35C3: Digitale Gewalt gegen Frauen

Damit’s leicher zu finden ist, auch hier das Video vom meinem Talk „Stalking, Spy Apps, Doxing: Digitale Gewalt gegen Frauen“ letzte Woche beim 35. Chaos Communication Congress.

Weil es Nachfragen gab, hier die verschiedenen Materialien, auf die ich mich im Talk bezogen habe, quasi die Literaturliste.

Die Dokumente und Websites, die ich im Talk erwähnt habe:

Es gibt natürlich noch viel mehr, hier eine Auswahl:

Konkrete Tips und Hilfe für Betroffene

Artikel dazu

Weitere Studien etc.

Sonst noch

Polizei:
Es kann in bestimmten Fällen sinnvoll sein, die Polizei zu kontaktieren.
Es empfiehlt sich in jedem Fall, vorher mit einer Anwältin zu sprechen, die auf Sexualstraf- und/oder IT-Recht spezialisiert ist, am besten aber mit einer Frauenberatungsstelle.

Ergänzungen gern als Kommentar oder per Mail. Feedback zum Talk genauso, und gern auch direkt an das Content-Team des CCC.

Weapons of Mass Surveillance – the German ‚Snowden Inquiry‘

In 2013 one Snowden revelations after the other made us realize that the state of mass surveillance was as bad as only a few had dared to think. Early in 2014 the German parliament decided to have a closer look with the goal to find out whether any of that was happening in Germany. A temporary committee, or Inquiry, was installed and given the task to investigate against the German government and it’s intelligence services. Did the government, did Angela Merkel know about any of this? What is the role of German secret services: are they part of the system of mass surveillance, and how? What about the drone war and the US base in Ramstein, Germany?

The Inquiry, a small committee of eight members of the German parliament, tried to find answers to these and many other questions. The small opposition in the Inquiry (2 out of the 8 members) pushed hard for Edward Snowden to be heard as a witness, all the way to Germany’s highest court. We all know the result: the most important witness wasn’t allowed into the country. (Representatives of several US companies such as Apple, Facebook or Google were invited but chose not to come.)

Many other witnesses, however, did testify in public as well as non-public sessions in parliament. The Inquiry ended shortly before the next election in July of last year and is said to have been the largest such investigation yet in the German parliament. Many questions remained unanswered or at least partly so, but after questioning dozens of government and intelligence personnel we now know much better how mass surveillance is carried out and how well it is conceiled from parliamentary oversight – even in a country that is often praised for its democratic institutions.

A report of almost 2.000 pages was published, so far only in German. And then there’s a 300 page report that holds the dissenting view of the small opposition in parliament. It was my role during the past 3.5 years as advisor for one of the two opposition parties in the Inquiry to follow the proceedings, prepare the sessions, read the files, follow the witness hearings, and finally write parts of the report.

So far only the summary and introductory remarks of the final report were translated into English.

These are the summary and the introductory remarks of the opposition’s report about the German parliament’s Inquiry on mass surveillance, conducted 2014 – 2017:

 

Introduction

1. The consequences of the Snowden revelations

The sixth of June 2013 saw the appearance of the first article based on the revelations made by Edward Snowden. That date marked a watershed, as many Internet users realised for the first time that the age of the ‘free Internet’ had ended and that George Orwell’s dystopia of total surveillance was a real option. Moreover, it was being created by intelligence services of Western countries, whose duty should actually be to protect democracy and free speech.

Questions rapidly began to surface as to whether the intelligence services of the United States and the United Kingdom, the NSA and GCHQ, were collecting, storing and analysing data in an equally unscrupulous manner in Europe and therefore here in Germany. What did the Federal Government know about it? Were the German intelligence services – the BND, the BfV and the Military Counterintelligence Service (MAD) – in the dark, or had they kept their knowledge to themselves?
Following the initial shock, which came in the midst of the parliamentary election campaign, the incumbent coalition government of CDU/CSU and FDP decided to sweep the problem under the carpet as far as possible. On 12 August, Ronald Pofalla, Head of the Federal Chancellery and Federal Minister for Special Tasks, stood in front of the cameras and declared that the NSA affair was over. At that stage, many articles based on the Snowden documents had yet to be published.

2. Appointment of the committee of inquiry

The SPD, still in opposition at that time, protested and called for full clarification. When it emerged in October that even the Chancellor’s mobile was fair game for the NSA, it became evident that this issue could not be dropped by decree. At the second sitting of the newly elected Bundestag, a debate on the NSA spying and its effects on Germany and on transatlantic relations was already on the agenda. The debate was based on motions for resolutions tabled by the parliamentary groups of The Left Party and Alliance 90/The Greens. In that debate, Members not only deliberated on the need for a committee of inquiry but also – on the opposition side – discussed how and where Edward Snowden could be questioned by Parliament.

After lengthy negotiations on the subject and scope of the inquiry, the First Committee of Inquiry was appointed. It was often referred to as the NSA inquiry, but later it could just as easily have been called the BND inquiry, not least because the Grand Coalition prevented an effective investigation of the NSA activities.

The subject of the inquiry was to be mass surveillance by the Five Eyes alliance in Germany but also what the Federal Government knew about it and what role was played by German agencies. An important chapter was to be devoted to possible German participation in US drone warfare, covering tolerance of the relay station at the US military base in Ramstein, the possible forwarding of data that could be used in the selection of targets and the questioning of refugees in Germany by the intelligence services.

3. Protests against mass surveillance

The committee of inquiry did not owe its existence to parliamentary efforts alone. The numerous public activities and protests against surveillance that had taken place since the summer of 2013 also made a major contribution to the appointment of the committee.

Thousands of people demonstrated in many German cities in July under the aegis of the Stop Watching Us alliance and in August to mark the International Day of Privacy. There were organised walks round the site of the BND headquarters in Berlin, to the BND surveillance facility in Schöningen and to the Dagger Complex in Griesheim. In an initiative entitled Ein Bett für Snowden (‘A bed for Snowden’), 40,000 people expressed their support for granting Edward Snowden asylum in Germany.

