Starting this week German lawyers have to have available a means of electronic communication developed just for them: the special electronic lawyers’ mailbox (besonderes elektronisches Anwaltspostfach or beA). The problem is, the beA is inherently insecure, which is why it seems better to avoid using it. This would include not litigating in a German court, if possible, if there’s a chance the opponent or the court will use the beA in the proceedings. This seems to be all the more indicated where there’s a risk of snoopery and foul play by opponents or third parties, or where the stakes are high – and when aren’t they?
The beA is a communication system under the aegis of the German Federal Bar Association (Bundesrechtsanwaltskammer or BRAK). Its purpose is to enable encrypted electronic communication between lawyers, and between lawyers and German courts or judicial authorities.
In principle, this is a very good idea. No lawyer wants to dodge electronic communication, but as and of itself electronic communication isn’t very secure. This is relevant because lawyers deal with people’s and companies’ know-how, trade secrets, internal affairs, even dirty laundry. The handling of these things by lawyers is privileged, and this is why lawyers are under the strict professional duty to keep their clients’ information confidential and secure.
In other words, there’s a real need for secure, encrypted electronic communication for lawyers. Yet, German lawyers haven’t welcomed the beA with open arms. Their reasons are manifold, some of them have even taken their issues to court. Of course.
Indeed the beA is an error-prone monstrosity conceived by too many amateurs and too few experts. The debate about it has been raging for years in the German legal world, since before it was first launched. There are so many deficiencies, it isn’t funny. But its main flaw is that it isn’t secure. It hasn’t been since its inception. As such, it defeats its main purpose.
Bad Starts, Repeatedly
The beA was first launched in 2016, and a plethora of shortcomings and security flaws surfaced immediately. It simply wasn’t state of the art. As a result, hardly anyone was using it, because why would they.
However, statute decreed 1 January 2018 as the official starting date for the duty to use it, if only passively. Passively means: whatever gets sent to a lawyer’s beA since the starting date is deemed delivered to this lawyer. Think summons, court orders, written pleadings by your opponent’s legal counsel, things like that.
So 1 January 2018 was the day. But as it happened, in late December 2017 the operators switched off the beA. Even more severe defects had surfaced. So severe were these that the operators decided they couldn’t unleash the beA on the (not so) unsuspecting German legal profession.
The details would call for a separate blog or two. I shan’t go into these here. Today I’d like to address a particular, unresolved security issue.
Since 3 September 2018 the beA is back online. Thus, since then the statutory duty of all German lawyers to use it, at least passively, has come into effect. Unfortunately, not all grave security defects have been remedied. The beA is still insecure. By all appearance, this won’t be corrected any time soon.
Here’s what I mean.
Electronic communication with a lawyer needs to be authentic. That is to say, the participants have to be sure someone is really a lawyer – and not someone who just pretends. The beA system tries to achieve this by way of personal signature cards and card readers. Every lawyer must get them. If you make sure really only lawyers get these cards, then this probably ensures authenticity.
Communication is secure when two entities are communicating and no third party is able to listen in. For that they need to communicate in a way not susceptible to eavesdropping or interception.
This is where the encryption of beA communication shows its weakness. And there’s the rub.
Why isn’t this secure?
It isn’t secure because while each message is encrypted with a lawyer’s personal signature, once it reaches the BRAK server it gets decrypted and re-encrypted before it’s sent on to the recipient. Put another way, the beA doesn’t provide for end-to-end encryption between German lawyers and their communication partners. Instead, it works through end-to-middleman encryption, followed by middleman-to-end re-encryption.
Sounds like a bug, but it’s a feature. Officially, this is to allow the forwarding of messages to other authorised persons later. I’m not the only one who asks why there has to be a middleman to do that, but I guess ‘other authorised persons’ is telling. There’s a name for something like this: backdoor.
The Creature That Defeats Its (Official) Purpose
To put it simply: persons officially authorised – whatever this may mean – could gain access to privileged communication between a lawyer and a client. I’m not cool with that.
The beA infrastructure is susceptible to eavesdropping or interception. It’s hard not to see this as an invitation to attempt industrial (or similar kinds of) espionage when one gets the chance. All one needs is the right company in the right legal wrangle.
What to do?
One technical solution would be to run all beA software locally, which means on the devices of the participants alone. Like, how WhatsApp does it. Or Telegram, or Threema, or pretty much every modern messaging application out there. Or, for donkey years now, how Pretty Good Privacy does it.
But that would mean a structural change of the beA, a change of its conception. With a view to the genesis of the beA, it should be clear that this won’t happen so quickly.
Another, behavioural solution is, well, to avoid using the beA, as long as it’s insecure as described. After all, there are other secure means of electronic communication out there.
The Performance of One’s Duty
But aren’t I a German lawyer? Aren’t I under the statutory duty to use the beA at least passively? Yes, I am. Whatever gets sent to my beA is deemed delivered to me. I can’t get around that. No German lawyer can.
My German peers and I must check our beAs, in case someone sends us a message there. Fortunately, there’s an e-mail notification function for that (which awaits field testing though). At the same time we are sworn to confidentiality, not just passively, but actively. We have to make sure our communication with and about clients and their matters is sufficiently secure.
At this time the ironclad solution for German lawyers to comply with all their professionals duties seems to have the beA available, but to avoid using it. This would include not litigating in a German court, if possible, especially if there’s a reason to believe the opponent or the court will use the beA in the proceedings. This seems to be all the more indicated where the stakes are high, where there’s a risk of snoopery and foul play by opponents or third parties.
The Secure Alternative
There is of course a means of resolving a legal dispute where privacy and confidentiality may remain paramount and protected. Where the parties are free to use other, more secure means of communication than the beA. Where they may compel their counsel and the dispute resolvers to do the same. I’m talking, of course, about private arbitration.
I’m sure the people behind the beA didn’t aim to promote arbitration or other methods of alternative dispute resolution when they created the beA. Then again, they didn’t aim for a lot of things to happen.
To arbitrate, the parties to a legal dispute have to agree to do so, either before or after the dispute has arisen. They might be more positive about that now, seeing which ways confidential communication may go through the beA.