This blogpost is part of a series of articles on this topic. I will thus not do a full intro here, for the background see

• Ein paar Thesen zu aktuellen Gesetzesentwürfen
• Ein paar Gedanken zur „Überwachung verschlüsselter Nachrichten“
• Chat Control vs. File Sharing
• Encryption vs. Lawful Interception: EU policy news
• A review of the “Concluding report of the High-Level Group on access to data for effective law enforcement”

As I am now a member of the  EU expert group which is tasked with coming up with a solution, I have been thinking a lot about this problem.

An interesting train of thought turned out to be the question “We managed to give Law Enforcement (LE) wiretapping powers in old-style phone networks, but not in modern, Internet-based communication services. Why?”

I came up with the following reasons:

Location / Jurisdiction

50 years ago, phone systems were real physical things. There were copper wires running to houses and they connected two pretty static entities: the telephony exchange and the phone jack in your home. Neither side moved. The cable didn’t move either. Both sides were in the same jurisdiction.

A court order to tap a phone line was thus simple. For example: a court in Vienna might have ordered the Austrian PTT to tap my phone line in Vienna and give the Viennese police access. Everything is local. Everything is in the same jurisdiction.

Over the top (OTT) services like WhatsApp or Signal are completely different. As long as all parties have Internet connectivity, the technology of OTTs doesn’t care about geography. More often than not, the OTT operator is in a different country than its users.

Basic internet design

In the old phone network design (and what ISDN tried to bring to the data world), the network provided the service that the end-users wanted. The switches knew that they were transporting audio calls. SMS as a communication tool is also directly a service by the network.

The Internet turned this around: the network itself, the ISPs and the routers that are making up the network, are just very efficient and fast, but rather dumb packet forwarding systems. In theory, they need no knowledge at all about applications that run over the Internet (except for some valid performance optimizations and the wet dreams of product managers ).

The mantra is now: Dumb core, intelligence at the edge.

All the innovation that was unleashed by the Internet comes from this basic idea: Innovations do not happen in the core – where upgrading all devices to support a new application would be slow, but on the side of the devices attached to the network. Tim Berners-Lee didn’t have to get protocol support from routers to start the Web. The end-to-end principle, in combination with the DNS as a generic rendezvous-protocol was enough.

The implication for wiretapping is: The ISP might be able to provide raw network data (pcap), but not decoded application-level information.

Signal and others went a step further: they moved from “end-to-end” communication to “end-to-end encrypted (E2EE)” communication. What does that mean?

Simple chat systems (e.g. IRC, ICQ, Mattermost, …) utilize a central node that receives messages and passes them on to the right client. Modern systems like Signal reduce the central node to the bare minimum of store&forward of opaque data packets. All the security properties are in the client, not the central server. Adding a new device to your account? Another client needs to provide the cryptographic material; the central node does not have the ability.

Forcing the central node to cooperate with LE thus will not get you any readable content.

Services vs. Products

I’ve written about this before in Chat Control vs. File Sharing .

Quick summary: A service gives the law a clear target for regulation and LE a clear contact point for enforcement. But sometimes, a communication network doesn’t need that. Examples are e-mail, the fediverse or Matrix: you can run your own server and then interconnect with all the other servers. There no longer a single entity to target for wiretapping.

Peer-to-peer networking would be the next obvious evolutionary step.

Open vs. Closed Source Software

Both server and client software can be either proprietary software or open source, which leads to interesting consequences for LE access:

Closed source:

• The law can require certain features and can enforce their presence
• That is, if the company behind it is within the jurisdiction
• The EU just opened App-stores to break monopolies, making enforcement harder to do

Open source:

• It’s hard to hide a LEA key-escrow / interface in Open Source Software.
• It’s trivial to recompile the code without those features (and someone in a different jurisdiction will for sure)
• So how do you enforce that people only run server/clients with the LE access feature? Monitor and penalise? (e.g. like driving a car without license plates)
• Will this lead a regime of government-licensed communication software?

Number of services

We’re not in a world of very few communication enablers anymore, there are no more telephony monopolies. There might be 3 to 4 mobile operators per country, but the VoIP space already exploded years ago.

But OTT is next level: Every OTT service can have customers round the globe, and every user can select any of the many global OTT operators.

The hurdle to establish an OTT is very low, too: The availability of Open Source implementations means everybody can just download the code, install if on-premise or in the cloud and have a running communication service a few minutes later. Anyone who is running Nextcloud to host their own files needs just a few clicks to enable Nextcloud Talk . You don’t need to license spectrum; you don’t need to get regulatory approval. Just do it.

Communication (maybe not E2EE) is baked into many applications these days: most multi-user games have a chat feature, Web forums do it, social media platforms usually include one and even Spotify recently launched a chat feature.

Basically: the number of services with which LE needs to deal with went up by multiple orders of magnitude.

The Laws of Mathematics beat the Laws of Humans

In the physical world, “monopoly on violence” by the state can break whatever barrier citizens can erect for their physical protection. There is no safe that the police can’t open. There is no house where the police can’t force their way in.

This is not true for IT systems that use modern cryptography. The “use overwhelming force”-card cannot be played to break open an encrypted disk.

Blast Radius

Law enforcement agencies are full of humans. They make mistakes. They sometimes abuse their power. The technical systems that implement the lawful access are built by humans and will have their share of problems. (see also Salt Typhoon and US telecoms )

We need to think about the damage that will happen when (not if) the system fails.

Old-style legal interceptions on phone networks are limited. If the police in some SE Asian country goes overboard in their wiretaps, that will not affect me here in Austria.

But with OTTs? If said police can convince an OTT service (either centrally or via the clients) to forward cleartext to them, any mistakes on their side can affect my privacy.

Or, if we build a special forensics interface into the secure elements of mobile phone, then the authentication/authorization built into that interface is now part of my own attack surface. Any key leak or vulnerability there instantly destroys the security of millions of devices worldwide.

This is a bit like digital rights management (DRM) or content protection schemes. Remember DVD/CSS? It was a global standard that tried to ensure that only authorized devices could access the unencrypted content of the disks. But once someone recovered the key from a video-player , the game was up: every disk word-wide could be decrypted by everybody.

Thus: the maximum damage that can occur by one single mistake can be much larger now than in previous legal interception cases.