the vale. Not so nice to look at by a long way is South East Londons "Elephant and castle" which is supposadly derived from the name of the lady who was supposed to pay for the upkeep of London bridge from it's rents... This was Henry III's consort Eleanor of Provence because she reputedly spent the money on a few dresses the bridge fell down... However the dates are wrong for that also she was not a child of Castille. Thus we find ourselves looking through history till we find Henry VIII's much loved first wife Catherine of Aragon, who was an "Infanta de Castille" which could after a good mangling by the rough and unncourtly English tongue might have given rise to an approximation to "Elephant and Castle" the original public house was named...

Oh and to answer the other question, you have now been distracted from,

fish,chips,favourit,servant ;-)

GweigirDecember 7, 2017 7:00 AM

@Wael:

Devices for covert surveillance are illegal to own in Germany. There was a recent case of some "smart" doll. If car makers turn their cars into surveillance devices without a new law that explicitly permits this, owning such a car would become illegal.

So, no, the usual fascists cannot just "ask" car makers to put in surveillance functionality in Germany.

Andreas December 7, 2017 7:55 AM

For the moment, I do not think this will pass. But wait for one more generation or so... and topple that with a number of terroristrelated attacks in some european countries. Then its all over Stasi again... sad.

AlejandroDecember 7, 2017 7:56 AM

@Gweigir

Tesla cars continuously transmit what they're doing in detail, including precise location, and feed that back to the company. It's called Telematics. Also, by policy they will provide car/driver data to police and there is no opt out. Also, it's been hacked already by some smart guys.

I assume there are few Teslas roaming the Autobahn, and thus there goes German privacy law....in the toilet.

The reason I know this is I researched Tesla data tracking when I thought I might want one. Of course, I don't anymore. I would think the GM Onstar system is very similar. Another make I won't own.

Wait 'till real self drivers come along...they will be the most intimate tracking, surveillance and marketing devices ever created. I've read there will be multiple cameras, microphones and speakers INSIDE the driver compartment, just to watch you.

Every Breath You Take
by, The Police


Every breath you take
Every move you make
Every bond you break
Every step you take
I'll be watching you

Every single day
Every word you say
Every game you play
Every night you stay
I'll be watching you

Oh can't you see
You belong to me
My poor heart aches
With every step you take...

fredDecember 7, 2017 9:12 AM

Is anyone else worried about a DOJ that can throw you in jail for years for not providing information while at the same time they refuse to provide subpoena documents to congress?

Add back doors combined with third party application and any traffic that crosses our international borders, and they can circumvent the need warrant.

my only thought is "WTF?"

WaelDecember 7, 2017 9:22 AM

@Gweigir,

If car makers turn their cars into surveillance devices without a new law that explicitly permits this, owning such a car would become illegal.

So the consumer is penalized, and not the manufacturer? Makes a lot o sense!

So, no, the usual fascists cannot just "ask" car makers to put in surveillance functionality in Germany.

But they can covertly backdoor the car and nail the owner if the backdoor is ever discovered. Sounds like fascists got their backs covered real well!

@Clive Robinson,

Yes ghoti and tchoghs is a phaighpheawraibt especially when brought to me by the psourrphuakntw.

I see your spelling impediment curse is improving! Muahahaha :)

CallMeLateForSupperDecember 7, 2017 9:25 AM

Desensitize youngsters to constant electronic surveillance. Yeah, like that's appropriate and funny.

I was amused that my very first search engine hit was Amazon for Germany.

"Dummy surveillance camera for your naughty little elves
Red flashing LED to resemble a working security camera
Includes 2 screws and plugs to mount to a wall or ceiling
Pretend that Santa's watching to ensure that kids behave"

£5.99 (Britain); EUR 5,50 (Deutschland)
https://www.amazon.co.uk/Surveillance-Dummy-Camera-Christmas-Accessory-Black/dp/B074K6FW6B
https://www.amazon.de/Elves-Behavin-Badly-Surveillance-Camera/dp/B074K6FW6B

Clive RobinsonDecember 7, 2017 10:00 AM

@ fred,

Add back doors combined with third party application and any traffic that crosses our international borders, and they can circumvent the need warrant.

