Google, Facebook And Chaos Computer Club Join To Fight New German Law Allowing Government Spies And Police To Use Trojans Against Innocent Citizens

from the strange-bedfellows dept

One of the curious aspects of Germany's surveillance activities is the routine use of so-called "state trojans" -- software that is placed surreptitiously on a suspect's system by the authorities to allow it to be monitored and controlled in real time over the Internet. The big advantage of this approach is that it lets intelligence agencies get around end-to-end encryption without needing backdoors in the code. Instead, the trojan sits at one end of the conversation, outside the encryption, which lets it eavesdrop without any problem. This approach goes back at least a decade, and now seems to be an accepted technique in the country, which is rather surprising given Germany's unhappy history of state surveillance and control during the previous century. The German government likes state trojans so much it wants to give the option to even more of its services, as Netzpolitik explains (original in German, translation by DeepL):

At the end of each grand coalition's legislative period, there was always a small fireworks display of further surveillance measures. Unfortunately, you can always bet on that, and this thesis is confirmed this time as well.

The bill to amend the law on the protection of the [German] constitution is about to be passed by the grand coalition [of the CDU/CSU and SPD parties]. This will give all German intelligence services hacking powers and allow them to use state trojans in the future. At the same time, the Federal Police Act will also be passed, which will not only allow the authorities to use state trojans, but will also give them the power to hack people who have not committed a crime or are suspected of having done so.

The new law would require Internet service providers to cooperate actively in installing trojans on their customers' devices. Such an obligation would radically change and undermine the relationship between Internet suppliers and their customers. It's such a bad idea that it has managed to bring together the most unlikely bedfellows -- including Google, Facebook and the archetypal hacker group Chaos Computer Club. In a joint letter to the German government (original in German, translation by DeepL), they call for:

Not taking any further legal measures that would weaken or break encryption.

In particular, to waive the obligation for companies to cooperate in the reform of the Federal Law on the Protection of the Constitution, which would make companies the extended arm of the intelligence services and significantly jeopardize cybersecurity.

Not to rush the adaptation of the constitutional protection law with the duty to cooperate through the parliamentary procedure, but to involve the business community and civil society. This requires a dialog with citizens, civil society and industry.

In addition, we call on the federal government and the [national parliament] to strengthen encryption to protect private and professional communications in the medium and long term

It's good to see such a united front against this terrible idea. But the German government's love of state trojans is probably too ingrained now for an open letter to have much effect.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: federal police act, germany, hacking, surveillance, trojans, wiretap
Companies: ccc, facebook, google


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Khym Chanur (profile), 4 Jun 2021 @ 4:19am

    also give them the power to hack people who have not committed a crime or are suspected of having done so.

    I really want to know what the stated rationale for this is. The rationales I can guess at involve the the (suspected) criminal having good enough computer security practices to avoid getting infected by the trojan:

    • The criminal is engaged in online communications with their victims (e.g., some sort of scam) and the authorities somehow know who the victims are despite not being able to hack the criminal's devices. This would allow the authorities to collect evidence without having to turn the victims into informants.
    • Install the trojan on the devices of non-criminal associates of the suspect in order to capture communication from the suspect. For instance, if they know that the suspect is going to be at their niece's birthday party at 2 PM on Tuesday, that's the perfect time for them to execute a search warrant on their home.

    There's other reasons I can think of for why a govt would want to do this, but none that they'd want to admit to.

    reply to this | link to this | view in chronology ]

  • identicon
    PatrickH, 4 Jun 2021 @ 4:20am

    They publicly worry about the NSA and Facebook etc violating their privacy while increasing their own surveillance powers....interesting.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jun 2021 @ 5:23am

    Who wants to bet the German spooks are already hacking everyone and everything they physically can and will continue to do so authorized or not? Just like other countries.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jun 2021 @ 5:28am

    https://www.ccc.de/en/updates/2021/offener-brief-alle-gegen-noch-mehr-staatstrojaner

    here is the original english version straight from the CCC itself. except for the seo-URL itself it's english.

    DeepL does a good job, but I truly prefer the direct source :-)

    (ccc.de > click on "English" in left side bar)

    reply to this | link to this | view in chronology ]

    • identicon
      Pizuz, 4 Jun 2021 @ 11:03pm

      Re:

      I second that. Especially the mangled translation of „Verfassungsschutzrecht“ to „law of the protection of the constitution“ is factually wrong, since the „Verfassungsschutz“ is an intelligence agency.

      reply to this | link to this | view in chronology ]

  • identicon
    Anon, 4 Jun 2021 @ 6:43am

    How?