More than sixty writers addressed an open letter to the Chancellor calling for an investigation. A petition expressing support for the letter attracted 80,000 signatories. Many people began to consider for the first time how they could protect themselves from surveillance, for example by encrypting their communications.
All of these things made their mark and encouraged us to press in Parliament for an inquiry.

4. The work of the committee was important

The committee of inquiry has achieved a great deal in little more than three years. We know more about the work of the intelligence services in Germany today, particularly their use of surveillance technology. In spite of many attempts by the Federal Government and the parliamentary groups of the governing coalition to place tight restrictions on the investigation of many points, we must pass favourable judgement at the end of these three years. Apart from an inquiry in the European Parliament and by a committee in Brazil, the German committee of inquiry was the only one in the world to be appointed by a parliament to investigate the revelations made by Edward Snowden.

5. Protection of privacy is a universal right

Many of the findings of the inquiry relate to the violation of fundamental rights, that is to say rights guaranteed by the Basic Law. The main right affected by the investigated activities was privacy of posts and telecommunications, as enshrined in Article 10 of the Basic Law.
It is important for us to stress that our primary focus on the rights of the population of Germany does not stem from their being more important to us than people in any other countries. Our mandate was to examine whether and how the Federal Government and its authorities had been acting unlawfully. Whereas we believe that all people’s communications should be afforded the protection guaranteed by Article 10, the Federal Government takes a decidedly different view – conflicting, by the way, with the opinion expressed by leading scholars of constitutional law. According to the government view, the German intelligence services have a greater duty of care when conducting surveillance of Germans than when conducting surveillance abroad. We have judged them on the basis of that criterion.

We were subjected to tight restrictions in our investigation of BND activities abroad. There remains a great deal more to be done to shed light on digital surveillance on a global scale. We are, however, convinced that we have succeeded, through the work of this committee of inquiry, in providing an important building block for this effort.

 

Summary

1. Stonewalling by the Federal Government with majority support

From the perspective of the opposition groups, the first committee of inquiry of the 18th electoral term served an important purpose and was manifestly successful. In spite of deplorable stonewalling on the part of the Federal Government and its active obstruction of parliamentary investigation, we succeeded in shedding more light on the constitutionally questionable to downright illegal intelligence practices exposed by Edward Snowden and in focusing public attention on other problem areas, facts and scandalous wrongdoings.
The investigation was rendered considerably more difficult and, to all intents and purposes, obstructed by a Federal Government that showed no interest at all in revealing, let alone examining and remedying, practices and cooperative activities in which German intelligence services were engaging and which clearly merited investigation and posed evident legal problems. Many security classifications of files and cases have been assigned for the sole reason that their exposure would have caused political embarrassment to the Federal Government.
The Basic Law itself, in Article 44, enshrines the right of Parliament to appoint a committee of inquiry and establishes the principle that the committee’s hearings should be public. From the outset, however, the Federal Government engaged very extensively in blanking out information on files or removing entire documents from submitted material. At the same time, it submerged the committee in veritable floods of badly processed files and prescribed security classifications of files and meetings, with which the CDU/CSU and SPD majority on the committee often obediently complied, acting as the ‘bodyguard of the Government’, to quote Lars Brocker, writing in the journal of public administration Die öffentliche Verwaltung in 2014; it constantly invented new procedures, whereby venues for the perusal of files were relocated to various places outside the Bundestag. Countless meetings were given ‘top secret’ classifications, even though it was often indiscernible how public knowledge of the proceedings of those meetings could ever have endangered the continuing existence of the Federal Republic. On several occasions sweeping allegations were made that committee members were betraying secrets. They were threatened with criminal investigations. In this context, representatives of the executive publicly raised the spectre of terrorist attacks resulting from the work of the parliamentary committee of inquiry; these, they said, would materialise if the foreign counterparts of the German intelligence services withdrew their cooperation because Parliament was performing its duty of investigating years of unlawful conduct on the part of those very services.

2. No testimony from Edward Snowden

The courageous revelations made by Edward Snowden made the world aware that the intelligence services of the Five Eyes alliance were using digital technology to develop an invasive system of total surveillance. Snowden was named as the first witness of the committee of inquiry; his testimony would have been of the utmost importance to the committee. The fact that we were unable to obtain his testimony is down to the concerted efforts of the Federal Government and the Grand Coalition majority on the committee; to our regret, these efforts were endorsed by judicial decisions.
This does not absolve us of the responsibility to keep pressing for Edward Snowden to be allowed to live his life without being subjected to political pressure; we must keep hoping that he will yet be able, at a future date, to give the Bundestag an insight into his knowledge of mass surveillance in Germany.

3. Mass surveillance in Germany and the rest of the world

The evidence gathered by the committee indicated indiscriminate and unauthorised mass surveillance, not only in the framework of Operation Eikonal but also by means of ‘selectors’ (search terms) used by the National Security Agency (NSA) and the Federal Intelligence Service (BND). German nationals and companies have also been among the perennial targets. No further light could be shed on direct mass surveillance conducted by the NSA in Germany and in other countries from a German base, because files and witnesses from the United Kingdom and the United States were not available.
The term ‘indiscriminate mass surveillance’ was coined as a result of the Snowden revelations. It expresses the particular nature of the surveillance infrastructure that was first exposed in 2013. Many details of the systems and activities of the Five Eyes alliance that were described in the published documents could not be examined in committee, because the Federal Government systematically withheld from the committee almost all files relating to the intelligence services of the US, the UK, Canada, Australia and New Zealand. There were, however, no grounds whatsoever to doubt the truth of the information contained in the Snowden documents, nor did any witness statement suggest otherwise. The committee found compelling evidence that the BND in particular is part of this global surveillance structure.

4. BND cooperation with the NSA in Bad Aibling

The Memorandum of Agreement of 2002 between the BND and the NSA on joint telecommunications surveillance in Germany was intended, among other things, to give the NSA access to data from the Frankfurt Internet exchange point (IXP) but did not enter formally into force in the absence of the requisite consent from the Bundestag.

