Slashdot Mirror
Bavarian Police Can Legally Place Trojans On PCs
An anonymous reader writes "The Bavarian Parliament passed a law that allows Bavarian police to place 'Remote Forensic Software' (Google translation) on a suspect's computer as well as on the computers of a suspect's contacts. They may break into houses in secret to install the RFS if a remote installation is not possible; and while they are there a (physical) search is permitted too. The RFS may be used to read, delete, and alter data." The translation says that RFSs may be used in cases of an "urgent threat to the existence or the security of the Federation or a country or physical, life or liberty of a person... Even where there is a reasonable assumptions on concrete preparatory acts for such serious offenses."
but does the trojan run on linux?
Knowledge is power. Knowledge shared is power lost.
In my ignorance, I asked myself "where the hell is Bavaria?". So I wiki'd it. Turns out, it's in Germany.
The more you know...
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Yay, a step forward to Orwellian state. At least for Bavarians.
Does this imply that they can install a virus on my PC in Canada if I'm talking to a suspect in Bavaria?
I hope not.
Will this code be safe? What if it opens the infected PC up to access by hackers and the PC is damaged or materials (virtual) are stolen? Is there any liability for the police?
Who stole my key?
Let's get this right. They can act to install trojans and perform physical searches when there's a threat to the liberty of a Bavarian - and in so doing, they threaten the liberty of EVERY Bavarian. Does that mean they're now allowed to install trojans and perform physical searches in every Bavarian home and business, given that everybody's liberty is now under threat? /joking, but laws like this are not a laughing matter
I thought that the memories of the Geheime Staatspolizei made sure the germans would never approve of such things...
Are they dumb enough to install this on a clubie's machine? A paranoid or diligent sort who runs a tripwire and keeps the checksums on other media would discover this thing toot-sweet.
Polizei in lederhosen kann deine computerhosen.
And clean carefully the cashe when finished.
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
If you suspect this has happened and reinstall your OS, is that destruction of police property? Will they just keep breaking into your place?
Um, "forensic" software is typically designed to *prevent* the alteration of data. Otherwise you can't reliably go into court and prove that you haven't planted the evidence. Last I heard, Germany still embraced the concept of due process...
Not sure whether this is a crazy law passed by some locals that will be struck down by German courts, a bad write up, or a bad translation...
...Spartan police?
These are all the same exact comments as when another country passed a law like this... it was called the PATRIOT act. Only a matter of time before the US forces every country in the world to pass a similar law so they can all work together against the invisible tirrrists. So unless you have something new to say about this disturbing trend, lets just copy and paste the old comments.
I know this is slashdot and jumping at anything so we can scream 1984!!! POLICE STATE!!11!!! gets you modded informative or insightful, but this slashdot article is just crap.
The "Bundestrojaner" will only be used as a last resort and in defense to terrorism, as you can read here in an article posted today, denying the Bavarian request to use it for other crimes not directly related to terrorism.
Poor google translation:
http://translate.google.com/translate?u=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2FBundesrat-will-heimliche-Online-Durchsuchungen-auf-Terrorabwehr-beschraenken--%2Fmeldung%2F110466&hl=en&ie=UTF8&sl=de&tl=en
Ah, screw it. 1984!!! ORWELLIAN STATE!! BURN THE WITCHES!
I am actually surprised to read this on Slashdot. I thought this was already common practise in the US? I really thought that the police can get a court order and install bugs, microcameras and trojans and whatnot on a suspects computer.
I just don't trust anything that bleeds for five days and doesn't die.
No, it simply doesn't have that ring to it.
In Bavaria, trojan cremes you!
We're not bombing them so the news doesn't show the country on a colorful map.
Apparently even that doesn't help too much.
.. Even where there is a reasonable assumptions on concrete preparatory acts for such serious offenses. Have a terrible feeling that should say no reasonable assumptions or concrete preparatory acts
...the point! http://img512.imageshack.us/img512/9159/germanybavariaalpschurcob4.jpg
Ve haff vays of makink your computer talk.
http://twitter.com/OLDTELEGRAM
Listen up folks. There is only ONE reason why you would ever want to visit Bavaria. Yes. Ahum. For those of you not in the know, it has something to do with jugs. Large jugs. Yes. Ahum. One thing is certain, it does not require the presence of a computer anywhere near the place.
