Google, Facebook And Chaos Computer Club Join To Fight New German Law Allowing Government Spies And Police To Use Trojans Against Innocent Citizens

from the strange-bedfellows dept

One of the curious aspects of Germany’s surveillance activities is the routine use of so-called “state trojans” — software that is placed surreptitiously on a suspect’s system by the authorities to allow it to be monitored and controlled in real time over the Internet. The big advantage of this approach is that it lets intelligence agencies get around end-to-end encryption without needing backdoors in the code. Instead, the trojan sits at one end of the conversation, outside the encryption, which lets it eavesdrop without any problem. This approach goes back at least a decade, and now seems to be an accepted technique in the country, which is rather surprising given Germany’s unhappy history of state surveillance and control during the previous century. The German government likes state trojans so much it wants to give the option to even more of its services, as Netzpolitik explains (original in German, translation by DeepL):

At the end of each grand coalition’s legislative period, there was always a small fireworks display of further surveillance measures. Unfortunately, you can always bet on that, and this thesis is confirmed this time as well.

The bill to amend the law on the protection of the [German] constitution is about to be passed by the grand coalition [of the CDU/CSU and SPD parties]. This will give all German intelligence services hacking powers and allow them to use state trojans in the future. At the same time, the Federal Police Act will also be passed, which will not only allow the authorities to use state trojans, but will also give them the power to hack people who have not committed a crime or are suspected of having done so.

The new law would require Internet service providers to cooperate actively in installing trojans on their customers’ devices. Such an obligation would radically change and undermine the relationship between Internet suppliers and their customers. It’s such a bad idea that it has managed to bring together the most unlikely bedfellows — including Google, Facebook and the archetypal hacker group Chaos Computer Club. In a joint letter to the German government (original in German, translation by DeepL), they call for:

Not taking any further legal measures that would weaken or break encryption.

In particular, to waive the obligation for companies to cooperate in the reform of the Federal Law on the Protection of the Constitution, which would make companies the extended arm of the intelligence services and significantly jeopardize cybersecurity.

Not to rush the adaptation of the constitutional protection law with the duty to cooperate through the parliamentary procedure, but to involve the business community and civil society. This requires a dialog with citizens, civil society and industry.

In addition, we call on the federal government and the [national parliament] to strengthen encryption to protect private and professional communications in the medium and long term

It’s good to see such a united front against this terrible idea. But the German government’s love of state trojans is probably too ingrained now for an open letter to have much effect.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Filed Under: , , , , ,
Companies: ccc, facebook, google

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Google, Facebook And Chaos Computer Club Join To Fight New German Law Allowing Government Spies And Police To Use Trojans Against Innocent Citizens”

Subscribe: RSS Leave a comment
21 Comments
Khym Chanursays:

also give them the power to hack people who have not committed a crime or are suspected of having done so.

I really want to know what the stated rationale for this is. The rationales I can guess at involve the the (suspected) criminal having good enough computer security practices to avoid getting infected by the trojan:

  • The criminal is engaged in online communications with their victims (e.g., some sort of scam) and the authorities somehow know who the victims are despite not being able to hack the criminal’s devices. This would allow the authorities to collect evidence without having to turn the victims into informants.
  • Install the trojan on the devices of non-criminal associates of the suspect in order to capture communication from the suspect. For instance, if they know that the suspect is going to be at their niece’s birthday party at 2 PM on Tuesday, that’s the perfect time for them to execute a search warrant on their home.

There’s other reasons I can think of for why a govt would want to do this, but none that they’d want to admit to.

Anonsays:

How?

Isn’t this precisely the sort of thing that AV software is supposed to note and disarm?

Do they have tricks that bypass anti-virus detection? By now, presumably, these tricks are also known to non-state actors. Plus, if AV software makers are not keeping up on this – well, they have one job… just one job – to detect these sorts of things.

Scary Devil Monasterysays:

Re: Re: How?

"Isn’t this precisely the sort of thing that AV software is supposed to note and disarm? "

It is indeed. It’ll only work if all AV manufacturers are forced to add these government hacks to their whitelists.

And for the likely result of that if refer to you the Wcry virus which leaked right out of the NSA toolbox.