Welcome to the modern world of WASP (un)representational democracy as practiced in the Five-Eyes nations and comming to a front door close to you real soon.

You just have to accept that you are guilty as charged, or will be when some bum in a uniform can be bothered to type your name in, hit enter, then get off the office chair to pick up and then hit you with the paper work.

Back in Rome it used to be "Bread and Circuses" to distract the citizens, with good old blood and guts as entertainment and a relatively short if painful demise for those selected for short lived fame.

Now in Chicago / NYC / Washington the entertainment is a little more psychological, if not psychotic... Where you will be paraded, degraded, humiliated, and mentally tourtured for the entertainment of the masses. Before being confined to a little hole somewhere under Special Administrative Issolation denied real light, fresh air, excercise sleep and even human contact till even you will nolonger know who you are or care. If it's not with you yet it's coming real soon now.

Because the important thing is not that justice be done in our modern world, that requires honesty, integrity and real labour by the investigators. Thus it's way more efficient if justice is seen to be done by the masses regardless, so why waste the manpower to investigate. The whole purpose is that the citizens get to see you as the message.

The USG may not legally be alowed to use propaganda on it's citizens, but a good show trial serves as both entertainment and propaganda. Almost exactly as predicted by George Orwell seventy years ago. Oh and the only reason it's not quite here today is bureaucrat inertia moves with all the speed of a dead rat in a sidewalk gutter, which is your other option if you chose to run from the authoritarian donut munchers...

Yes it's a little noir as a prospect, but the tunnel ahead does not appear to have any light at the other end currently... So smile whilst you can...

Petre PeterDecember 7, 2017 11:23 AM

@Clive Robinson

Yes it's a little noir as a prospect, but the tunnel ahead does not appear to have any light at the other end currently...

i cannot smile if the light at the end of the tunnel is a train. i can...buy some time, if i run from the inevitable, instead of running towards the inevitable. i am still just trading time for space hoping that trade will help me find space where i can spend time. The other possible solution, depending on the width of the tunnel, is to get on the board. Which in essence means i am getting “a life in the dreamer’s dream” —still an exit if we agree that the mystery is an exit from universal captivity—still i cannot know where the train is going, otherwise it’s wiser to stand still in the tunnel. Wishing_well!

vas pupDecember 7, 2017 12:38 PM

Looks like currently NSA does not need any back door - it could penetrate any network in the world (allies as well as enemies). That is required breaking encryption as part of TAO operations.
I am doing such conclusion based on information provided in the book 'Dark Territory'.
When all that noise related to breaking into IPhone (by FBI) popped up, I was curious why they need private contractor to complete the task rather than ask help from NSA. I guess NSA want to keep their tools for extreme cases on national security being within DOD, not DOJ.

leserDecember 8, 2017 11:07 AM

@Gweigir,

If car makers turn their cars into surveillance devices without a new law that explicitly permits this, owning such a car would become illegal.

Cars already now aren't deaf and blind. Police is eager to i.e. get data extracted from airbag control (which had to be done more or less reluctantly by the companies) retrieving a lot of useful physical data about the last (30?) seconds before the accident. Your car may be testifying against you. And there seem to be more of this little snoops built in already now...

Gerard van VoorenDecember 8, 2017 1:28 PM

@ Clive,

"Don't be skeptical, treat it as a very real threat and act accordingly."

I don't like this at all, but I am seeing this kind of political non-sense coming all over now, including in The Netherlands, which I might see as a front-runner of this. The Netherlands is always "in front", except with logic and common sense. But I agree with what you say. They are becoming professional legal hackers and they also use close source tools (read: Hacking Team and the likes). It's scary and inevitable.