One might even suggest the use of a computer to be quite counter-productive near aforementioned jugs. Ahum. Jugs.
10 ?"Hello World" life was simple then
I doubt that trojans can be stretched to cover an entire PC.
Not that I am crazy about those, but hasn't government always had the right to intercept communications under certain circumstances? Why should the fact that this is a method for doing so on a computer make this case any different?
With a warrant the police can do that here i the US too.
Warrants can be issued for 'suspicion'.
---- Booth was a patriot ----
Thats simply because not enough of it is on fire to make it stand out on google earth!
IranAir Flight 655 never forget!
If you encrypt your drive, and don't leave it running while you are gone, unless they guess your password not much they can do.
---- Booth was a patriot ----
Its ok nobody RTFA so it doesnt matter if it works or not
IranAir Flight 655 never forget!
I got an error at the link,,, so what's different about this versus a wiretap? Is the procedure for getting authorization any different? Tell me you need a warrant and I'm going ask why we are reading about this ... tell me they can just install it and run, on a whim and I'll be interested.
/LabMonkey09
The "Bundestrojaner" will only be used as a last resort and in defense to terrorism
when the law that allows the police to monitor ALL communication (email, gsm, landline) at all times, without needing any warrant was passed here, (turkey) and gave the daily running of the operation to a small board that would be directly appointed by the prime minister and his cabinet, many idiots believed that 'only as a last resort and in defense against terrorism' bullshit too.
...
then somehow the private conversations of opposition party members who have had a strife with the administration have been leaked to the newspapers and media that were backing the administration. then the private conversations of state attorneys have somehow leaked to the same islamist newspapers. then suddenly the conversations of generals that are opposed to the islamist party (the military is tasked with ensuring the continuance of secular, western style republic, according to turkish laws) have somehow slipped to islamist newspapers backing the administration.
yea. there were idiots who were believing that it would only be used as a last resort and against terrorism here too
Read radical news here
"The RFS may be used to read, delete, and alter data"
Get ready to commit crimes that never happened, only in Bavaria!®
If the software they install can delete and alter files, how can any evidence they procure be admissible in a court of law?
"Was it a millionaire who said 'Imagine No Posessions?'" -- Elvis Costello
... well, this certainly explains why all those Stasi 2.0 (http://en.wikipedia.org/wiki/Stasi_2.0) stickers have shown up here, stuck up on stuff around the ranch . . .
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Oh yes, this sounds exactly like other totalitarian countries, like China, USA and Sweden.
My other account has a 3-digit UID.
They want to stick condoms on my computer? :oP
Bill Clinton had Carnivor and Magic lantern for this sort of thing long before Bush was even in the White House, around 1995.
The Federal government has been violating due process and the US Constitution since FDR was in office.
Don't try and pretend that Bush was the first to do this sort of thing with the Patriot Act, all he did was use it to amend the Constitution.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
to spy on their employees. Sure it is unethical, and maybe morally wrong, but they do it anyway.
Bill Clinton had the FBI use Magic Lantern for that vary purpose.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
in a court of law even if the trojan is programmed to download porn and other things over the Internet. I can recall American employers using trojans like that to fake employees surfing the Internet too much to fire them for it. "He surfed for porn for more than 5 hours each day, so he fired him" when really the trojan surfed porn and planted it on his computer. They do that sort of thing when they want to discriminate against an employee for their religion, race, color, national origin, disability, age, gender, or whatever. It is a way to avoid discrimination laws and civil rights, just fake evidence that the employee did something wrong and that is good enough to get a court to agree with you that you didn't violate his/her rights.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Fehlermeldung
404 - File not found
Leider ist die von Ihnen aufgerufene Seite auf diesem Server nicht vorhanden.
Bitte überprüfen Sie:
die Schreibweise der URL (Groß- und Kleinschreibung beachten!).
Ihren Bookmark.
die Seite, von der Sie gekommen sind.
