Germany: Trojans for all

The German Bundestag passed new wiretapping laws for secret services and the Federal Police

In future, German secret services will be able to remotely access private computers or telephones with spy software. They will be allowed to intercept not only ongoing but also „inactive“ communications, i.e. to read out data stored on the devices. This was decided in the Bundestag today with the votes of the ruling coalition of Conservatives (CDU/ CSU) and Socialdemocrats (SPD). The vote was on a „Law on the Adaptation of Legislation on the Protection of the Constitution“, which is intended to facilitate the „reconnaissance of serious threats to our democratic constitutional state“.

Among other things, the law regulates the so-called source telecommunication surveillance („Quellen-TKÜ“). This refers to governmental trojan programmes that can be used for various purposes. In the full version, they enable the reading of the entire hard drive or memory chip of a target device. In the Code of Criminal Procedure, this is called an „online search“, the measure is yet only permitted to police and – as far as is known – used extremely rarely. The more frequently used „source TKÜ“ is the slimmed-down version, according to which only ongoing communication may be recorded. In this way, the authorities want to intercept secure, end-to-end encrypted connections, such as those technically possible with Skype, WhatsApp or Signal.

De facto, the law that has now been passed is a „source TKÜ plus“, as experts, lawyers and other critics call it. Because the downloading of the entire message history by secret services is actually an online search. This is also the argument of numerous companies, associations and organisations, which have addressed the German government in a rare alliance with an open letter before the vote. Among the signatories are Facebook and Google, the German internet providers and JPBerlin, and the Chaos Computer Club. Its spokesman Linus Neumann criticises the law as a „death blow to the relationship of trust“ that should exist between users and providers of secure communication. This is because the law obliges companies to help the authorities wih the injection of state Trojans into ongoing communications.

In addition to the secret services, the Federal Police will also be allowed to make use of the state malware in the future. This was also decided by the Bundestag yesterday with the votes of the CDU, CSU and SPD. According to the renewed Federal Police Act, the authorities can even use trojans against persons who have not yet committed a crime, for example by monitoring the contacts of suspects.

This means that the SPD has also given in on this issue. On Twitter, party leader Saskia Esken had affirmed in February that the Federal Police would not receive the trojan „in any case preventively, i.e. not below the threshold of the Code of Criminal Procedure“. The day before yesterday, she shifted the responsibility away from herself on the short message service and wrote that she was bowing to a „majority“ of her parliamentary group. She considers the use of governmental trojans by secret services to be wrong, but she is open to „effective criminal prosecution“ by the police, which would be facilitated by them. In another tweet, she calls the technology by its name: „malware“.

Image: „Ever kicked in a backdoor?“, Bundespolizei.

Autor: Matthias Monroy

Knowledge worker, activist, editor of the German civil rights journal Bürgerrechte & Polizei/CILIP.