    Isn't this precisely the sort of thing that AV software is supposed to note and disarm?

    Do they have tricks that bypass anti-virus detection? By now, presumably, these tricks are also known to non-state actors. Plus, if AV software makers are not keeping up on this - well, they have one job... just one job - to detect these sorts of things.

    reply to this | link to this | view in chronology ]

    • icon
      Scary Devil Monastery (profile), 7 Jun 2021 @ 1:58am

      Re: How?

      "Isn't this precisely the sort of thing that AV software is supposed to note and disarm? "

      It is indeed. It'll only work if all AV manufacturers are forced to add these government hacks to their whitelists.

      And for the likely result of that if refer to you the Wcry virus which leaked right out of the NSA toolbox.

      reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 4 Jun 2021 @ 7:16am

    I keep hearing about Trojans. Maybe if they used a different brand...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jun 2021 @ 7:59am

    Re:

    Fuck off with your spam, bot!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jun 2021 @ 9:32am

    and we thought the SS and Gestapo were no longer in existence! just goes to show but then, surveillance is the be-all and end-all in the USA now, so they're getting plenty of lessons from us on what to do and how! and i dont recall about many cases against the USA security forces or governments, let alone any wins. so much for 'land of the free'! only when you can get away with it!

    reply to this | link to this | view in chronology ]

  • identicon
    AnonyOps, 4 Jun 2021 @ 6:10pm

    Does this mean they can circumvent your firewall and put anything incriminating on your computer for entrapment?

    Does this mean they can then rope you into being an criminal informant under duress of prosecution of said incriminating evidence?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Jun 2021 @ 10:13pm

      Re:

      There are programs you can use out there that can securely wipe a hard disk where nothing can be recocered.

      if they try his, many of these anti-forensic tools will see increased sales.

      No evidence - no case

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jun 2021 @ 10:22pm

    And how long until anti virus companies start adding those trojans to their list and eliminating them when their products are run.

    Because none of the anti-virus companies are in Germany, the German government cannot stop from from adding those trojans to their lists.

    reply to this | link to this | view in chronology ]

    • icon
      Khym Chanur (profile), 5 Jun 2021 @ 2:41am

      Re:

      The German govt could ban such AV software from being sold in Germany. Even if the AV companies took the high road and refused to cave, the govt could make it illegal to use/own AV software which can remove their trojans.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Jun 2021 @ 1:49pm

        Re: Re:

        Symantec, Norton, and MaAfee are alll US based companies.

        They could continue to sell their products as a download

        As American companies, they are not subject to German laws.

        As long as they are not breaking US laws, German laws do not apply to US companies

        reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 6 Jun 2021 @ 12:48am

        'You can't close your windows, we're looking in through them!'

        The response and justification for that would be interesting and really counter-productive as they'd have to give some reason to ban an anti-virus program and it would be really easy for the company to tell people the real reason if the german government tried to lie, and on top of that if someone's already planning on illegal activity such that being spied upon would be problematic it's not like they're going to give a damn that owning the programs are illegal anyway.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 6 Jun 2021 @ 1:15pm

          Re: 'You can't close your windows, we're looking in through them

          Liek I said, American anti virus companies do not have to follow German laws, as Germany law does not apply in the United States

          reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 6 Jun 2021 @ 12:55am

    'The problem wasn't the act but that WE weren't doing it.'

    This approach goes back at least a decade, and now seems to be an accepted technique in the country, which is rather surprising given Germany's unhappy history of state surveillance and control during the previous century.

    Sounds like they learned exactly the wrong lesson from their county's history as rather than seeing that that sort of power isn't something that anyone should have and has some serious repercussions they've apparently decided that historical german governments were on to something and there's nothing wrong with the government being able to kick that pesky 'privacy' to the curb

    reply to this | link to this | view in chronology ]

  • identicon
    TheDumberHalf, 7 Jun 2021 @ 12:58pm

    Virus-Virus

    So when does it become illegal to safeguard yourself against attacks? German's are going to learn they are easy targets.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Jun 2021 @ 9:12pm

      Re: Virus-Virus

      US Antivirus companies can continue to sell to Germany via download no matter what.

      German does not apply to American companies

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Advertisment

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.