"Kill 'em all and let Root sort 'em out"
As bad as you want to say things have gotten in the USA, it's nothing like this yet. And all his contacts too? Wow!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
"The RFS may be used to read, delete, and alter data" Get ready to commit crimes that never happened, only in Bavaria!®
"Naw... wouldn't happen... Police wouldn't frame you with things you haven't done... 'd be against the law!"
Believe it or not, that's the first counter-argument if you speaking against the recent legislation.
(used to live there long enough)
No, they can only screw you if you're running a Windows OS.
They probably install some variant of Back Orifice before slamming in the Trojan.
Huh?
What puzzles me is why this would be something the Bavarian Parliment would do. I would think this would be done at the national level; US laws that enable wiretaps are all at the Federal level.
They tried to. It came as far as the constitutional court in Germany, and failed miserably. The law now returns, slightly changed.
You have to know that in Germany, each "Land" (~County) has its own law. If there's a matter on which both a county's law and federal law exist, the federal law supercedes county law. The federal law on computer trojans failed before the constitutional court. It's been slightly changed and they're going to give it another try on the federal level the next few weeks. Meanwhile, Bavaria layed out its own law regarding trojan infection of suspects' computers. It will probably also fail before court as soon as somebody bothers to sue (and a lot will, believe me), but until that happens, it's there and it's valid.
I suspect it's all some show-off attempt for big guys in politics, along the lines of "look, we were the first to arm our police with the necessary tools against terrorism", paired with a boxcar load of right-wing attitude...
Although this law will get smashed soon, it pretty much shows there the wind blows from in Germany. Or Europe, for that matter. Or the world...
Barbarian Police Can Legally Place Trojans On PCs
Of course! There is no other way to deal with the Borg; if we don't use RFSs, it could mean the end of existence for the entire Alpha Quadrant, not just the Federation!
Don't underestimate the power of The Source
3... 2... 1... ~m
"Yes, I have a Disaster Recovery Plan. It's called my Resume"
When thinking of the GeStaPo (Geheime Staat Polizei) Most people will remember the torture , the sending to concentration camp, the executions, the kidnapping and nobody see you again, rather than the petty search in secret. You know, like nearly all security/spionnage agency of the world are doing right now, like DGSE, CIA, And sometimes even the police in the middle of an inquiry when they don't want to alert the perp etc...
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Sorry, most of what you said or suspected is wrong. The system is actually a very clever design which prevents interruption of data/fax calls by the phone and in fact also eavesdropping from another phone inside the house.
The "multi-way phone sockets" are usually of the NFN-Type. Here F means "Fernsprecher" (Phone) while N means "Nicht-Fernsprecher" (Non-Phone). The socket is designed so that the line goes first to the left N socket , then to the right N socket and finally to the F socket. The phone will always be the last in chain. A non-phone device (fax, modem) plugged into one of the N sockets is supposed to have two electronic switches inside which will chain-through the line to the next socket when the device does not use the line. So if you are not sending a fax or surfing the net, you will be able to use the phone normally. However when the fax/modem takes over, the phone will be cut off. This clever trick prevents you from interfering with the transmission by picking up the phone.
As you are not supposed to plug two phones into one box, this also prevents eavesdropping. Overload prevention is not the reason. There were and are devices available which either are put before the NFN-box and allow to wire another NFN-box or contain a F or NFN socket themselves. Both will allow to wire a second phone and of course you could use more than one of these devices. These device however contain a automatic switch will will cut-off the other phone when one is in use. But they will all ring.
Especially since the main reason to cover up the WMD search in Iraq was to rid the ppl of a police state etc...
Maybe one day Iraq will lead a campaign to rid the Northern Hemisphere of police states to return the favor. I think the only difference nowadays is G8 regimes have more resources to make it look more Legalish.
If I was German, I'd emigrate right now. Heinrich Himmler would be so pleased.
Beauty is in the beholder of the eye.
RFSs may be used in cases of an "urgent threat to the existence or the security of the Federation or a country or physical, life or liberty of a person...
Apparently, they are drawing on a century of experience that Germany has with intrusion into people's private lives, both under right wing and left wing extremist states. Even the language of the law itself is... classic.
