Start­ing this week Ger­man law­yers have to have avail­able a means of elec­tron­ic com­mu­nic­a­tion developed just for them: the spe­cial elec­tron­ic law­yers’ mail­box (beson­deres elektron­isches Anwalt­s­post­fach or beA). The prob­lem is, the beA is inher­ently insec­ure, which is why it seems bet­ter to avoid using it. This would include not lit­ig­at­ing in a Ger­man court, if pos­sible, if there’s a chance the oppon­ent or the court will use the beA in the pro­ceed­ings. This seems to be all the more indic­ated where there’s a risk of snoopery and foul play by oppon­ents or third parties, or where the stakes are high – and when aren’t they?

My beA card
One Card to Bring Them All and in the Dark­ness Bind Them

The beA is a com­mu­nic­a­tion sys­tem under the aegis of the Ger­man Fed­er­al Bar Asso­ci­ation (Bundes­recht­san­walt­skam­mer or BRAK). Its pur­pose is to enable encryp­ted elec­tron­ic com­mu­nic­a­tion between law­yers, and between law­yers and Ger­man courts or judi­cial author­it­ies.

In prin­ciple, this is a very good idea. No law­yer wants to dodge elec­tron­ic com­mu­nic­a­tion, but as and of itself elec­tron­ic com­mu­nic­a­tion isn’t very secure. This is rel­ev­ant because law­yers deal with people’s and com­pan­ies’ know-how, trade secrets, intern­al affairs, even dirty laun­dry. The hand­ling of these things by law­yers is priv­ileged, and this is why law­yers are under the strict pro­fes­sion­al duty to keep their cli­ents’ inform­a­tion con­fid­en­tial and secure.

In oth­er words, there’s a real need for secure, encryp­ted elec­tron­ic com­mu­nic­a­tion for law­yers. Yet, Ger­man law­yers haven’t wel­comed the beA with open arms. Their reas­ons are man­i­fold, some col­leagues have even taken their issues to court. Of course.

Indeed the beA is an error-prone mon­stros­ity con­ceived by too many ama­teurs and too few experts. The debate about it has been raging in the Ger­man leg­al world for years, since before it was first launched. There are so many defi­cien­cies, it’s not funny. But its main flaw is that it isn’t secure. It hasn’t been since its incep­tion. As such, it defeats its main pur­pose.

Bad Starts, Repeatedly

The beA was first launched in 2016, and a pleth­ora of short­com­ings and secur­ity flaws sur­faced imme­di­ately. It simply wasn’t state of the art. As a res­ult, hardly any­one was using it, because why would they.

How­ever, stat­ute decreed 1 Janu­ary 2018 as the offi­cial start­ing date for the duty to use it, if only pass­ively. Pass­ively means: whatever gets sent to a lawyer’s beA since the start­ing date has to be taken note of by this law­yer. Think sum­mons, court orders, writ­ten plead­ings by your opponent’s leg­al coun­sel, things like that.

So 1 Janu­ary 2018 was the day. But as it happened, in late Decem­ber 2017 the oper­at­ors switched off the beA. Even more severe defects had sur­faced. So severe were these that the oper­at­ors decided they couldn’t unleash the beA on the (not so) unsus­pect­ing Ger­man leg­al pro­fes­sion.

The details would call for a sep­ar­ate blog or two. I shan’t go into these here. Today I’d like to address a par­tic­u­lar, unre­solved secur­ity issue.

Because since 3 Septem­ber 2018 the beA is back online. Thus, since then the stat­utory duty of all Ger­man law­yers to use it, at least pass­ively, has come into effect. But unfor­tu­nately, not all grave secur­ity defects have been remedied. As I said, the beA is still insec­ure. By all appear­ance, this won’t be cor­rec­ted any time soon.

Here’s what I mean.

Insecure Communication

Elec­tron­ic com­mu­nic­a­tion with a law­yer needs to be secure. Com­mu­nic­a­tion is secure when two entit­ies are com­mu­nic­at­ing and no third party is able to listen in. For that they need to com­mu­nic­ate in a way not sus­cept­ible to eaves­drop­ping or inter­cep­tion.

This is where the encryp­tion of beA com­mu­nic­a­tion shows its weak­ness. There’s the rub.

The beA runs as a web applic­a­tion based on Java­script. The applic­a­tion loads to the loc­al PC of the law­yer from a serv­er of the Ger­man Fed­er­al Bar Asso­ci­ation (BRAK serv­er). Then it com­mu­nic­ates with the cli­ent soft­ware which the law­yer must install on his loc­al PC. Iron­ic­ally, the name of this soft­ware is Cli­ent Secur­ity.

Why isn’t this secure?