Anonymoussays:

and we thought the SS and Gestapo were no longer in existence! just goes to show but then, surveillance is the be-all and end-all in the USA now, so they’re getting plenty of lessons from us on what to do and how! and i dont recall about many cases against the USA security forces or governments, let alone any wins. so much for ‘land of the free’! only when you can get away with it!

That One Guysays:

Re: Re: 'You can't close your windows, we're looking in through them!'

The response and justification for that would be interesting and really counter-productive as they’d have to give some reason to ban an anti-virus program and it would be really easy for the company to tell people the real reason if the german government tried to lie, and on top of that if someone’s already planning on illegal activity such that being spied upon would be problematic it’s not like they’re going to give a damn that owning the programs are illegal anyway.

That One Guysays:

'The problem wasn't the act but that WE weren't doing it.'

This approach goes back at least a decade, and now seems to be an accepted technique in the country, which is rather surprising given Germany’s unhappy history of state surveillance and control during the previous century.

Sounds like they learned exactly the wrong lesson from their county’s history as rather than seeing that that sort of power isn’t something that anyone should have and has some serious repercussions they’ve apparently decided that historical german governments were on to something and there’s nothing wrong with the government being able to kick that pesky ‘privacy’ to the curb

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
12:25 Australian Privacy Commissioner Says 7-Eleven Broke Privacy Laws By Scanning Customers' Faces At Survey Kiosks (6)
10:50 Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim (45)
10:45 Daily Deal: The All-in-One Microsoft, Cybersecurity, And Python Exam Prep Training Bundle (0)
09:43 Want To Understand Why U.S. Broadband Sucks? Look At Frontier Communications In Wisconsin, West Virginia (8)
05:36 Massachusetts College Decides Criticizing The Chinese Government Is Hate Speech, Suspends Conservative Student Group (71)
19:57 Le Tigre Sues Barry Mann To Stop Copyright Threats Over Song, Lights Barry Mann On Fire As Well (21)
16:07 Court Says City Of Baltimore's 'Heckler's Veto' Of An Anti-Catholic Rally Violates The First Amendment (15)
13:37 Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites (21)
12:19 Chicago Court Gets Its Prior Restraint On, Tells Police Union Head To STFU About City's Vaccine Mandate (158)
10:55 Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones (8)
10:50 Daily Deal: The MacOS 11 Course (0)
07:55 Suing Social Media Sites Over Acts Of Terrorism Continues To Be A Losing Bet, As 11th Circuit Dumps Another Flawed Lawsuit (11)
02:51 Trump Announces His Own Social Network, 'Truth Social,' Which Says It Can Kick Off Users For Any Reason (And Already Is) (100)
19:51 Facebook AI Moderation Continues To Suck Because Moderation At Scale Is Impossible (26)
16:12 Content Moderation Case Studies: Snapchat Disables GIPHY Integration After Racist 'Sticker' Is Discovered (2018) (11)
13:54 Arlo Makes Live Customer Service A Luxury Option (8)
12:05 Delta Proudly Announces Its Participation In The DHS's Expanded Biometric Collection Program (5)
11:03 LinkedIn (Mostly) Exits China, Citing Escalating Demands For Censorship (14)
10:57 Daily Deal: The Python, Git, And YAML Bundle (0)
09:37 British Telecom Wants Netflix To Pay A Tax Simply Because Squid Game Is Popular (32)
06:41 Report: Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments (35)
20:38 MLB In Talks To Offer Streaming For All Teams' Home Games In-Market Even Without A Cable Subscription (10)
15:55 Appeals Court Says Couple's Lawsuit Over Bogus Vehicle Forfeiture Can Continue (15)
13:30 Techdirt Podcast Episode 301: Scarcity, Abundance & NFTs (0)
12:03 Hollywood Is Betting On Filtering Mandates, But Working Copyright Algorithms Simply Don't Exist (66)
10:45 Introducing The Techdirt Insider Discord (4)
10:40 Daily Deal: The Dynamic 2021 DevOps Training Bundle (0)
09:29 Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll (19)
06:29 Canon Sued For Disabling Printer Scanners When Devices Run Out Of Ink (41)
20:51 Copyright Law Discriminating Against The Blind Finally Struck Down By Court In South Africa (7)
More arrow