Infecting a computer with spyware in order to secretly siphon data is a tactic most commonly associated with criminals. But explosive new revelations in Germany suggest international law enforcement agencies are adopting similar methods as a form of intrusive suspect surveillance, raising fresh civil liberties concerns.
Information released last month by the German government shows that between 2008-2011, representatives from the FBI; the U.K.’s Serious Organised Crime Agency (SOCA); and France’s secret service, the DCRI, were among those to have held meetings with German federal police about deploying “monitoring software” used to covertly infiltrate computers.
The disclosure was made in response to a series of questions tabled
by Left Party Member of Parliament Andrej Hunko and reported by German-language media. It comes on the heels of an exposé by the Chaos Computer Club, a Berlin-based hacker collective, which revealed in October that German police forces had been using a so-called "Bundestrojaner” (federal Trojan) to spy on suspects.
The Bundestrojaner technology could be sent disguised as a legitimate
software update and was capable of recording Skype calls, monitoring
Internet use, and logging messenger chats and keystrokes. It could also
activate computer hardware such as microphones or webcams and secretly
take snapshots or record audio before sending it back to the
authorities.
German federal authorities initially denied
deploying any Bundestrojaner, but it soon transpired that courts had in
fact approved requests from officials to employ such Trojan horse
programs more than 50 times.
Following a public outcry over the use of the technology, which many
believe breached the country’s strict privacy laws, further details have
surfaced.
Inquiries by Green Party MP Konstantin von Notz revealed in January
that, in addition to the Bundestrojaner discovered by the CCC, German
authorities had also acquired a license in early 2011 to test a similar
Trojan technology called “FinSpy,”manufactured by England-based firm
Gamma Group. FinSpy enables clandestine access to a targeted computer,
and was reportedly used for five months
by Hosni Mubarak’s Egyptian state security forces in 2010 to monitor
personal Skype accounts and record voice and video conversations over
the Internet.
But it is the German government’s response to a series of questions
recently submitted by Hunko that is perhaps the most revealing to date.
In a letter from Secretary of State Ole Schröder
on March 6, which I have translated, Hunko was informed that German
federal police force, the Bundeskriminalamt (BKA), met to discuss the
use of monitoring software with counterparts from the U.S., Britain,
Israel, Luxemburg, Liechtenstein, the Netherlands, Belgium, France,
Switzerland, and Austria. The meetings took place separately between
Feb. 19, 2008, and Feb. 1, 2012. While this story has been covered in
the German media, it hasn’t received the English-language attention it
deserves.
Both the FBI and Britain’s SOCA are said to have discussed with the
Germans the “basic legal requirements” of using computer-monitoring
software. The meeting with SOCA also covered the “technical and tactical
aspects” of deploying computer infiltration technology, according to
Schröder’s letter. France’s secret service and police from Switzerland,
Austria, Luxemburg, and Liechtenstein were separately briefed by the BKA
on its experiences using Trojan computer infiltration.
Interestingly, at a meeting in October 2010 attended by police from
Germany, the Netherlands, and Belgium, representatives from the Gamma
Group were present and apparently showcased their shadowy products. It
is possible that the Germans decided at this meeting to proceed with the
FinSpy trial we now know took place in early 2011.
If nothing else, these revelations confirm that police
internationally are increasingly looking to deploy ethically contentious
computer intrusion techniques that exist in a legal gray area. The
combination of the rapid development of Internet technologies and
persistent fears about national security seem to have led to a paradigm
shift in police tactics—one that appears, worryingly, to be taking place
almost entirely behind closed doors and under cover of state secrecy.
The use of highly intrusive surveillance technologies in any context
demands some level of democratic scrutiny. How many police and
government agencies are sanctioned to use hacking and Trojans as a means
to surveil their citizens, how frequently does it happen, on what
grounds, and with what oversight? The fallout from Germany’s
Bundestrojaner scandal may have shed some much-needed light on this
murky world, but still we are left with many more questions than
answers.
This article first appeared at: slate.com
This article first appeared at: slate.com
Posts
