Germany has a unique relationship with encryption that stands in stark contrast with that of the U.K. and France. The country doesn’t have any existing laws that prohibit the use of encryption, compel users to disclose their keys, or require mandatory decryption of encrypted data. In fact, encryption has been strongly endorsed by the German government for many years. A recent series of joint letters to the European Commission from the German and French interior ministers calling for encryption controls through legislation may signify the beginning of a shift in national policy, following the trend we have seen in the U.S. and other parts of Europe. Or, it may simply signify a divergence of opinion on the issue between law enforcement and other parts of the German government that have long championed encryption as an important tool for data privacy and security, similar to the U.S. government’s own internal disagreements on the issue.
The legal and political landscape of surveillance in Germany, with its history of Nazi and Stasi repression, is quite unlike that of the U.S., the U.K., or France. In contemporary Germany, data privacy laws are among the strongest in the world, government surveillance is strictly regulated, and the right to privacy is especially strong. The German government explicitly encourages its citizens to use encryption, including end-to-end encryption systems in which only the sender and recipient can decrypt the message. However, at the same time that it supports the use of strong encryption, the government conducts widespread investigatory hacking to gain access to encrypted evidence and intelligence. To govern that activity, Germany has a complex legal regime that regulates the use of hacking to access data before it is encrypted—a framework that was amended just last month to sharply expand the government’s hacking authorities.
About the Series
The right to use strong encryption technology—like the encryption that secures your iPhone or protects your WhatsApp messages—isn’t only under political attack in the U.S. Governments in the U.K., Germany, France, and other European countries have recently taken steps toward undermining encryption.
Although these local debates have engaged a wide range of policymakers, privacy advocates, and internet companies, they’ve been taking place largely in isolation from one another, with limited sharing of information, arguments, and advocacy tactics between those countries’ policy communities. This series of papers will fill in some of those gaps by recounting the legal landscape and political rhetoric in various European capitals. This is the second of those papers, focused on the encryption debate in Germany. The other papers in the series cover the encryption debates in the U.K. and France.