SchwartenmagenDecember 8, 2017 2:04 PM

In the early 90s, a developer and vendor of encryption software located in Western Berlin was forced by the German (Western German, back then) secret service "BND" to halt development and sale of his encryption software, since he refused to implement a backdoor. (It was a software that run on DOS.) Since the early 90s, all encryption software from Germany feature backdoors. Moreover, this also applies to secure file wiping software. Do not ask me how that is being implemented in the latter but that is what an encryption specialist from a different country has told me during a phone conversation. This, however, refers to most secure file wiping software, i.e. not just German ones, whereas the back door issue with German encryption software is quite an old story, albeit not widely communicated.

ghotiDecember 8, 2017 2:29 PM

@Clive Robinson I have always said 'likkoriss'. I happen to live in the place I was born in, but I've lived in quite a few places in between. But I was an army brat, and my parents were educated. I think that 'likkerish' is general american, or perhaps canadian. I've certainly heard it here. But I hear 'likkoriss' as well.

justina colmenaDecember 8, 2017 3:47 PM

This is absurd. Businesses large and small as well as private individuals struggle in vain to keep common thieves out of their computers and a foreign government is mandating back doors.

Add to this the tolerance of the German government to all manner of abusive sexual relationships and non-consensual "BDSM" as in "50 Shades of Grey" and for the third time in history we the people of the United States face military hostilities with Germany.

The Selective service System is broken. "Men" ages 18-25? Get real. Any able-bodied man at least up to 45 is eligible for the draft. And we're supposed to send our boys off to war to be picked up by sophisticated foreign women? No. We need women equally well in the draft.

Women may not always have been "officially" placed in combat, but they nevertheless have had to do dangerous "men's jobs" in WWII and many other wars.

Gender is too much a hot-button issue for the military. Chelsea Manning ("as" transgender) was picked up and singled out by the media because of a certain political ideology that iss in conflict with many of the general goals of the U.S. Department of Defense, which have been established by the people.

HornusserDecember 8, 2017 4:00 PM

@justina colmena: I fully agree with you, Mrs Justina. The Germans are bad. Very bad. So bad. Bless you.

Clive RobinsonDecember 8, 2017 5:15 PM

@ Schwartenmagen,

Since the early 90s, all encryption software from Germany feature backdoors. Moreover, this also applies to secure file wiping software.

It's not that difficult to do...

The first thing you need to remember is that to "securely wipe" / delete a file is you don't actually delete it. What you do is "overwrite it" multiple times with supposedly "random" data.

To actually overwrite it in many cases the file is read into a buffer, this is then overwritten and then written back to the storage device in the same place.

There are verious reasons given for the read then write. The primary one is it supposadly stops low level operations from just writing to a new available sector from the free list rather than hit the actual HD platter sector or Flash ROM row.

However if you know what the original data is you can simply encrypt it instead then write that back rather than random data. The point is you would not be able to tell unless you had the crypto key. In fact the crypto algorithm can be a very weak key stream and XOR or ADD function.

The thing is it does not matter how often you encrypt with the XOR or ADD function, you can "short circuit" them back to a single key stream.

The next question is how to get around the "overwrite with ones" and "overwrite with zeros". Obviously if this is done at the file level the data will be gone. The issue is how to make as though it has been done. The easiest way is to not do it at all and instead do various tricks with the free list, so it looks as though it has been done.

The thing is that on most modern drives they are of such a size that you are not going wrap the free list around any time soon if at all. Thus you can pull sectors off the top of the free list that you can overwrite with ones and zeros, whilst actually tucking the encrypted sectors in at the other end of the free list...

Whilst this works it will be detectable by anyone taking more than a simplistic look at the storage device. The thing is that the way commodity OS's like those from MS is that there are many places you can hide an encrypted set of sectors in the equivalent of swap/page space and in parts of the journaling system.

Then there are curious tricks of using Forward Error Correcting (FEC) codes to make file systems where a file can be lost or destroyed but can still be recovered. Known as "Erasure Code"[1] put overly simply three data files can be made to be difference files of each other with a fourth file being a difference of differences file. Thus if any one of the four files is damaged or deleted it can be reconstructed from what is the difference between the other files. Thus the three data files are recoverable even if you deleat one of them entirely by writing it all to zeros or all to ones etc. Whilst this trick can still be spotted by someone who knows what they are looking for most people will miss it.

