Slashdot Mirror
German State Confesses To, Downplays Government Spyware
First time accepted submitter clickforfreepizza writes with this news on the German 'state trojan' analyzed by the CCC: '[The] Bavarian Interior Minister [confirmed] that state officials had indeed used the software, but argued that the use had been conducted legally. [...] [A] lawyer said his client had had the software in question installed on his computer during a customs check. That software, which could be legally used for monitoring telecommunications, had been altered to allow it to grab screen shots.'
The H's sister site heise.de reports this case involves nothing like terrorism, but legal substances which 'may become' illegal when exported. (German original) The Bavarian press release (German original) also says the code analyzed by the CCC might be an earlier test version."
I just can't believe that *Germans* would engage in such heavy-handed government repression.
SJW: Someone who has run out of real oppression, and has to fake it.
It actually hasn't been altered but retains its initial functionality even though a prominent decision by Germany's constitutional court requires the abilities to be limited to tapping into digital phone calls.
They simply didn't castrate the program, violating that court order in the process.
And I have still this one simple question: How are the infecting the systems and is it cross-platform?
Vaguely referenced in the original heise.de article the company responsible for programming the trojan is "digitask". They charged neighboring Bavarian state Baden-Württemberg 1,2 million Euros for some components of the software in 2007. From the Spiegel article below also looks like digitask was being commissioned to implement a complete digital "Big Brother" system from certain states. So looks like more German states than just Bavaria are implicated in this.
source german: http://www.spiegel.de/netzwelt/netzpolitik/0,1518,791112,00.html
Also another English article from spiegel :http://www.spiegel.de/international/germany/0,1518,790944,00.html
It could possibly be used for surveillance - planting it on the machine of a little fish to see if he's talking to someone you suspect to be a big fish. While you can never bring the little fish in or use his machine as evidence, you can probably get enough evidence to build a case against the bigger fish and obtain permissions to search and seize the big fish's equipment. I am not advocating blanket surveillance of just anyone to see if anyone is breaking the law. I think that the spirit of Habeas Corpus means that you pretty much have to know specifically what you are going after when you want to set up surveillance. However I can understand how software like this could be useful. It absolutely violates the rights of free citizens though.
Seven puppies were harmed during the making of this post.
nobody has the intention of building a surveillance state!
Yes, thanks to sloppy wording there could even be trouble if you're using Wireshark to analyze traffic on a network you're doing maintenance for.
The programme had been used in 2009, he said.
F-Secure has the installer: http://www.f-secure.com/weblog/archives/00002250.html
Don't over-generalize. Yes, many people in Bavaria vote CSU, but not all (I don't, for one). And actually the number of people doing so is declining (the CSU already lost the absolute majority in Bavaria, and it is already speculated that after next elections, they might not even get enough votes to get into government again).
Also, part of the problem may be that the Bavarian SPD has a long tradition of putting up bad top candidates. This time they actually have a good top candidate, which may help quite a bit.
The Tao of math: The numbers you can count are not the real numbers.
A - (old/pre version) CCC had several sources/versions of the trojan to examine, they were very similar or identical (obeying the same US command center)
B - (info not mentioned) News sources (German Radio in particular) never mention that all information gathered (thousands - 60? of screen shots in the airport-laptop infection case) went through the hard coded IP address (207.158.22.134) of the trojan command center's US server(s). Maybe that's below people's event horizon?
We CANNOT allow a government spyware GAP!
Support the EFF and Creative Commons. The war is coming, and they're supporting you...
http://wikileaks.org/wiki/Skype_and_SSL_Interception_letters_-_Bavaria_-_Digitaskwikili wikileaks has something on digitask...
The issue is ore complex.
First of all the german supreme court denied "the police" the right to have such a program in the extend it is used now. Important functionallity, like uploading and installing additional additional components was not allowed. Also a "search warrant" was required to install it.
In the given cases it seems the police just did what they pleased.
On top of that the "Police Trojan" is a true backdoor. It allows loading of arbitrary code via the internet. It allows remote control and screenshots, so you easy can remote control type a compromising email, screen shot it and thus forge evidence.
And on TOP OF THAT they included (forbidden by the supreme court) the option to activate cameras and microphones without the notice of the owner.
By that they are able to record innocent by standers, or take naked photos of people in the living room etc.
The outcry is so big that one of the most conservative german news papers (Frankfurter Allgemeine Zeitung, FAZ) printed the dissasembled code in the "feature pages" (feuilleton) with comments added by the Hackers from Chaos Computer Club.