5. Data tapping in Frankfurt without a G-10 restriction order

Between 2005 and 2008, as part of the joint BND/NSA Operation Eikonal, the BND engaged in data tapping in Frankfurt am Main without legal authorisation. The operation was executed by Deutsche Telekom without a restriction order having been issued under the Act Restricting the Privacy of Posts and Telecommunications (G-10 Act), in spite of very strong reservations among Deutsche Telekom staff. In this way, data were leaked to the BND over several years through unauthorised breaches of telecommunications privacy. Deutsche Telekom and the BND thus deliberately deceived and subverted the established system of parliamentary oversight as well as conniving in a sustained infringement of the law.

6. The myth of the functioning filters

The practical implementation of Operation Eikonal typifies the NSA practice of conducting surveillance activities jointly with local intelligence services. A key feature of that particular case was the technological aspect of its objective, since it was based on a ‘data for technology’ deal, whereby the NSA supplied software in exchange for data and intelligence from the BND and the Federal Office for the Protection of the Constitution (BfV).
The technology required for tapping transit cables should not have been used by the BND because it had been ‘certified’ without having been fully tested by the Federal Office for Information Security. The data filters that were used were never able to filter out reliably from transfers to the NSA all data protected by the G-10 Act.

7. Problematic NSA selectors in BND data

It has been and remains a feature of the cooperation between the BND and the NSA that the BND filters its captured data with the aid of NSA search terms. The results are then forwarded to the NSA. On paper, all communication data concerning Germans should have been filtered out. Although the files concerning these selectors ought to have been handed over immediately to the committee of inquiry, because they relate to key elements of its investigation remit, the opposition had to table its own request for evidence in order to obtain them. Very many of the selectors had nothing to do with terrorism or illegal arms trafficking but did impinge on German and European interests. This issue, however, ultimately proved impossible to clarify, because the Federal Government denied the committee the right to peruse the selectors. Through the concocted construct of a ‘Federal Government trustee’, who examined the NSA selectors together with the BND, a clarification was simulated which never actually took place.

8. BND data transfer to the NSA from Bad Aibling

Within the scope of the cooperation that took place in Bad Aibling, the BND transferred to the NSA about 1.3 billion items of data each month. The BND drew an unwarranted distinction between content and metadata, although metadata are also capable of revealing extremely intimate details about data subjects. Vast volumes of metadata were captured and processed, and the raw data streams from entire communication links were automatically forwarded to the NSA. This automated and indiscriminate transfer of all captured metadata is disproportionate and manifestly illegal.

9. Operations Glo[…]and M[…]S[…]

Besides Operation Eikonal, the committee of inquiry also dealt with Glo[…], another operation conducted jointly by the BND and a US intelligence agency, and Operation M[…]S[…], a wiretapping project conducted with a British intelligence agency. There was very little scope for investigation of these two operations. The results do reveal, however, that in this case, too, the BND circumvented the oversight bodies. While the Anglo-German project was halted immediately after the publication of the Snowden revelations, Operation Glo[…] was carried out under false pretences. In the context of the operation, communication data were unlawfully captured and processed.

10. The BND selectors

It is not only the NSA that seeks intelligence from captured data – the BND also searches on the basis of its own selectors. Once the investigation mandate had been broadened, it became clear that these selectors related not only to the areas covered by the BND remit but also targeted other entities such as friendly governments, European institutions, international organisations, journalists and civil society. A public examination of this issue was blocked by the Federal Government. The Federal Chancellor, as she herself has indicated, had no idea what Germany’s own intelligence service was up to when she expressed her outrage at NSA surveillance of her own mobile phone with the comment, “Spying among friends just isn’t done”.

11. No-spy deal: Ronald Pofalla’s campaign flights

With the assertion, made five weeks before the 2013 Bundestag election, that the United States had offered ‘not to spy on us’, the Federal Government of the day pulled the plug on the extremely irritating and inconvenient summer-long topic of inadmissible, unlawful and indiscriminate mass spying on millions of people by the NSA and the BND. This statement was not true. There were only proposals for a working party to discuss talks on intelligence problems, but no offer of a no-spy agreement had ever been made. On the contrary, the White House took pains to point out that, from the very beginning, the United States had consistently emphasised that no such deal would be struck. By then, however, the elections had come and gone, and Pofalla’s statement had achieved its purpose.

12. The blind spot of economic espionage

Counterintelligence is the task of the BfV, the Federal Office for the Protection of the Constitution. In spite of numerous leads concerning economic espionage received from the intelligence services of countries classed as friendly states, the BfV remains entrenched in a Cold War mindset. Targeted counterintelligence activities, when conducted at all by digital means, are focused on countries like Russia and China; in the case of friendly states like those of the Five Eyes alliance, we evidently look the other way, in spite of the vaunted ‘360° vision’. Counterintelligence also suffers from the fact that a federal intelligence agency, the BND, acts as a submissive service provider to the NSA instead of reporting findings to the BfV.

13. The Main Office for Questioning: volunteered information used for drone warfare?

Until the summer of 2014, behind the nameplate marked Hauptstelle für Befragungswesen (‘Main Office for Questioning’), the BND operated a covert agency which carried out questioning, mainly of asylum-seekers, in cooperation with the US and UK intelligence services. These interviewees were unaware that they were being questioned by a member of the US secret service, who would sometimes be the sole interviewer. There was no legal basis for either the interviews themselves or for the transfer of data to the United States. Another dubious aspect is the close cooperation in which the Hauptstelle für Befragungswesen engaged with the Federal Office for Migration and Refugees, which supplied the BND with the requisite particulars of potentially interesting individuals in the first place. The Hauptstelle was formally dissolved in the summer of 2014. Nevertheless, questioning of asylum-seekers by German intelligence services still goes on today.

