Individual Agencies Responsible, Says Chancellery
Justice Minister Sabine Leutheusser-Schnarrenberger, likewise a member of the FDP, has also taken a hard line against the software, suggesting that no further surveillance be undertaken until circumstances can be clarified. In an interview with Spiegel Online on Wednesday she said that Interior Minister Friedrich should order an independent investigation. “We have to show German citizens that this coalition takes the protection of their private sphere seriously,” she said, warning that the use of such spyware could lead to disastrous consequences.
The head of the Pirate Party, which campaigns for Internet freedom and civil rights, also slammed the spyware. “There is no possible way to install a Trojan horse in a way that adheres to legal requirements,” Sebastian Nerz told news agency DAPD. The scandal shows the relevant authorities have “either a certain naivety or the intent to breach the constitution,” he said.
But Chancellor Merkel’s intelligence coordinator Gunter Heiss assigned responsibility for potential illegal use of the software with individual government agencies. “Every authority that uses the programs must customize the software for each individual use, so that it is permitted according to the Federal Constitutional Court,” he told daily Stuttgarter Zeitung. According to Heiss, state criminal investigators do not develop their own surveillance software, but purchase “multi-functional” templates from contractors. “Every spy program is tailored to the system the authorities want to penetrate,” he told the paper. “That means there is not a single Trojan horse that is always used, can do everything, and is thus unlawful.”
The confusion that has accompanied the issue may arise from inadequate legal structures, said Bernhard Witthaut, head of Germany’s largest police union, the GdP. “There must finally be clear, binding rules,” he told daily Passauer Neue Presse, calling on the Justice Ministry to “fill the legal gaps.”
Bavaria Denies Illegal Surveillance
Authorities in the states of Bavaria and Baden-Wurttemberg have admitted to possessing the software, though they have announced they will abstain from using it for the time being, pending review by data protection officials. Hamburg and Brandenburg are also said to be looking into possible usage. North Rhine-Westphalia officials may have also employed the program, sources told Spiegel Online.
The head of Bavaria’s state office of criminal investigation (LKA), Peter Dathe, told daily Suddeutsche Zeitung that his organization had not used the program illegally. “This is not about conducting uncontrolled surveillance of citizens,” he said. “It’s about investigating crimes.”
The spyware in question came to light on Saturday when the CCC announced it had been given hard drives containing a program used by German investigators in at least two states to conduct surveillance of Internet communication. The Trojan horse software, said to be at least three years old, can be secretly installed via e-mail on the computers of suspected criminals, where it can, for example, scan the hard drive.
According to the CCC’s analysis of the spyware, it could also be used to plant files on computers, or even control them from afar. The hacker organization also judged the program to be defective, saying it was insufficiently protected, opening the possibility that a third party could hijack its functions for their own purposes.
Private Company Developed Spyware
If the CCC’s claims are true, then the software has functions which were expressly forbidden by Germany’s highest court, the Federal Constitutional Court, in a landmark February 2008 ruling that significantly restricted what was allowed in terms of online surveillance. The court also specified that online spying was only permissible if there was concrete evidence of danger to individuals or society.
Following the CCC’s release of the program details, it was confirmed that Hessian private software company DigiTask developed the spyware. The company’s lawyer, Winfried Seibert, told Spiegel Online that it was delivered to the Bavarian LKA in November 2008, rejecting the CCC’s assessment that the program was faulty.
“The software was delivered almost three years ago,” he said. “That is light years in the IT industry.” All responsibility for how the spyware is used and whether it conforms to German law rests squarely with state and federal authorities, he added, explaining that investigators ordered special software according to each individual situation, which must be approved by a judge.
“The authorities ensure that this request adheres to this court decision,” Seibert said. “DigiTask can’t and isn’t allowed to review this — a company isn’t allowed to know who is being monitored with the delivered software, or why.”
Intellpuke: This article is a compilation of reporting by Spiegel journalists and various news agencies; you can read it in context here: www.spiegel.de/international/germany/0,1518,791455,00.html
Article source: http://freeinternetpress.com/story/Spyware-Scandal-Merkels-Cabinet-In-Spat-Over-Trojan-Horse-Program-32197.html
View full post on National Cyber Security » Spyware/ Cyber Snooping