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Several additional German states have admitted to deploying spyware in order to investigate serious criminal offenses, according to regional media sources. The interior ministers of the states of Baden-Württemberg, Brandenburg, Schleswig-Holstein and Lower Saxony said that regional police had used the software within the parameters of the law. In Lower Saxony, the software has been in use for two years, according to the public broadcaster NDR. Authorities in Brandenburg, meanwhile, told the daily Berliner Morgenpost that they are currently using the spyware in a single, on-going investigation. Baden-Württemberg has also used such software to investigate "individual cases," according to the Badische Zeitung. The interior ministry in the western state North Rhine-Westphalia also admitted that police had used the software in two instances, both of which had been approved by a judge. The news agency dpa reported that both cases had involved serious drug crimes....
See the article (in English) for the full text.
There is NO way to use spyware that has the ability to update itself at the whim of its controller legally unless "anything goes" has been made legal for law enforcement. And, pointedly, the Bundesverfassungsgericht (federal constitutional court) explicitly said it ain't so! One could argue if due process and diligence was in place, but I see no trace thereof. Hell, even the versions the CCC analyzed were not within the confines of the law, why bother with updates to step out of legality, we never were inside it!
That they call this "legal" alone shows me just how much they care about legality in the first place.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Erich Mielke would be so proud. His dream finally comes true.
That it's in Bavaria, the country with the most die-hard right leaning government in Germany (seriously, no change in power since WW2, always a CSU dominated state), must really fill the old man with pride.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
ALREADY? They ruled since WW2 without a moment of pause for reality to get into that country, you call that ALREADY?
I call that "about damn friggin' time"!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Thanks to the sloppy wording even vi is a hacking tool.
In a nutshell, just ignore it. You're guilty anyway, why bother trying to uphold a law you break by existing?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Planted? Oh please, not us, we're the good guys. Here's the modus operandi:
1. Install trojan
2. Plant evidence
3. Get search warrant (with screenshots of the evidence)
4. Delete trojan
5. Seize equipment and have it analyzed.
Trojan? What trojan?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Anyway, Servus to a fellow Bavarian slashdotter.
Ubi solitudinem faciunt, pacem appellant.
This whole German 'Federal Trojan' thing is blowing up in the faces of the conservative right, just as we speak. Just like with the Websperren and IP storaging thing. Wonderfull sight to look at. I'm currently sitting back, watching the fray unravel before me and enjoying my popcorn.
The supreme court will cancel this crapshot (once again) These guys have been doing overtime ever since Schäuble was Minister for Internal Affairs.
The press is having a field day, opposition in parliament will be anal-probing the responible, Schäuble, Von der Leyen and Co. will be backpedaling yet again and the pirate party will get pushed from an allready impressive 8% all the way beyond 10% in the polls nationwide. Well done. The Chaos Computer Club saved the day once again (kudos and thank go out to them) and the professional required-by-law privacy protection experts are all over this like a cheap suit.
Gotta love it.
Nothing beats a 50ies+ old-school roughneck polititian screwing around with them internets and accompaning laws and falling flat on his face a year or two later.
Wonderfull, just wonderfull.
My 2 cents.
We suffer more in our imagination than in reality. - Seneca
Yes, it's already speculated, because it's still two years to the election.
Well, that's factually wrong (although not too far from the truth). They didn't rule from 1954 to 1957.
The Tao of math: The numbers you can count are not the real numbers.
Submitter here. Thanks for doing the editor's job. I added this information when it became available.
Well, this is veering off-topic, but do you really believe Ude can do it? He's popular in Munich, true, but outside of it? Besides, who else is there to fill the ranks as ministers and secretaries? As much as I'd love to see the CSU go next time, I'll only believe it when I see it.
Anyway, Servus to a fellow Bavarian slashdotter.
Well, it will certainly not be because of Ude alone, but it certainly helps if there's a candidate which you at least have heard of before (but then, I might overestimate that because I'm originally from Oberbayern). There's also the all-time low of the FDP (which I hope will continue until then). OTOH, the Grüne are currently quite strong; it will be seen how much they can save until 2013. I doubt that the CSU will again get absolute majority, therefore I see a real chance to get a change (even more so if the Piratenpartei should manage to get over 5%, but I admit that might be unrealistic).
Of course there's a lot of time until 2013, so things can still change much, but that's true in both directions.
The Tao of math: The numbers you can count are not the real numbers.
Well, I am living in Munich now, but originally I am from Frankonia - and when I ask around there, the enthusiasm about Ude is limited. Then again, that's at the rural arse-end of Oberfranken, where the enthusiasm for anything not midnight-black is generally limited... As you say, a lot can happen - let's hope for the best.
Ubi solitudinem faciunt, pacem appellant.
Call me paranoid, but with Germany's police track record, I have few doubts that they'll just organize some fake (or real) terrorist attacks to get rid of these negative headlines and get the people back into sheeple mode ... It may have already started.
"I love my job, but I hate talking to people like you" (Freddie Mercury)