Slashdot Mirror
German State Confesses To, Downplays Government Spyware
First time accepted submitter clickforfreepizza writes with this news on the German 'state trojan' analyzed by the CCC: '[The] Bavarian Interior Minister [confirmed] that state officials had indeed used the software, but argued that the use had been conducted legally. [...] [A] lawyer said his client had had the software in question installed on his computer during a customs check. That software, which could be legally used for monitoring telecommunications, had been altered to allow it to grab screen shots.'
The H's sister site heise.de reports this case involves nothing like terrorism, but legal substances which 'may become' illegal when exported. (German original) The Bavarian press release (German original) also says the code analyzed by the CCC might be an earlier test version."
I just can't believe that *Germans* would engage in such heavy-handed government repression.
SJW: Someone who has run out of real oppression, and has to fake it.
It actually hasn't been altered but retains its initial functionality even though a prominent decision by Germany's constitutional court requires the abilities to be limited to tapping into digital phone calls.
They simply didn't castrate the program, violating that court order in the process.
And I have still this one simple question: How are the infecting the systems and is it cross-platform?
Yet another thing we are not first to implement! I demand the government rectify this immediately before places like France and Canada have government spyware before us.
"That's the way to do it" - Punch
When your hard drive is confiscated for evidence they have to take painstaking efforts to never alter so much as a single byte on the drive.
They cannot install software on the drive that changes the drive and expect to use anything on the device as evidence.
And they can even arbitrarily download data to the drive. Even if they don't download anything, they could have planted evidence. All you need in most courts to prove innocence is that the police could have planted evidence. Why provide a capability that you never plan to use?
Vaguely referenced in the original heise.de article the company responsible for programming the trojan is "digitask". They charged neighboring Bavarian state Baden-Württemberg 1,2 million Euros for some components of the software in 2007. From the Spiegel article below also looks like digitask was being commissioned to implement a complete digital "Big Brother" system from certain states. So looks like more German states than just Bavaria are implicated in this.
source german: http://www.spiegel.de/netzwelt/netzpolitik/0,1518,791112,00.html
Also another English article from spiegel :http://www.spiegel.de/international/germany/0,1518,790944,00.html
state officials had indeed used the software, but argued that the use had been conducted legally
IANAL! but...
i've recently noticed a trend among the german security researchers. they've been self censoring their own programs and binaries in an effort to comply with new harshly worded legislation regarding programs and 'hacktools'. this makes me wonder if 'legal' usage of the described software is even possible.
nobody has the intention of building a surveillance state!
The programme had been used in 2009, he said.
F-Secure has the installer: http://www.f-secure.com/weblog/archives/00002250.html
This is what the statsi did during the cold war. Spying on your own citizens should be a crime.
Don't over-generalize. Yes, many people in Bavaria vote CSU, but not all (I don't, for one). And actually the number of people doing so is declining (the CSU already lost the absolute majority in Bavaria, and it is already speculated that after next elections, they might not even get enough votes to get into government again).
Also, part of the problem may be that the Bavarian SPD has a long tradition of putting up bad top candidates. This time they actually have a good top candidate, which may help quite a bit.
The Tao of math: The numbers you can count are not the real numbers.
A - (old/pre version) CCC had several sources/versions of the trojan to examine, they were very similar or identical (obeying the same US command center)
B - (info not mentioned) News sources (German Radio in particular) never mention that all information gathered (thousands - 60? of screen shots in the airport-laptop infection case) went through the hard coded IP address (207.158.22.134) of the trojan command center's US server(s). Maybe that's below people's event horizon?
What's the difference between a porcupine and a BMW? A porcupine has all it's pricks on the outside.
http://wikileaks.org/wiki/Skype_and_SSL_Interception_letters_-_Bavaria_-_Digitaskwikili wikileaks has something on digitask...
The issue is ore complex.
First of all the german supreme court denied "the police" the right to have such a program in the extend it is used now. Important functionallity, like uploading and installing additional additional components was not allowed. Also a "search warrant" was required to install it.
In the given cases it seems the police just did what they pleased.
On top of that the "Police Trojan" is a true backdoor. It allows loading of arbitrary code via the internet. It allows remote control and screenshots, so you easy can remote control type a compromising email, screen shot it and thus forge evidence.
And on TOP OF THAT they included (forbidden by the supreme court) the option to activate cameras and microphones without the notice of the owner.
By that they are able to record innocent by standers, or take naked photos of people in the living room etc.
The outcry is so big that one of the most conservative german news papers (Frankfurter Allgemeine Zeitung, FAZ) printed the dissasembled code in the "feature pages" (feuilleton) with comments added by the Hackers from Chaos Computer Club.
