Austria's Top Court Says Police May Not Install Surveillance Malware On Computers And Phones, Nor Collect Vehicle And Driver Information Covertly
from the serious-interference-in-the-private-sphere dept
One of the features of surveillance in Germany is the routine use of malware to spy on its citizens. The big advantage for the authorities is that this allows them to circumvent end-to-end encryption. By placing spy software on the user’s equipment, the police are able to see messages in an unencrypted form. Austrian police were due to start deploying malware in this way next year. But in a welcome win for digital rights, Austria’s top court has just ruled its use unconstitutional (in German). The Austrian Constitutional Court based its judgment on the European Convention on Human Rights (ECHR — pdf). The Web site of the Austrian national public service broadcaster ORF reported the court as ruling:
“The covert surveillance of the use of computer systems” constitutes a “serious interference” in the private sphere, as protected by the ECHR, and “is in the opinion of the Constitutional Court permitted only within tightly-defined limits in order to protect correspondingly important assets”. [The Constitutional Court’s Vice-President] Grabenwarter acknowledged that innocent third parties may also be affected by other surveillance measures such as CCTV and observation teams. However, the covert infiltration of computer systems involves a “significantly wider impact”.
Austrian police were to have been given the right to install malware as part of a broader “security package” — called a “surveillance package” by its critics — passed by the Austrian parliament last year (in German). Other new powers included the right to break into private homes in order to install malware, and permission to gather covertly information about vehicles and their drivers from automated surveillance systems on roads. Austria’s Constitutional Court has struck down all of those too. Although the ruling only applies within Austria, it means that the use of malware by the police and intelligence agencies in the EU will be supported by fewer national governments than before, making it harder to bring in any new EU laws authorizing their use across the region.