There are other such tricks that are harder to spot, but none of them require force balance SEMs etc to recover the data of a deleted file or many files...

Whilst I know one or two tricks, to do this off the top of my head I'd be prepared to bet there are quite a few others I don't know of immediately. But also if I was given good cause to think up another new one I probably could in fairly short order.

Modern hard drives by the way for reliability reasons actually have way more storage on them than you can see at the SATA etc interface... Which means that if your wipe program has sufficient privileges and knows the right storage device commands it could tuck away between 20-25% of the total declared space at the interface level. Which with data compression means that between 30-50% of the advertised storage could be hidden away... Out of sight of all but a few specialized tools...

Which is possibly the reason I still like individual file encryption at the application level and the old technology of floppy disks and big magnets, and CD-RW/DVD-RW with a fifty dollar microwave oven. When it comes to storing files I'm going to need to securely erase at some point...

[1] https://en.m.wikipedia.org/wiki/Erasure_code

The TruthDecember 8, 2017 7:07 PM

If you have ever watched German porn, "mandated backdoor" sounds complete par for the course.

SchwartenmagenDecember 9, 2017 12:04 PM

@Clive Robinson: Thank you very much for the lengthy explanations. I have filed your explanations and the Wikipedia reference and must find some time to discuss this with the earlier mentioned encryption specialist.

I know that secure file deletion of flash drives is an issue and that no solution has been found. This refers to SSD drives, USB sticks, and SD cards. I don't know of any software that would be suited for this task, e.g. secure erasing one single file on a - let's say - USB stick without causing wear levelling.

Anyway, thank you again for the time taken.

TatütataDecember 9, 2017 12:36 PM

Destroying memory can be an art by itself...

Which is possibly the reason I still like individual file encryption at the application level and the old technology of floppy disks and big magnets,

And you get good exercise practicing the famed Rose Mary Woods Stretch.

and CD-RW/DVD-RW with a fifty dollar microwave oven.

That was about the most entertainment you could get from AOL CDs that was thrown into your mailbox by the locust swarm. :-)

I also used to fry chips (the epoxy 28-DIP kind). The local electronics shop sold used OTPROMs for a bargain price. I picked up a bag of them, perhaps thinking that some patterns could be potentially useful.

They are somewhat smaller than a half-wavelength (lambda~=12cm @2.45GHz), but they still pick up quite a bit of energy. IIRC, I first put left them on the bottom with a glass of water, the idea being that the magnetron wouldn't see excessive reflections. Eventually I did away with the water, and just placed my victims over an inverted tumbler glass.

I also tried juicing them, connecting pins 1-14 to one rail, and 15-28 to the other one, and power the lot from a beefy power source.

At 12V the epoxy bubbles and emits noxious fumes.
At ~30-40V you will get a nice jet of sparks for a second or two.
At the AC mains voltage you will just hear a sharp POP, and find a crater where the chip used to be.

All this know-how could become useful again when I will need to dispose of Flash memory (USB sticks, etc).

In addition to interleaving, FEC, etc, hard disks can harbor fragments of data in the VM file.

I must have gathered enough HDDs over the years to seriously fill up a shoe box, and this is increasingly becoming a problem. I think I would pay for a facility where your old HDD is reduced to dust right before your eyes.

A few years ago I disposed of an old PC at the local recycling yard. A couple of hours later I realised that there was an HDD left in it, which probably contained sensitive data. I went back to the yard, and pleaded with the attendant. He finally relented, and let me get into the container where I quickly found my junk. I couldn't take the HDD with me, but I was allowed to destroy on the spot. I must have banged on the thing with a hammer for 20-30 minutes, until the cover was off, the electronics destroyed, and the disks scratched and warped.

