DATA PROTECTION IT Security Comes in From the Cold

Spy scandals and leaks have led to a growing demand for secure communication technology in Germany, resulting in the growth of specialist IT security firms. Now a Munich startup has Apple interested in an app that provides encryption for iPhones.
Secure communications have been a problem for the German government recently.

Germany's Federal Office for Information Security is not an agency that typically rolls out the red carpet for Silicon Valley Internet giants. Many German security officials, in fact, have a notorious aversion to technological innovations from the West Coast, especially when it comes to mobile phones.

After revelations of the U.S. National Security Agency spying on the conversations of Chancellor Merkel, there is increased need and readiness for encryption technology in Germany.

Regardless of what operating system a smart phone uses, the data security agency, known as BSI, considers them all a security risk for German government networks. Google, Apple and Microsoft, according to BSI, are partly to blame for the many “back doors” that hackers can use to access mobile phones — and spy on even the most cautious users.

But now one of the big Internet companies, Apple, is taking a particular interest in German data security. That is largely due to Raoul-Thomas Herborg, founder and chief executive of the Munich security firm, Virtual Solution. He has managed to excite Apple managers about the possibilities for newly developed encryption for iPhones, available since last year on an app.

Managers at Apple and Virtual Solution recently convinced BSI officials in Bonn about the merits of the easy-to-use mobile security technology, which is new to the German market.

“We make iPhones secure by shifting security-relevant operations of the American iOS operating system into the controlled environment of a German smart card,” explained Mr. Herborg.

We make iPhones secure by shifting security-relevant operations of the American iOS operating system into the controlled environment of a German smart card. Raoul-Thomas Herborg, Founder of Virtual Solution

The most sensitive functions – user authentication and encryption of data traffic – are locked away via the smart card, which functions like a safe. Valuable data can only be retrieved by the owner.

In recent weeks, Mr. Herborg has jumped through many hoops and is now doing business with the German government and other federal agencies. The data security office has issued provisional approval for using the technology for a specially secured government network – the Informationsverbund Berlin-Bonn.

SecurePIM, as the product is officially known, is now on the shelves of the federal government store — “the pinnacle we had been striving to reach,” said Mr. Herborg.

Originally, Mr. Herborg was hired by Siemens to secure the iPhones and iPads of its top managers. Now the Munich-based security expert hopes that more companies will provide their managers with Apple equipment. Virtual Solution recently pulled in another order, from public television broadcaster ZDF, which in the future will use iPhones with the new security technology.

Also, the German government has ordered 50 high-security iPhones. In coming weeks, three government ministries will conduct a pilot project to test whether the equipment is truly suitable for sending classified documents via e-mail, in the category “for official use only.”

Even Chancellor Angela Merkel could soon exchange her old “Merkel phone” for a new “Merkel iPhone,” if devices equipped with Virtual Solution security pass this final test.

Virtual Solution is elbowing its way into a market occupied by German companies that offer expensive, tailormade solutions that are considered especially trustworthy. In addition to the state-backed giant Deutsche Telekom, they include Secusmart, a Düsseldorf-based subsidiary of Blackberry, the Canadian tech firm. It provides Blackberry phones secured against espionage to the government, including the chancellor’s current phone.


WTB_Virtual Solutions AG-01-01


Secunet Security Networks in Essen, a subsidiary of Giesecke & Devrient, the banknote and securities printer, sells encryption technology developed for desktop computers, in addition to laptops made by Microsoft and Lenovo.

Another player in the market is Rohde & Schwarz, a Munich-based electronics and cyber-security manufacturer. It developed hardware that can be linked to mobile phones by Bluetooth, to encrypt all incoming and outgoing calls. Top executives at the German Central Bank in Frankfurt use the encryption sticks for especially confidential mobile-phone conversations.

These security systems can cost up to €2,500 per phone ($2,700). Such expense means that ministries and agencies can only afford to secure the phones and computers of a small circle of especially sensitive government workers. Up to now, for example, Secunet has equipped about 6,000 governmental computers with its encryption technology. And Secusmart has sold 4,600 Blackberries to the German government.

Deutsche Telekom, however, has enjoyed less success. Its Simko security equipment is no longer recommended by the BSI and its attempt to set up a subsidiary making secure mobile phones failed. In recent weeks, many employees have switched to Virtual Solution technology.

In the future, federal data security officials are also likely to continue to turn to smaller specialist suppliers — especially if new companies like Virtual Solution offer cheaper solutions.


This article originally appeared in the business magazine WirtschaftsWoche. To contact the author: [email protected]