European police should access computers and telephones with Trojan programs. Europol is now building up a “decryption platform” in The Hague.
The European Union wants to support the Member States in intercepting telecommunications. Investigators should be able to penetrate private computers or mobile phones to install software to read encrypted messages. This was confirmed by the German Federal Ministry of the Interior (MOI) in response to a question by a Left Party Member of Parliament. The focus is on the police agency Europol, which has been commissioned to set up a “decryption platform”.
Intercepting encrypted messenger and video telephony
Trojans can be smuggled into digital devices using manipulated attachments. In this way, encrypted messages can be read before they are sent or after they have been opened. This works, for example, with e-mails, messenger services such as Whatsapp, Telegram and Signal or video telephony with Skype. The data desired by police or secret services is transferred as a screenshot or text file without the owners noticing. In Germany, a distinction is made between large and small Trojans. A “source telecommunication surveillance” may read only certain programs, while the much less frequently used “online search” accesses the entire computer.
Europol is, according to the German MOI, currently conducting a market survey for such governmental hacking programs. Various manufacturers can present their applications. One of the market leaders is FinFisher from Munich, a company from which the German Federal Criminal Police Office (BKA) ordered a Trojan six years ago. Further Trojan firms are Cellebrite from Israel and Hacking Team from Italy. In the past, the companies themselves have been victims of hacker attacks. Attackers had released the captured software, the Trojans became worthless and had to be reprogrammed.
Authorities might feas introduction of 5G standard
The German MOI now wants to develop hacker programs itself. The new Central Office for Information Technology in the Security Sphere (ZITiS) in Munich, which also cooperates with the German Army, has been commissioned for this. Initially, Trojans were only to be used in Germany to combat terrorism and particularly serious crimes. The threshold for the use of “source telecommunication surveillance” has meanwhile been lowered in many state police laws. The domestic secret service (BfV) is also calling for the measure to be extended. The authority probably fears the introduction of the new 5G standard for mobile telephones, which will thus become tap-proof in general. This new security function could be circumvented with Trojans.
It is unclear whether Europol will also differentiate between Trojans according to their level of intrusion, as in Germany. A paper from Europol, which was discussed in Brussels in November and contains technical details on the “decryption platform”, could bring clarity. According to the law on cooperation in European Union matters (EUZBBG), the Federal Government is obliged to hand it over to the Bundestag. According to the MOI, however, the document would only be distributed to “experts”. In Germany, these are the Trojan authorities at the BKA and ZITiS.
19 new posts for Europol
Europol will probably not use Trojans itself, but will make the programs available to the member states within the framework of the “decryption platform” and advise them on their application. The police agency will also be responsible for decrypting digital devices. Authorities from the Member States can send hard disks, confiscated mobile phones or other storage media to The Hague. There they are read out forensically using commercially available technology.
For these new capabilities, Europol received 5 million euros and 19 new posts from the EU Commission. The EU is making half a million euros available to the member states for the training of “experts”. National competence centres” are now to be set up there. Europol is to coordinate these hacker authorities.
Image: Hooked (jev55, CC BY-NC 2.0)