According to a new concept, federal authorities are to be given hacking powers, with the Ukraine war cited as the reason
The Federal Office for Information Security (BSI) in Bonn is the German government’s top authority for digital information security issues in the state, economy and society. Details are set out in a BSI law that was last amended by the Bundestag a year ago. With around 800 new posts and so-called „honeypots“ and „sinkholes,“ it is now allowed to lure cyber attackers and send them back manipulated information. Now more competencies are to follow and the Constitution is to be amended for this purpose, according to a concept presented today by the Federal Minister of the Interior Nancy Faeser (Social Democratic Party), who formally supervises the agency.
Accordingly, the BSI is to be given powers to prevent threats. This would allow it to „act on IT infrastructures that are being used for an attack.“ Servers from which attackers operate could then be shut down in a targeted manner. However, Faeser believes that this would not be an „aggressive counterattack“. But the German hacker authority ZITiS will also to be strengthened according to the concept and receive its own law. „German interior minister cybers the Constitution“ weiterlesen
The EU police agency has completely restructured its information systems. German authorities are by far the main users for storage and query. Through a parliamentary question, the successor of Palantir software at Europol is now known.
The European Police Agency in The Hague has various databases, the largest of which is the centralised „Europol Information System“ (EIS). There, police forces of member states put suspects, convicts or „potential“ future criminals when the offences in question fall within Europol’s remit. These include serious or organised crime and terrorism.
For this, personal data, national insurance numbers and telephone numbers, e-mail or IP addresses, evidence can be stored in the EIS, including searchable facial images, non-coding DNA data and fingerprints. The member States retain ownership of the data they transfer, national authorities can determine the purpose for which it is used and set restrictions. „Information systems at Europol: Fishing the „data lake“ with a new dragnet“ weiterlesen
With the temporary exception of the Federal Police, all German police agencies and secret services are now allowed to hack into computers and telephones. This is an extremely deep invasion of privacy
On 10 June, the Bundestag massively expanded the use of state trojan horse programmes. A bill on the „adaptation of the law on the protection of the constitution“ was put to the vote, which the MPs adopted with 355 votes of the ruling coalition factions CDU/CSU and SPD. According to the bill, the domestic intelligence service will now also be allowed to penetrate foreign computer systems with the help of spy software. The parliamentary groups DIE LINKE, FDP, Bündnis90/Die Grünen and AfD voted against; the SPD voted five against and three abstained.
The bill „to modernise the legal basis of the Federal Police“ was also passed by the CDU/CSU and SPD against the votes of the opposition. This would have allowed the Federal Police to infiltrate computers and mobile phones, just like the Office for the Protection of the Constitution, without the persons concerned having to have committed a crime. A week ago, the upper house (Bundesrat) overturned this new law for various reasons, so the next federal government will have to deal with it again. The renewed Constitutional Protection Act, on the other hand, remains valid. „Germany: The state hacks along“ weiterlesen
European police authorities are invited to submit proposals for the development of an interception platform. Authorities from third countries can also participate in the research project. Several German initiatives, including those of the domestic secret service, served as door openers.
The EU Commission announces new efforts to break end-to-end encrypted communications. This is according to the work programme of the Horizon 2020 research framework programme, which proposes numerous new projects in the area of „Civil Security for Society“ for the next two years. According to this, the Commission wants to spend five million euros on a platform for penetrating encrypted telephony.
The focus is on intercepting connections of the fifth mobile phone generation, which makes encrypted and anonymised connections technically possible. The project in the research line „Fighting crime and terrorism“ is therefore entitled „Lawful interception using new and emerging technologies (5G & beyond, quantum computing and encryption)“. „Security research: EU Commission to fund technology to decrypt 5G connections“ weiterlesen
The EU police agency will soon receive a new regulation that will allow sensitive personal data to be used for research purposes. Corresponding projects are already underway. As early as next year, the EU border agency wants to use an AI-based lie detector for immigration control.
The European police agency Europol has existed in The Hague since 1999. Its tasks include the storage and processing of data generated in the course of police investigations. Europol has set up a comprehensive Europol Information System (EIS) for this purpose, which currently contains around 1.3 million objects and 250,000 persons. It is filled by police forces from EU member states using a „data loader“ in an automated procedure. In addition, the agency operates files on various crime areas in so-called analysis projects, including, for example, terrorism, organised crime, cybercrime or drug-related crime.