14. The secret war and the role of the US base at Ramstein: Federal Government responsibility for drone killings

The role of Germany in US drone warfare is clear, for the US Air Force base at Ramstein is the main hub of the US drone programme in Europe. This inevitably means that the data required to make the drones fly are gathered together there. That was made plain by the collected evidence, particularly the testimony of Brandon Bryant, a former US drone operator. It is also an established fact that the Federal Government has been closing its eyes for many years to the importance of the role played by Ramstein in the US drone programme. Back in 2011, it was already aware that some of the responsibility for targeted killings in countries such as Yemen, Somalia and Pakistan, and thus for the deaths of hundreds of civilian victims, lay with decisions taken on German soil. It has not taken any appropriate action to stop this. The Federal Government bears legal responsibility and has fallen short in meeting its obligation to ensure that the conduct of US armed forces on German soil is consistent with fundamental rights and international law. Instead, it has spent years deceiving the Bundestag about the facts and the extent of its own knowledge in its answers to direct parliamentary questions on this matter.

 

(Translation of pages 1394 – 1401 of Printed paper 18/12850 (pdf) of the German Bundestag: Part Four: Dissenting opinions, A. Joint dissenting opinion delivered by the parliamentary groups of The Left Party and Alliance 90/The Greens)(Source)

To my knowledge in no other country there was anything similar – but I’d love to hear more about questions raised about mass surveillance by the Five Eyes and their partners in other places. And the reactions if there were any.

If you’d like to invite me to speak about the content or the proceedings of the Inquiry please get in touch.

 

Der Sigmar und seine Rede

Könnte es vielleicht sein, dass die älteren Herren in der Sozialdemokratie merken, wie sie den Boden unter den Füßen verlieren? Dass die nötige Veränderung ihrer Partei nur zu haben ist, wenn die, die bisher das Sagen hatten, was abgeben von der Macht, so ganz persönlich?

Und wenn das Loslassen dann gar so schmerzt, dann wird noch mal kräftig draufgedroschen auf das Gedöns, das überall rumnervt.

Und das nervt ja irgendwie immer schon. Ich oute mich jetzt mal: Ich habe den Sigmar schon erlebt, als er damals in Niedersachsen Bezirksvorsitzender der Falken war, und ich als Schülerin Mitglied. Wir haben irgendwann, so Mitte der 80er, einen Aufstand gemacht und gefordert, dass es eine Frauenquote geben sollte. Ungeheuer. Das johlende Gepöbel gegen die dämlichen Emanzen habe ich bis heute im Ohr.

Damals gingen die dicken alten Falken, IG Metall Jugend, noch regelmäßig in den Puff, und alle wussten das. Schülerinnen, Feministinnen, Hippies brauchten die nicht für ihren Sozialismus. Und so ist es bis heute. (Glauben sie offensichtlich immer noch.) Wobei der Sigmar nicht so richtig dazu passte, denn der hatte ja studiert und wollte Lehrer werden, und war gar kein Metaller. Aber umso mehr wollte er sein wie sie.

Ich wusste nach den paar Jahren, dass mir meine Energie zu schade ist, um die Tricks der Geschäftsordnungsanträge zu lernen, um jahrelang gegen eine undurchdringliche Dornenhecke des Immer-schon-so-gemacht anzukämpfen. Parteimitglied bin ich deswegen nie geworden und werde sicher auch keins werden (egal von welcher Partei).  Aber es ist schade um die SPD, die immer weiter zerbröselt, weil die Jungs partout nichts abgeben wollen (immer im Namen irgendeiner Solidarität), und schade für uns alle, denn jetzt bräuchten wir sie eigentlich.

(Dieser Text ist entstanden, nachdem der ehemalige SPD-Parteivorsitzende und aktuelle Außenminister Sigmar Gabriel eine Rede hielt, die dann auch als Text im Spiegel erschien.)

Understanding the German court decision on Edward Snowden

Did the German Federal Court of Justice decide that the German govt. has to invite Snowden to Germany? So that he can testify at the German parliamentay inquiry on mass surveillance, aka ‚NSA Inquiry‘, sometimes also called the ‚Snowden Inquiry‘ of the German parliament? Many German as well as international media said so in the last two weeks since the decision.

It’s never easy to summarize legal arguments but in this case the decision was slightly different. The court did not decide that Snowden has to be invited and it didn’t decide about anything the German government needs to do. Simply because it wasn’t asked to.

(In German when we say ‚government‘ we talk about the chancellor and her ministers = the executive. Parliament is not considered part of government as it’s the legislative. Different from e.g. the US understanding of ‚government‘.)

I’ll try to explain what was decided but I’m afraid it is a bit complicated.

A little bit of background:

The Inquiry is a temporary committee of the parliament, with the same composition as the current parliament when it comes to the four parties that were elected: we have a 80% majority of conservative and social democrat parties and a minority of 20% (socialist, or ‚left‘ plus Green party). The Inquiry has 8 members: 4 conservative, 2 social democrat (=majority), 1 socialist and 1 green (=opposition).

The Inquiry unanimously decided in the beginning, in 2014, that Snowden should testify as witness in the Inquiry. Ever since the majority in the Inquiry did anything they could to prevent him from actually being invited: a second formal vote by the Inquiry needs to happen for this.

Apart from several other things that happened  – which I won’t get into here – the opposition in October 2015 put forward a motion for the Inquiry as a whole to ask the government to provide whatever necessary for Snowden to come to Berlin to testify. This would be the necessary prerequisite for the testimony in Berlin. The majority in the Inquiry turned down the motion.

(In the meantime the government claimed to not know what Snowden is actually charged with, thus couldn’t say whether Germany would by law be forced to grant him safe stay or else extradite him to the US. Depending on whether the – ‚unknown‘ – charges would have to be considered political persecution or not.)

The opposition asked the Federal Court of Justice to decide whether the majority in the Inquiry actually has the option to deny such a motion and the court said no.

And that’s all the court decided two weeks ago. Everything else in the 28 page long decision (pdf, German) explains the legal details that lead to the decision. That includes minority rights which explain why the court can actually rule for the members of parliament to not deny the motion – granted by the German constitution. And why the government ultimately has to provide for Snowden to come since the Inquiry in May 2014 took the decision to hear him as a witness.