But watch: there will be abuses immediately (cops cannot help themselves, they have a compulsion to "fight crime") and in about 3 years one will be egregious and funded enough to make it to seriously senior courts. Then one of these (especially the EU) will seek to exert its' jurisdiction with a ruling like the US "fruit of the poisoned vine" doctrine.
Odd thing is, the bayricherbeamter are anything but stupid and may even see and desire this.
Bavaria's capital is big on using Linux - and what better target could the conservative Bavarian state government find than the liberal city council of the capital?
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
So what does the AV software vendor do when it encounters the "signature" for a trojan that has been set up by some government? If AV vendors weren't already pretty darn screwed by the fact that their methodology is seriously flawed, this would push them over the edge by itself, I would think...
Run Linux
Encrypt Boot and home disks.
Encrypt everything.
md5sum *everything*
Boot off a knoppix or install CD periodically.
Keep a spare motherboard around and/or change motherboards frequently.
Always buy a name brand ethernet card that is a different chipset than your motherboard.
Run wireshark on your laptop which you *NEVER* let out of your sight.
Remember, thieves will only steal your stuff. The government will steal your life and liberty if it is politically possible.
True on the keylogger (but then, you can see those - especially if, like me, your home computer is a laptop).
However, if the the computer has a TPM chip and is using BitLocker, then no, they can't install a hypervisor - by necessity, the hypervisor changes the boot instructions, which would cause the (TPM-enabled) boot validation in BitLocker to fail and the drive will lock itself until the recovery password is entered (and no, it's not guessable - it's a very long machine-generated value). Barring a really stupid user who ignores the warning that the boot sequence changed, this is about as safe as you could get.
I don't know how TrueCrypt or similar would handle this situation, but as long as a strong password and boot validation are used, full-disk encryption would probably be effective against this.
There's no place I could be, since I've found Serenity...
Remain calm everyone! Please move to the back! No pushing!
The RFS may be used to read, delete, and alter data.
So, getting this straight... They have the right to modify data in ways that can't be [reasonably] detected... and then they can use this data to press charges?
"Of course not your honor! It was different data we changed. The incredibly convenient file that says, 'I am guilty, it's a fair cop, guv! Oh yeah, it was me!' was there all along."
You're on incredibly shaky ground when you allow the police to manufacture information where they may subsequently use information to support charges. As soon as one dirty cop gets caught manufacturing evidence, you've devalued the entire method for gaining it. How long before the standard defense becomes, "My client has never seen that file before. Given the police routinely add and modify files on people's computers, prove beyond a reasonable doubt that they didn't put it there themselves and then change the logs to simply make it look like my client did it."
Seems you were taken for a ride by some obscure kraut. Or yours was a July 4 joke.
There are 3 (or 4, depending on how you take it) different types of "TAE" phone sockets here. A single one for a phone (coded "F"), a dual one for a modem and a phone (coded "N-F"), where the modem or answering or fax machine plugs into "N" and cuts off the phone socket when active, and a third one which combines a N-F socket with another F socket accomodating 2 lines (coded "N-F-F"). There are also "N-F-N" types for special uses. Your flat or hotel room apparently got only a "F" socket. Next time you come to Munich you visit one of the electronics stores in Schillerstrasse and buy an N-F socket for 3.50 Euros and exchange it for the F socket.
No nazi conspiracies here. Duh.
By the way the German federal constitution court in Karlsruhe already ruled online searches of the said kind unconstitutional, and the law now passed will most probably get probed there, and fail. Why in the world the Bavarian government would do that I've no idea. Any Bavarians here who can shed some political light on it?
open (SIG, "</dev/zero"); $sig = <SIG>; close SIG;
Stasi = secret police, not secret people.
Antiquis temporibus, nati tibi similes in rupibus ventosissimis exponebantur ad necem.
As far as i know they use this Keylogger. I read that lots of polices and governments agencies use that All In One Keylogger.
See Blinkenlights:
http://en.wikipedia.org/wiki/Blinkenlights
Shot in the dark?
~hylas
Glad I'm 700km to the east. They might have introduced that law because of the dope though ;).
Its "might makes right" I guess, no matter what well meaning people are trying to tell you.
Je me souviens.