It isn’t secure because while each mes­sage is encryp­ted with a lawyer’s per­son­al sig­na­ture, once it reaches the BRAK serv­er it gets decryp­ted and re-encryp­ted before it’s sent on to the recip­i­ent. Put anoth­er way, the beA doesn’t provide for end-to-end encryp­tion between Ger­man law­yers and their com­mu­nic­a­tion part­ners. Instead, it works through end-to-middle­man encryp­tion, fol­lowed by middle­man-to-end re-encryp­tion.

Sounds like a bug, but it’s a fea­ture. Offi­cially, this is to allow the for­ward­ing of mes­sages to oth­er author­ised per­sons later. I’m not the only one who asks why we need a middle­man for that, but I guess ‘oth­er author­ised per­sons’ is telling. There’s a name for some­thing like this: back­door.

The Creature That Defeats Its (Official) Purpose

To put it simply: per­sons offi­cially author­ised – whatever this may mean – could gain access to priv­ileged com­mu­nic­a­tion between a law­yer and a cli­ent. I’m not cool with that.

In addi­tion, someone with unau­thor­ised access to the BRAK serv­er could alter the Java­script web applic­a­tion which com­mu­nic­ates with a lawyer’s Cli­ent Secur­ity. For example, the applic­a­tion could be mod­i­fied so that it for­wards mes­sages to third parties as soon as they were decryp­ted. This wouldn’t be access through the back­door, this would be a hack, per­haps even from inside. The thing is, we have reas­ons to ques­tion the Ger­man Fed­er­al Bar Association’s abil­ity to secure its IT infra­struc­ture against that.

The beA infra­struc­ture is sus­cept­ible to eaves­drop­ping or inter­cep­tion. It’s hard not to see this as an invit­a­tion to attempt indus­tri­al (or sim­il­ar kinds of) espi­on­age when one gets the chance. All one needs is the right com­pany in the right leg­al wrangle.

What to Do?

One tech­nic­al solu­tion would be to run all beA soft­ware loc­ally, which means on the devices of the par­ti­cipants alone. Like, how What­s­App does it. Or Tele­gram, or Threema, or pretty much every mod­ern mes­saging applic­a­tion out there. Or, for don­key’s years now, how PGP does it with e‑mail. Yes, e‑mail, that old Inter­net work­horse.

But that would mean a struc­tur­al change of the beA, a change of its con­cep­tion. With a view to the gen­es­is of the beA, it should be clear that this won’t hap­pen so quickly.

Anoth­er, beha­vi­our­al solu­tion is, well, to avoid using the beA, as long as it’s insec­ure as described. After all, there are oth­er secure means of elec­tron­ic com­mu­nic­a­tion out there.

The Performance of One’s Duty

But aren’t I a Ger­man law­yer? Aren’t I under the stat­utory duty to use the beA at least pass­ively? Yes, I am. I need to take note of whatever gets sent to my beA. I can’t get around that. No Ger­man law­yer can.

My Ger­man peers and I must check our beAs, in case someone sends us a mes­sage there. For­tu­nately, there’s an e‑mail noti­fic­a­tion func­tion for that (which awaits field test­ing though). At the same time we are sworn to con­fid­en­ti­al­ity, not just pass­ively, but act­ively. We have to make sure our com­mu­nic­a­tion with and about cli­ents and their mat­ters is suf­fi­ciently secure.

At this time the iron­clad solu­tion for Ger­man law­yers to com­ply with all their pro­fes­sion­als duties seems to have the beA avail­able, but to avoid using it. This would include not lit­ig­at­ing in a Ger­man court, if pos­sible, espe­cially if theres a reas­on to believe the oppon­ent or the court will use the beA in the pro­ceed­ings. This seems to be all the more indic­ated where the stakes are high, where there’s a risk of snoopery and foul play by oppon­ents or third parties.

The Secure Alternative

There is of course a means of resolv­ing a leg­al dis­pute where pri­vacy and con­fid­en­ti­al­ity may remain para­mount and pro­tec­ted. Where the parties are free to use oth­er, more secure means of com­mu­nic­a­tion than the beA. Where they may com­pel their coun­sel and the dis­pute resolv­ers to do the same. I’m talk­ing, of course, about private arbit­ra­tion.

I’m sure the people behind the beA didn’t aim to pro­mote arbit­ra­tion or oth­er meth­ods of altern­at­ive dis­pute res­ol­u­tion when they cre­ated the beA. Then again, they didn’t aim for a lot of things to hap­pen.

To arbit­rate, the parties to a leg­al dis­pute have to agree to do so, either before or after the dis­pute has aris­en. They might be more pos­it­ive about that now, see­ing which ways con­fid­en­tial com­mu­nic­a­tion may go through the beA.