Update: I got several comments (not here) saying that the court didn’t say that the govt. ‚has to provide for Snowden to come‘. First of all: I didn’t write it did, I just pointed out that this is part of the reasoning behind the decision. In any case there’s room for interpretation here since in the decision the court did say that the original motion that Snowden should be witness (2014) can only be enforced by a testimony in Germany and that this is only possible with the assistance by the govt. (#48 in the decision). 

It would probably be helpful to have an English version but so far there is none as far as I know.

However, the decision was an important victory but is still only a small step towards creating to opportunity of Edward Snowden testifying in Berlin. It is possible to appeal the decision and this is what the majority intends to do: this was announced last Thursday. The appearl doesn’t suspend carrying out the decision, but the majority in the Inquiry suspended the vote nonetheless. Because they can.

It’s obvious where this is going: the Inquiry will end by next summer, and each legal battle takes time. It’s not the first time in a German parliamentary Inquiry about intelligence services when the last court decision (in favor of the opposition) comes too late. The German government is a staunch ally to the US and wants to avoid having to deal with Snowden in Germany possibly asking for political asylum at all cost. And that hasn’t changed since Trump was elected as we can see with the latest development in the Inquiry.

 

Disclaimer: Since September 2014 I work fulltime as advisor to the Left party in the inquiry.

I haven’t writtten much about the Inquiry mostly due to lack of time. I hope to have more time when we’re done. There’s other people – mostly journalists and bloggers – who write while I spend my time reading documents or preparing sessions and that seems a good division.

 

Twitter: Wer hat uns gehackt?

Twitter-Warn-E-Mail auf deutschIn der Nacht auf den 12. Dezember hat Twitter Mails an einige Accounts verschickt. Darin stand eine kryptische Mitteilung: Möglicherweise würden die Accounts von ’staatlich unterstützten Akteuren‘ gehackt. „State sponsored actors“. Ich habe die Mail auch bekommen: einmal auf deutsch an meinen deutschsprachigen Account @annalist, einmal englisch an meinen englischen Account @Anne_Roth.

Noch in derselben Nacht posteten einige bei Twitter, dass sie auch solche Mails bekommen hatten. Es gab etwas Presse. Es blieben viele Fragen.

Beim Kongress des CCC Ende Dezember in Hamburg traf ich einige andere, die auch benachrichtigt worden waren. Zwischen uns gibt es ein paar Gemeinsamkeiten und viele Unterschiede. Was wir teilten, war die Ratlosigkeit darüber, warum ausgerechnet wir staatlich (gesponsort) gehackt werden oder wurden, von wem und wie überhaupt. Wir hatten angenommen, dass sich das irgendwann klärt, aber es geschah nichts mehr.

Deswegen veröffentlichen wir heute unsere Fragen und hoffen, dass wir irgendwann von irgendwem Antworten bekommen.

In Hamburg waren wir sechs oder sieben, aber wir wissen von etwa 50, die die Mail bekommen haben. Und wahrscheinlich gibt es noch viele andere, von denen wir nichts wissen. 25 haben unterschrieben, aus verschiedenen Ländern.

Theorien haben wir selber jede Menge, und natürlich haben wir auch an Twitter geschrieben. Ich habe keine Antwort bekommen, andere eher nichtssagende Textbausteine. Wisst Ihr was? Kennt Ihr wen bei Twitter? Seid ihr schon mal ’state sponsored actors‘ begegnet? Dann lasst es uns wissen, hier oder direkt unter unseren Fragen hier.

#32C3 zum Nach-Gucken

A work in progress

Ich habe nicht annähernd alle Talks bei 32. Congress des Chaos Computer Clubs diese Woche in Hamburg gesehen, die ich hätte sehen wollen, aber die hier habe ich gesehen und sie waren gut.

Bisher sind noch nicht alle im YouTube-Kanal des CCC. Deswegen habe ich einige direkt zum Anklicken, andere nur auf dem Medienserver media.ccc.de, wo Ihr sie auch direkt abspielen könnt. Wird aber nachgetragen.

Los geht’s:

NSA-Untersuchungsausschuss: Zwischen Aufklärungswillen und Mauern aus Schweigen, von Anna Biselli

https://www.youtube.com/watch?v=MFzRprZK-NA&list=PLBXmeocYXDfAP80LFYDjgpQe0gFjR7J7c&index=1

Ohne YouTube: https://media.ccc.de/v/32c3-7228-nsa-untersuchungsausschuss_zwischen_aufklarungswillen_und_mauern_aus_schweigen

Ein guter Überblick zum Stand der Dinge im NSA-Untersuchungsausschuss.

Grundrechte gelten nicht im Weltall!

Die absurdesten Szenen aus dem NSA-BND-Untersuchungsausschuss

https://www.youtube.com/watch?v=XabDC7nPW_w

Ohne YouTube: https://media.ccc.de/v/32c3-7225-grundrechte_gelten_nicht_im_weltall

Eine ziemlich witzige Lesung mit Originalzitaten aus dem Ausschuss. Ok, eigentlich eher tragisch. Wahrscheinlich die beste Form der Information, was dort passiert.

Profiling (In)justice, von Jeff Deutch

Hier geht’s um Racial Profiling und wie wenig Kontrollen es mit tatsächlicher Kriminalität in bestimmten Gebieten zu tun hat. Mit Beispielen aus Deutschland und Großbritannien.

The Price Of Dissent, von CAGE and Cerie Bullivant

‚Cage‘ ist eine Organisation, die sich für die Rechte von Muslim_innen einsetzt. Der Talk beginnt mit dem Video-Statement eines ehemaligen Guantanamo-Gefangenen, der eigentlich in Hamburg auf der Bühne stehen sollte, aber nicht kommen konnte, weil sein Pass in Großbritannien vor der Reise eingezogen wurde.

Intelexit, Gloria Spindle – Peng! Collective

Witzig, wunderbare Videos und ein wichtiges Ziel: Geheimdienst-Angehörige dazu zu bringen, die Dienste zu verlassen. Bestes Detail: Auszüge aus dem Grundgesetz werden an das große Schild „Bundesamt für Verfassungsschutz“ am Eingang seines Sitzes geklebt – und prompt von Beamten abgerissen.

Ten years after ‚We Lost The War‘, von rop und Frank.

