Spotlight on: State Trojans

In Greek mythology, the horse outside the city of Troy was a wooden gift in whose hull some of the hostile Achaeans had hidden. Unsuspecting inhabitants, certain of victory over the invaders, pulled it in, the Achaeans climbed out at night and opened the gates for trailing troops, who then captured and destroyed Troy.

Today’s so called state trojan does not disguise itself as a gift and is active even when the enemy is awake. Nevertheless, the reference to the myth fits, because the wooden horses used by criminal investigation agencies may be installed „by means of criminalistic cunning“. First, the investigators find out how the software can best be installed: As a clandestine installation via websites that appear unsuspecting, in downloaded files or an attachment sent by e-mail. It is also possible to introduce the tool by breaking into the device, for example during a secret search of a flat or a police check.

The tool then opens the city gates, now called „ports“, on the home computer or mobile phone and downloads further components. In this way, all activities and contents of the device can be routed out. Because this is not desired by the affected user and the user is thus deceived, critics speak of state malware. The German Code of Criminal Procedure calls the measure „online search“.

In 2008, the Federal Constitutional Court ruled that such a „secret infiltration of an information technology system“ deeply interferes with the general right to privacy and is therefore only permissible „if there are actual indications of a concrete danger to a legal interest of paramount importance“. The measure is rarely contained in this way; in 2019, there are said to have been twelve online search orders.

What the police can technically do, they want to do. That is why the federal government came up with the so-called source telecommunication surveillance (Quellen-TKÜ), which might be translated as „source tapping“. The threshold for using such a measure is lowered, but some of the software’s functions are blocked. It is only supposed to extract ongoing activities, including audio signals from the microphone and headset. With screenshots, investigators can also read the end-to-end encryption of communication apps such as Signal, Threema or WhatsApp.

In 2019, the Quellen-TKÜ was ordered in 31 cases with a judicial warrant, but was only carried out successfully every tenth time. The difference points to the problem that making a digital wooden horse is manual work to trick anti-virus software on the targeted device.

After the criminal investigation departments, the Federal Police may now also make use of state trojans. This is regulated by a new version of the Federal Police Act, which the Bundestag passed last Thursday. Not only accused persons and suspects will be wiretapped in this way, but also persons whom the Federal Police merely believe might commit a crime.

On the same day, the black-red majority in the Bundestag allowed all 19 German secret services to conduct a Quellen-TKÜ. In this „Law on the Adaptation of the Law on the Protection of the Constitution“, the boundaries between „small“ and „large“ state trojans are also blurred: on behalf of the secret working agencies, the software is even allowed to read out old messages stored on the devices.

With this, at the latest, the Greek myth no longer fits today’s state malware. After all, once a digital wooden horse has been successfully deployed, no one crawls out of there to press charges, for example, for criminal prosecution. Instead, the state trojan has become an instrument for monitoring dissent.

Image: The Procession of the Trojan Horse in Troy by Giovanni Domenico Tiepolo, Creative Commons.

Autor: Matthias Monroy

Knowledge worker, activist, editor of the German civil rights journal Bürgerrechte & Polizei/CILIP.