Europol is only competent if a crime that has been committed or is suspected of being committed affects two or more member states. In this case, however, the agency may also process information on contact persons, witnesses or victims of a crime. This data is processed by a software that searches for so-called cross-matches. Europol hopes that this search for connections between crimes or perpetrators will lead to new investigative approaches. „Predicting crime and profiling: Europol and Frontex turn to artificial intelligence“ weiterlesen
The Berlin police fail to crack the mobile phone and laptop of a neo-Nazi. This is stated in the final report of the investigation team on arson and spraying in the Neukölln district. Federal authorities and companies have also chipped their teeth at the devices.
The investigation of a right-wing series of attacks in Berlin is made considerably more difficult by the encryption of devices that the police confiscated from suspects. This is stated in the final report of the „Fokus“ investigation team. Accordingly, the police have asked several official and private agencies for help with decryption, each time unsuccessfully. The classified report has 72 pages, in a much shorter open version the explanations on digital forensics are missing. There is only a footnote stating that „work continues on the decryption of two encrypted devices of a suspect“.
For several years left-wing activists and projects in the Berlin district of Neukölln have been plagued by arson and spraying, while three members of the right-wing scene known to the police are suspected. Because the police were slow in investigating, Senator of the Interior Andreas Geisel (SPD) set up the „Fokus“ investigation team over a year ago. „Independent“ police officers were supposed to check the work of their colleagues. However, there is still no new evidence against the three main suspects Sebastian T., Tilo P. and Julian B. after the end of the new investigation. „Right-wing attacks: German Police and Europol cannot decrypt suspects‘ devices“ weiterlesen
Procedures according to §§ 100 of the Code of Criminal Procedure (StPO) to determine the whereabouts and identification of mobile phones in Germany
In addition to telecommunications surveillance (§ 100a StPO) and online searches (§ 100b StPO), German police authorities use technical means within the framework of §§ 100 StPO to determine the location of mobile phones. These include the so-called „silent SMS“, IMSI-Catcher and cell site analysis. Customs and the secret services are also partially authorised to perform these tasks. Six-monthly parliamentary inquiries in the Bundestag document that the number of measures for federal authorities has remained at about the same level in recent years. According to the figures of individual states, the investigative methods under Sections 100 of the Code of Criminal Procedure are in some cases used much more frequently there than by federal authorities. Some measures for the localisation of telephone owners are in a grey area and have led to legal adjustments. A ruling by the Federal Court of Justice last year could be the reason why the figures for „silent SMS“ have suddenly fallen sharply. Some federal states are currently merging into „Joint Competence and Service Centres“ in the field of police telecommunications surveillance (GKDZ), which are being set up in Hamburg and Leipzig/Dresden. It is possible that with these centralised GKDZs, the number of measures for telecommunications surveillance within the framework of §§ 100 StPO will increase further. „The tracking bug in your pocket: Mobile phone surveillance in Germany“ weiterlesen
5G telephony makes communication more secure. Connections, subscriber and device identifiers are partly encrypted, also conventional IMSI catchers become useless. Providers could therefore be forced to install new surveillance technology.
With Multi-Access Edge Computing (MEC), the fifth mobile phone generation (5G) decomposes the transmission of telephone calls into individual stages and and encrypts them. Telecommunications providers no longer process the traffic centrally, but via various network edges. The metadata and content is only decrypted at these decentralized nodes.
That means that with 5G telephony, communication becomes much more secure. This poses a problem for police forces and secret services. „Surveillance of 5G: Governments plan to change laws“ weiterlesen
European police should access computers and telephones with Trojan programs. Europol is now building up a „decryption platform“ in The Hague.
The European Union wants to support the Member States in intercepting telecommunications. Investigators should be able to penetrate private computers or mobile phones to install software to read encrypted messages. This was confirmed by the German Federal Ministry of the Interior (MOI) in response to a question by a Left Party Member of Parliament. The focus is on the police agency Europol, which has been commissioned to set up a „decryption platform“. „Europol to coordinate hacking authorities in Member States“ weiterlesen
The European Union intends to simplify investigative authorities’ access to encrypted content. This emerged from the replies to a questionnaire that was circulated to all Member States by the Slovak Presidency of the EU Council. After a “reflection process”, efforts in this area are, according to the summary of the replies, intended to give rise to a framework for cooperation with Internet providers. It remains unclear whether this will take the form ofa recommendation, regulation or directive.
The replies to the questionnaire are now being examined by the Friends of the Presidency Group on Cyber Issues (FoP Cyber), which also held discussions on “increasing tendencies to exploit encrypted communication in order to hide criminal activities, identities and crime scenes”. Those taking part included the European External Action Service, the European Defence Agency and other EU institutions. FoP Cyber’s recommendations will then be addressed at the meeting of the next Justice and Home Affairs Council in Brussels. „New EU network of judicial authorities to combat the “challenges stemming from encryption”“ weiterlesen