Vor zehn Jahren konstatierten die beiden „Wir haben den Krieg verloren“ und meinten damit den Kampf um das freie Internet, das wir an die Überwachung und Kommerzialisierung verloren haben. (Hier das Video dazu). Jetzt sieht es nicht viel besser aus. Schwerpunkt: Klima und Ressourcen.

Predicting Crime in a Big Data World, von Whitney Merrill

Sehr dichter Talk zum Stand des ‚Predictive Policing‘, also der Nutzung von Software durch die Polizei, die aus vielen Daten Kriminalitäts-Wahrscheinlichkeiten berechnet, und was daraus folgt. Mit Beispielen aus Deutschland und Information zur genutzten Software.

Collect It All: Open Source Intelligence (OSINT) for Everyone, von M. C. McGrath

M.C. McGrath analysiert öffentlich zugängliche Informationen von Geheimdienstmitarbeiter_innen und -Dienstleistern. Daraus lässt sich zum Beispiel erkennen, wer an der Zielerfassung von Drohnenangriffen mitarbeitet, und welche Kenntnisse dazu nötig sind.

Nicht gesehen, aber Gutes gehört habe ich über:

The exhaust emissions scandal („Dieselgate“) von Daniel Lange (DLange), Felix „tmbinc“ Domke

Stromtankstellen – eine neue öffentliche Infrastruktur, von Gunnar Thöle

Wie man einen Blackout verursacht, von Mathias Dalheimer

Gern gesehen hätte ich, und die werde ich sicher auch noch sehen:

„Nach bestem Wissen und Gewissen“ – Floskeln in der Politik

Von Martin Haase/maha and Kai Biermann
https://www.youtube.com/watch?v=kG58VYLHB_A
Ohne YouTube: https://media.ccc.de/v/32c3-7150-nach_bestem_wissen_und_gewissen_floskeln_in_der_politik

 

Jugend hackt

https://www.youtube.com/watch?v=2dhwKiPSU6Y

Ohne YouTube: https://media.ccc.de/v/32c3-7562-jugend_hackt_2015

Das Zahnrad aus Fleisch – Expeditionen ins Kommentierreich

https://www.youtube.com/watch?v=mZ2aY_gZgG8

Ohne YouTube: https://media.ccc.de/v/32c3-7249-das_zahnrad_aus_fleisch

Hier diskutieren eine sehr rigide Kommentar-Moderatorin und einer, der findet, es sollte möglichst alles stehen bleiben.

Media Coverage and the Public in the Surveillance Society, von Arne Hintz and Lina Dencik

Graphs, Drones & Phones, von Christoph Engemann

Crypto Wars Part II, von Kurt Opsahl

Überall wird wieder danach gerufen, Verschlüsselung solle verboten werden, oder zumindest müsste den Sicherheitsbehörden möglich sein, per Nachschlüssel (Backdoor) mitzulesen. Das gab’s vor vielen Jahren schon mal.

Prediction and Control, von Jennifer Helsby

Zum Untersuchungsausschuss gab’s auch einen Podcast im Sendezentrum mit vielen regelmäßigen BesucherInnen des Ausschusses: den könnt ihr hier hören.
Es gibt auch ein Video davon, leider mit relativ schlechter Bild-Qualität, aber darum geht’s ja auch nicht:

Es wird nicht überraschen, dass mich vor allem Talks aus dem Politik-Track und da vor allem die zu Überwachung und Sicherheitsorganen interessieren. Selbst da gibt es noch viele andere interessante Sachen und darüber hinaus sowieso. Es ist eine völlig subjektive Auswahl und sagt wirklich nichts aus über die, die in dieser Liste nicht erwähnt sind. Schaut selbst nach: https://media.ccc.de/c/32c3 – da gibt es wirklich noch ganz viele andere, die auch absolut sehenswert sind.

Das Programm gibt es hier (die eigentliche Programm-Website ist gerade nicht erreichbar). Dort könnt Ihr auch die Beschreibungen zu den Talks sehen.

George (T)Orwell über Cyber-Neusprech

Das Team hinter der Anonymisierungssoftware Tor hat beim 32. Kongress des CCC beim Vortrag über den Stand der Dinge bei Tor ein gut gemachtes Video präsentiert, das mit ein paar Mythen aufräumt:

Es gibt Untertitel in mehreren Sprachen, unten rechts in den Einstellungen auswählbar.

Orwell spricht zu uns aus der Vergangenheit und ist erwartbar entrüstet:

Das Internet ist keine virtuelle, sondern ganz wirkliche Realität. Wenn wir nicht zulassen würden, dass Diktaturen vorschreiben, mit wem wir kommunizieren, dann gilt das genau so für Internet-Zensur. Die Einschränkung der Netzneutralität ist nichts anderes, als wenn wir alle unsere Informationen aus dem privaten Kabel-Fernsehen bekämen.

Würden wir zulassen, dass die Gedankenpolizei alles aufzeichnet, was wir tun, wohin wir gehen, alles, was wir lesen und damit in unsere Köpfe gucken? Nichts anderes ist die Vorratsdatenspeicherung.

Die Unterscheidung von „online“ und „echtem Leben“ ist Neusprech, es gibt keinen „Cyberspace“.

Digitale Rechte sind nichts anderes als allgemeine Menschenrechte.

Und was den Blödsinn angeht, Ihr hättet nichts zu verbergen: da gilt, was Snowden gesagt hat: das wäre dasselbe, als wenn ihr sagt, dass Meinungsfreiheit unwichtig ist, weil Ihr nichts Bedeutendes zu sagen habt.

(Frei übersetzt aus dem Video).

Wunderbar klar zusammengefasst, dem habe ich nichts hinzuzufügen.