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Several additional German states have admitted to deploying spyware in order to investigate serious criminal offenses, according to regional media sources. The interior ministers of the states of Baden-Württemberg, Brandenburg, Schleswig-Holstein and Lower Saxony said that regional police had used the software within the parameters of the law. In Lower Saxony, the software has been in use for two years, according to the public broadcaster NDR. Authorities in Brandenburg, meanwhile, told the daily Berliner Morgenpost that they are currently using the spyware in a single, on-going investigation. Baden-Württemberg has also used such software to investigate "individual cases," according to the Badische Zeitung. The interior ministry in the western state North Rhine-Westphalia also admitted that police had used the software in two instances, both of which had been approved by a judge. The news agency dpa reported that both cases had involved serious drug crimes....
See the article (in English) for the full text.
They weren't not only able to take screenshots, they used this functionality. But - oh wonder - this was all completely legal.
cb
There is NO way to use spyware that has the ability to update itself at the whim of its controller legally unless "anything goes" has been made legal for law enforcement. And, pointedly, the Bundesverfassungsgericht (federal constitutional court) explicitly said it ain't so! One could argue if due process and diligence was in place, but I see no trace thereof. Hell, even the versions the CCC analyzed were not within the confines of the law, why bother with updates to step out of legality, we never were inside it!
That they call this "legal" alone shows me just how much they care about legality in the first place.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
ALREADY? They ruled since WW2 without a moment of pause for reality to get into that country, you call that ALREADY?
I call that "about damn friggin' time"!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Anyway, Servus to a fellow Bavarian slashdotter.
Ubi solitudinem faciunt, pacem appellant.
This whole German 'Federal Trojan' thing is blowing up in the faces of the conservative right, just as we speak. Just like with the Websperren and IP storaging thing. Wonderfull sight to look at. I'm currently sitting back, watching the fray unravel before me and enjoying my popcorn.
The supreme court will cancel this crapshot (once again) These guys have been doing overtime ever since Schäuble was Minister for Internal Affairs.
The press is having a field day, opposition in parliament will be anal-probing the responible, Schäuble, Von der Leyen and Co. will be backpedaling yet again and the pirate party will get pushed from an allready impressive 8% all the way beyond 10% in the polls nationwide. Well done. The Chaos Computer Club saved the day once again (kudos and thank go out to them) and the professional required-by-law privacy protection experts are all over this like a cheap suit.
Gotta love it.
Nothing beats a 50ies+ old-school roughneck polititian screwing around with them internets and accompaning laws and falling flat on his face a year or two later.
Wonderfull, just wonderfull.
My 2 cents.
We suffer more in our imagination than in reality. - Seneca
Yes, it's already speculated, because it's still two years to the election.
Well, that's factually wrong (although not too far from the truth). They didn't rule from 1954 to 1957.
The Tao of math: The numbers you can count are not the real numbers.
Submitter here. Thanks for doing the editor's job. I added this information when it became available.
Well, this is veering off-topic, but do you really believe Ude can do it? He's popular in Munich, true, but outside of it? Besides, who else is there to fill the ranks as ministers and secretaries? As much as I'd love to see the CSU go next time, I'll only believe it when I see it.
Anyway, Servus to a fellow Bavarian slashdotter.
Well, it will certainly not be because of Ude alone, but it certainly helps if there's a candidate which you at least have heard of before (but then, I might overestimate that because I'm originally from Oberbayern). There's also the all-time low of the FDP (which I hope will continue until then). OTOH, the Grüne are currently quite strong; it will be seen how much they can save until 2013. I doubt that the CSU will again get absolute majority, therefore I see a real chance to get a change (even more so if the Piratenpartei should manage to get over 5%, but I admit that might be unrealistic).
Of course there's a lot of time until 2013, so things can still change much, but that's true in both directions.
The Tao of math: The numbers you can count are not the real numbers.
Well, I am living in Munich now, but originally I am from Frankonia - and when I ask around there, the enthusiasm about Ude is limited. Then again, that's at the rural arse-end of Oberfranken, where the enthusiasm for anything not midnight-black is generally limited... As you say, a lot can happen - let's hope for the best.
Ubi solitudinem faciunt, pacem appellant.
Call me paranoid, but with Germany's police track record, I have few doubts that they'll just organize some fake (or real) terrorist attacks to get rid of these negative headlines and get the people back into sheeple mode ... It may have already started.
"I love my job, but I hate talking to people like you" (Freddie Mercury)