Clive RobinsonDecember 9, 2017 2:00 PM

@ Tatütata,

And you get good exercise practicing the famed Rose Mary Woods Stretch.

Ahhh back when aerobic excercise was only muttered by the more radical members of the medical profession, as it was considered dangerous for young women to perform. Let alone the new fangled hippy tie dye yoga thing, bound to inflame not just the senses but the passions as well in those staid[1] times... Remember a certain book had finaly just come out[2] to the horror of all Republicans and Conservative preachers, with other attempts made to avoid if not suppress the issues of certain medical papers behind it to do with "nerve nexuses" all very seditious etc.

The US was already on the downward slope, as some claim 1969 was the last time the US showed it was great...

Speaking of the 60/70s and computer parts,

I also tried juicing them, connecting pins 1-14 to one rail, and 15-28 to the other one, and power the lot from a beefy power source.

In the late 1970's London's Edgware Road was famous for emporiums selling off old Military Radios and second hand computer bits and electronic components.

A friend and I were very much into Pirate Radio from the electronics side and accumulated vast quantities of electrolitic capacitors and LEDs from kit we stripped down for parts that we then sold on.

The question was what to do with the blasted electrolitics, mainly they had gone leaky which was why the equipment they were in got scrapped in the first place. The domestic refuse guys would not touch them so we had box after box of the darn things. After having one expload during testing as it got reverse volted for some reason that is lost to memory, and having my friends parents come rushing into the garage due to the noise, they saw us gasping in the acrid smoke as we managed to escape with red rimed eyes and burning coughs.

We were told the caps would have to go... After his parents went off shopping I joked it had gone off like a thunderflash and explained how we used thunderflashes as phoney mortars. The idea occured... Less than half an hour later two fully charged car batteries a four foot section of plastic overflow pipe and some jump start leads were pressed into service for an experiment. These electrolitics were quite large at just under a couple of inches diameter they just snuggly fit the overflow pipe. So we screwed the ends of the jump leads under the terminals of the first cap put it in the end of the pipe and pressed it at around 30 degs from vertical into the ground. Roger connected the two leads to the batteries and just a second or so later there was a loud bang and to our amazement the aluminium can flew maybe ninety to a hundred feet in the air on a trail of what looked like confetti it shot over the garden wall over the road and hit the roof of the house the otherside close to the ridge tile...

With in a few minutes we had the firing rate down to a couple a minute and were getting them over the house on the otherside of the road where the occasional tinkle told us we had found the range of their green house...

But what of the LEDs like you we found that a high voltage produced a very very intense but extreamly brief flash of red light befor it exploded in a brief orange ball of flame and red plastic shrapnel... I will let you guess what 150 leds soldered onto two copper wires that had been U-pin stapled to a plank fed by a 100watt 10ohm vitrious enamle wire wound power resistor and a big meaty 20amp bridge rectifier fed from a big switch and 240V AC...

All I can say is that as we did it in the dark it took around five minutes to be able to see again. One of the neighbour who's house was around five hundred feet down the road reported to Rogers dad that there had been a blinding red light flash off the backs of all the houses down the road...

Oh with regards,

I couldn't take the HDD with me, but I was allowed to destroy on the spot. I must have banged on the thing with a hammer for 20-30 minutes, until the cover was off, the electronics destroyed, and the disks scratched and warped.

Another reader of this blog who still drops by from time to time tells a story of a more fun way of making a hard drive unreadable... It involves a gun range and a magnum hand gun and a large box of amunition...

As this post is getting a bit long remind me at some time to tell you the story of how a local farmer got an unexpected new duck pond in a field and stories of WWII bombs going off. Oh and another about angry poltergists dropping inch diameter pebbles from the sky (or that's the story that appeared in the local rag ;-) The 1970's were way more relaxed than we are today... Oh and another story from "down on the farm" of coitus interruptus by shotgun on the up stroke very early one sunday morning...

[1] Remember whale bone was still very much in demand back then for a core set etc.

[2] https://en.m.wikipedia.org/wiki/Masters_and_Johnson

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.