Post von Twitter: Du wirst staatlich gehackt

Freitag nacht bekam ich zwei E-Mails von Twitter. Eine, um 23:15, auf Englisch und eine Stunde später dieselbe auf Deutsch:

„Rein vorsorglich möchten wir Sie darüber informieren, dass Ihr Account zu einer kleinen Gruppe von Accounts gehört, die Ziel eines staatlich motivierten Hackerangriffs geworden sein könnte. Das bedeutet, dass die Hacker möglicherweise mit einer Regierung in Verbindung stehen. Wir vermuten, dass Daten und Informationen wie zum Beispiel Email-Adressen, IP-Adressen und Telefonnummern ausspioniert werden sollten.“

„Staatlich motivierter Hackerangriff“. Klingt in etwa wie „Polizei raubt Bank aus“. Oder “ Verfassungsschutz finanziert Nazis“. Absurd, aber nicht undenkbar.

Die Mail in voller Schönheit:

Twitter-Warn-E-Mail auf deutsch

Mail von Twitter an mich vom 11. Dezember 2015

Parallel sah ich, dass verschiedenen Leute bei Twitter zu posten begannen, dass sie ebenfalls solche Mails bekommen hatten. Viele vermuteten, die Mails seien Fake. Klar habe ich mir die Mail-Header und die Links in der Mail angeguckt, und konnte nichts feststellen, was darauf hinweist, dass sie nicht wirklich von Twitter sind.

Ich habe Twitter dann eine Mail geschickt mit verschiedenen Fragen, aber eine Antwort habe ich bisher nicht bekommen. Nicht wirklich überraschent, denn:

Wir würden uns selbst wünschen, Ihnen genauere Informationen mitteilen zu können. Leider liegen uns solche zu diesem Zeitpunkt nicht vor.

Die nächste Frage, die sich stellt ist: warum wir? Was sind die Gemeinsamkeiten der Leute, die diese Mails gekriegt haben?

Sarah Jeong bei Motherboard:

A couple are engaged in activism and are connected to the Tor Project in some capacity. A few are located in Canada, and vaguely associated with the security community at large. However, I could not determine any common factors between all recipients.

(Ein paar sind Aktivist_innen und in irgendeiner Form mit dem Tor Projekt verbunden. Eine sind in Kanada und haben lose mit der Sicherheits-Community zu tun. Aber ich habe keine Gemeinsamkeiten zwischen allen Adressat_innen feststellen können.)

Meine Arbeitsthese bisher ist, dass es sich um Leute handelt, die Tor benutzen und damit auch in ihren Twitter-Account einloggen. Ich bin sicher, dass es viel mehr Leute gibt, die diese Mails kriegen, aber die, bei denen ich es weiß, benutzen alle Tor.

Eine wunderbare Ironie der Geschichte ist, dass Twitter selbst in der Mail empfiehlt:

Entsprechende Tipps und Hinweise, wie Sie Ihre Identität und Daten online schützen können, finden Sie auf folgenden Internetseiten: Tor Project oder EFF’s Protecting Yourself on Social Networks.

Absolut vernünftig, aber es ist eben so, dass Twitter regelmäßig Accounts blockiert, deren User_innen sich über Tor einloggen wollen. Ist mir selbst auch zigmal passiert. Dann hilft nur: neues Passwort anfordern und nochmal probieren, oder eben kein Tor benutzen. Allerdings bestreiten sie das: Joseph Cox schrieb im September, dass sie Twitter danach gefragt hatte und Twitter erklärt habe, dass das nicht spezifisch auf Tor zurückzuführen sei, sondern allen passiere, bei deren Accounts ’spam-artiges Verhalten‘ festgestellt werde (Quelle: Motherboard).

Vielleicht ergibt sich auch eine Antwort aus der Frage: was wollen die dunklen Mächte? Was haben sie davon, sich in meine Twitter-Accounts zu ‚hacken‘? Da drin findet sich ja fast nichts geheimes. die Tweets sind öffentlich, genauso auch, wem ich folge und wer mir. Die paar Direct Messages können den Aufwand eigentlich auch nicht wert sein.

Wo ich mich befinde, ergibt sich in aller Regel aus den Tweets selbst. Was könnte dann interessant sein? Dass ich – manchmal – Tor benutze.

Wir haben in den meisten Staaten, die sich demokratisch nennen und zumindest per Gesetz und Verfassung Wert auf Schutz der Grundrechte legen, seit längerem eine Debatte, ob echte Verschlüsselung erlaubt sein sollte. Die Sicherheitsbehörden wollen entweder per Gesetz Hintertüren einbauen – also die Möglichkeit, per ‚Nachschlüssel‘ die scheinverschlüsselte Kommunikation mitlesen zu können -, oder sich selbst die technischen Fähigkeiten aneignen, Verschlüsselung zu knacken. Am liebsten beides.

Damit einher geht, dass sie sich dafür interessieren, wer Verschlüsselung benutzt. Wer verschüsselt, macht sich verdächtig. Zwar stellen (deutsche) Gerichte immer mal fest, dass es völlig legal ist, zu verschlüsseln. Findet übrigens sehr dezidiert auch die Wirtschaft, die ihre Geschäftsgeheimnisse gern vernünftig geschützt wissen will. Das hindert aber Ermittlungsbehörden nicht, bei der Sammlung der Verdachtsmomente gern zu erwähnen, dass Beschuldigte verschlüsselt haben. Im Umkehrschluss: wer verschlüsselt, hat doch was zu verbergen. Auch die Dokumente von Edward Snowden haben gezeigt, dass genau solche Nutzer_innen zumindest für die NSA besonders interessant sind.

Nun wissen wir leider nicht, wer die ’staatlich motivierten Hacker‘ ist – vom Staat bezahlte Kriminelle? Die Cyber-Abteilung des Verfassungsschutzes? Die NSA beim Rumexperimentieren?

Was weiß Twitter wirklich? Woher wissen sie, dass es sich um Sicherheitsbehörden oder Geheimdienste handelt, wenn sie nicht wissen, welche? Möglicherweise darf Twitter auch nicht mehr sagen. Es ist wohl schon ein Akt der Zivilcourage (oder: Geschäftsinteresse), diese Mails zu verschicken und damit nicht den vermutlich deutlichen Hinweisen amerikanischer Behörden nachzukommen, dass sie den Mund halten sollen. Wenn’s aus China kommt, entfällt das natürlich. Aber was sollte China von westlichen Grundrechte-Aktivist_innen wollen?

