Google, Facebook And Chaos Computer Club Join To Fight New German Law Allowing Government Spies And Police To Use Trojans Against Innocent Citizens
from the strange-bedfellows dept
One of the curious aspects of Germany’s surveillance activities is the routine use of so-called “state trojans” — software that is placed surreptitiously on a suspect’s system by the authorities to allow it to be monitored and controlled in real time over the Internet. The big advantage of this approach is that it lets intelligence agencies get around end-to-end encryption without needing backdoors in the code. Instead, the trojan sits at one end of the conversation, outside the encryption, which lets it eavesdrop without any problem. This approach goes back at least a decade, and now seems to be an accepted technique in the country, which is rather surprising given Germany’s unhappy history of state surveillance and control during the previous century. The German government likes state trojans so much it wants to give the option to even more of its services, as Netzpolitik explains (original in German, translation by DeepL):
At the end of each grand coalition’s legislative period, there was always a small fireworks display of further surveillance measures. Unfortunately, you can always bet on that, and this thesis is confirmed this time as well.
The bill to amend the law on the protection of the [German] constitution is about to be passed by the grand coalition [of the CDU/CSU and SPD parties]. This will give all German intelligence services hacking powers and allow them to use state trojans in the future. At the same time, the Federal Police Act will also be passed, which will not only allow the authorities to use state trojans, but will also give them the power to hack people who have not committed a crime or are suspected of having done so.
The new law would require Internet service providers to cooperate actively in installing trojans on their customers’ devices. Such an obligation would radically change and undermine the relationship between Internet suppliers and their customers. It’s such a bad idea that it has managed to bring together the most unlikely bedfellows — including Google, Facebook and the archetypal hacker group Chaos Computer Club. In a joint letter to the German government (original in German, translation by DeepL), they call for:
Not taking any further legal measures that would weaken or break encryption.
In particular, to waive the obligation for companies to cooperate in the reform of the Federal Law on the Protection of the Constitution, which would make companies the extended arm of the intelligence services and significantly jeopardize cybersecurity.
Not to rush the adaptation of the constitutional protection law with the duty to cooperate through the parliamentary procedure, but to involve the business community and civil society. This requires a dialog with citizens, civil society and industry.
In addition, we call on the federal government and the [national parliament] to strengthen encryption to protect private and professional communications in the medium and long term
It’s good to see such a united front against this terrible idea. But the German government’s love of state trojans is probably too ingrained now for an open letter to have much effect.