German Spyware Scandal Raises Questions on Limits of Government

A scandal surrounding spy software used by German authorities has sparked a debate about digital privacy and the limits of government to spy on its citizens.

The revelations by a well-known German hacker organization on Oct. 8 caused an uproar in Germany. The Chaos Computer Club (CCC) revealed that a program used by German law enforcement agencies breached the limits set by the German Constitution for lawful surveillance.

The German Constitution allows police and intelligence agencies with a court warrant to carry out so-called “source wiretapping” of Internet telephony by secretly installing a software program on a suspect’s computer.

To avoid violation of the suspect’s privacy, the court requires the malware used to be limited in its functionality.

However, the CCC analysis discovered that the spyware—dubbed Federal Trojan—can be misused and can extend beyond beyond eavesdropping on phone conversations. The software allows programs to be installed, screenshots to be saved, and hardware to be remotely controlled, such as a webcam.

The hacker group alleged in an online statement, “Functions clearly intended for breaking the law were implemented in this malware.” In addition, due to poor programming, the Trojan software creates further security gaps for the target computer so that third parties can use it.

The scandal has sparked political and legal consequences in Germany.

Germany’s Justice Minister Sabine Leutheusser-Schnarrenberger of the Free Democrats declared on Oct. 11 that her ministry had not authorized the software and promised an investigation into the matter.

“The citizen, in both the public and private spheres, must be protected from snooping through strict state control mechanisms,” she said, according to German Tribune.

During the parliamentary inquiry that ensued, Germany’s Federal Crime Police Office (BKA), maintained this week that the agency had employed a different kind of spy software whose functionality is limited to wiretapping, Deutsche Welle reported.

However, authorities in several German states admitted employing the spy software in individual cases. Bavaria’s Interior Minister Joachim Herrmann, while claiming that it was used lawfully, announced a review of the spyware, according to local media.

The Pirate Party, a young party specialized in data privacy protection, in a news release called the spy software a “targeted attack on the German Constitution.”

Meanwhile, the Bavarian section of the Pirates, together with other groups, has filed a lawsuit against Bavarian authorities implicated in using the Trojan software in the state.

Germany’s constitutional court ruled in 2008 that precautions needed to be taken to “avoid interference with the absolutely protected core area of private life.” The CCC and other groups argue that, since users may have an electronic diary on their computers, its contents must be considered a protected area.

The newspaper Frankfurter Allgemeine Zeitung believes that due to these revelations, “The basic confidence that surveillance powers … are used with restraint is effectively destroyed … since technological gray areas repeatedly lead to a violation of constitutional rights.”

Consequently, civil rights and data protection groups across Germany are demanding a clearer legal definition of the digital privacy sphere and what is permitted so that citizens can be more effectively protected from illegal intrusion through law enforcement agencies.

Since the boundary has proven to be nonexistent between court-sanctioned wiretapping and the violation of personal privacy, these groups argue that police and intelligence must be placed under stricter oversight.

Data protection is a sensitive issue in Germany, largely because of the experience of two dictatorships in the 20th century under which state authorities grossly violated citizens’ privacy. The infamous Stasi, East Germany’s secret police, for example, created more than 6 million intelligence files on the activities of its citizens.

Article source: http://www.theepochtimes.com/n2/world/german-spyware-scandal-raises-questions-on-limits-of-government-63125.html

View full post on National Cyber Security » Spyware/ Cyber Snooping