Sounds good, but it's not like it has been passed. It's just a bill<p>>While the bill is still a draft and has not yet passed the German Parliament, there is reason to celebrate: For once politicians want to strengthen encryption, not undermine it.<p>Again, it's just a bill. Is there even any realistic support from German MPs for this bill to get passed? Isn't the German parliament composed of two chambers? Can it pass in both chambers?<p>Also, even if it does get passed, is there some catch? I looked at the bill[1], but I don't understand German, hoping that someone who does can answer that<p>[1]<a href="https://cdn.netzpolitik.org/wp-upload/2024/02/2024-02-07_BMDV_RefE_TTDSAendG.pdf" rel="nofollow">https://cdn.netzpolitik.org/wp-upload/2024/02/2024-02-07_BMD...</a>
> The new law sets a new standard: People should be able to use end-to-end encryption "wherever it is technically possible". In the text it is explained why this clear requirement to cloud providers is necessary: "Although end-to-end encryption is now the industry standard, individual messenger services do not use end-to-end encryption or only use it for certain functions, without this being justified by technical restrictions."<p>It's only mandatory where it's technically possible, Gmail, Instagram, Telegram and others are the ones likely to be affected.
What is the definition of end to end encryption?<p>Is my HTTPS connection end to end encrypted if there’s a CDN terminating and re-establishing TLS at the edge?<p>What if I terminate TLS at the load balancer and clear text to servers in a private subnet?<p>The above wouldn’t be end to end IMO.<p>True end to end IMO means the communication provider is unable to see the contents of the message. Basically public/private key encryption with no middleman.<p>This obviously breaks email spam filtering systems (unless it’s all moved client side, or unless you give Google your key, in which case Google can decrypt your emails, so what’s the point?). Unless we water down the definition of “end to end” to mean between companies rather than user to user.<p>True E2E encryption is difficult when you want to do any processing in the cloud (e.g. Google photos making images searchable - I suppose this is why the Photos app on Mac drives CPU to 100% for a couple days when syncing photos to a new computer, seems like Apple is doing a lot of on-device processing which seems like the opposite direction many other companies are going)
I've had Google Translate translate the draft bill PDF into English:<p><a href="https://f001.backblazeb2.com/file/spiffytech-public/german_e2ee_bill.pdf" rel="nofollow">https://f001.backblazeb2.com/file/spiffytech-public/german_e...</a>
Germany's solution for everything is more regulation. It works wonderfully so far, so this will definitely contribute to further economic growth. Wir schaffen das!<p>Has the term "privacy washing" been coined already?
Isn't it already mandatory as part of GDPR?<p>> the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:<p>(a) the pseudonymisation and encryption of personal data;<p>[1] <a href="https://gdprhub.eu/Article_32_GDPR" rel="nofollow">https://gdprhub.eu/Article_32_GDPR</a>