The Verge schrieb, dass nicht nur Twitter, sondern auch Google und Facebook solche Mails verschicken:

Both Facebook and Google have similar emergency alerts in place for state-sponsored attacks. Facebook’s launched in October and immediately recognized attacks on State Department employees. …  Access to social media accounts can be lucrative for determined attackers. One account could yield access to dozens of others and open up lines of communication between people in a particular field or network.

Interessant sei für Angreifer_innen weniger der Inhalt, sondern die Metadagen: wer kommuniziert mit wem, wen kennt wen. Das wäre auf jeden Fall eine plausible Erklärung, denn es ist inzwischen klar, dass Geheimdienste mit diesen Beziehungsnetzen viel mehr anfangen können, also mit massenhaft Inhalten, deren Auswertung viel schwieriger und aufwändiger ist. Allerdings: die Beziehungen bei Twitter sind völlig öffentlich.

Wen hat es bisher ‚erwischt‘? Jens Kubieziel, der auch eine Mail bekam, hat eine Liste. Wenn Ihr auch betroffen seid (und nichts dagegen habe, dass es öffentlich bekannt wird), schreibt mir oder ihm.

Einige der Adressat_innen:


https://twitter.com/beislhur/status/675998599277371392
https://twitter.com/docboone71/status/675688192658563072


https://twitter.com/MarinosYannikos/status/675610370476810240


https://twitter.com/Pandemonium21/status/675472866591248384


https://twitter.com/ctrlplus_/status/675450332005142528
https://twitter.com/ctrlplus_/status/675847754317451265
https://twitter.com/uncyclephil/status/675450532476022785

Hier die Mail auf Englisch:

Twitter Warn-E-Mail englisch

Mail von Twitter an mich vom 11. Dezember 2015

The German Inquiry on Mass Surveillance

The German parliament unanimously decided to have an inquiry on mass surveillance in March 2014. The elections were in September 2013, two months after the first Snowden revelations. (At a later point the huge conservative/social democrat govt. majority in parliament probably wouldn’t have decided in favor or such an investigation, is my personal guess.)

What’s the point of the Inquiry? There is a formal document (pdf) that defines its task which can be found on the website of the inquiry. Main topics of the investigation are mass surveillance by the Five Eyes in Germany and/or in cooperation with Germany, on the population of Germany and on government and its institutions. Germany’s cooperation in the US drone war either through intelligence or the military base in Ramstein on German soil are a specific aspect of the Inquiry. The first major conflict was whether Edward Snowden should be called to testify in the inquiry. Until today the German government evades necessary decisions about the possibility for him to come to Germany.

Since September of last year I’m senior advisor for the Left party in Inquiry. My talk about the first year at the CCC Camp in August:

I also did a slightly different talk about the inquiry at the camp in German which was translated into English and dubbed. In this talk I went more into detail for some legal aspects and presumed some general knowledge of German parliamentary procedures:

After the since talks a group of people who attended set up an English language website to inform about the inquiry since there is very little reporting outside of Germany. You can find the website at germantransparency.org/, its Twitter account @GermanInq and via the hashtag #GermanInq . Let them know if you have news clips or other English language material that should be added.

Also if you have more questions about the Inquiry feel free to ask me here or via Twitter, my English language account is @Anne_Roth.

NSA-Untersuchungsausschuss – Wer kontrolliert wen?

Was passiert eigentlich im Untersuchungsausschuss, der „NSA“ heißt, aber besser Geheimdienst- oder BND-Ausschuss genannt werden müsste? Im Sommer habe ich darüber einiges im Camp des CCC erzählt:

Wer möchte, kann sich das auch bei YouTube angucken und dort kommentieren.

Nächsten Donnerstag geht’s weiter mit einer öffentlichen Anhörung des ehemaligen US-Drohnen“piloten“ Brandon Bryant, der von Nevada aus tödliche Drohnen steuerte. Außerdem wird die ehemalige Leiterin der ‚Hauptstelle für Befragungswesen‘ (HBW) ein zweites Mal kommen, und eine Mitarbeiterin des BAMF (Bundesamt für Migration und Flucht): beide werden dazu befragt, ob, wie und welche Daten von Geflüchteten an Geheimdienste weitergegeben werden.

Frau K., die Leiterin der HBW, war schon in der letzten Anhörung da und hat ziemlich spektakuläre Sachen ausgesagt, nachzulesen im Liveblog von netzpolitik.org. Leider war ausgerechnet letztes Mal kaum Presse bei der Anhörung, so dass wenig berichtet wurde.

Seit vielen Jahren wurden Geflüchtete während des Asylverfahrens von Mitarbeiter_innen der HBW – einer BND-Dienststelle – zur Situation in ihren Herkunftsländern befragt. Dabei waren oft auch Angehörige von US-Geheimdiensten, etwa dem DIA (Defense Intelligence Agency), einem militärischen Geheimdienst. Es gab auch Befragungen, bei denen die US-Befrager_innen mit den Geflüchteten allein waren. Frau K. hat außerdem berichtet, sie sei manchmal dienstlich in Stuttgart gewesen, um dort die DIA zu besuchen: Stuttgart ist der Sitz von AFRICOM, dem ‚Africa Command‘, also dem Sitz des US-Kommandos für alle Militäroperationen in Afrika. Dass Daten aus den Befragungen im Drohnenkrieg eine Rolle spielen, ist bei der Befragung deutlich geworden: insbesondere ging es auch um Geodaten. Die können zur Ortung von Drohnenzielen benutzt werden.

Frau K. hatte enorme Erinnerungslücken und als Leiterin der Dienststelle wusste sie auch frappierend wenig über die konkreten Vorgänge, aber vielleicht kann sie sich nächsten Donnerstag ja an noch ein paar Details erinnern.

Wie gesagt, die Sitzungen sind öffentlich. Wer kommen möchte, muss sich vorher per Mail mit Namen und Geburtsdatum beim Sekretariat des Untersuchungsausschusses anmelden. Mail an 1.untersuchungsausschuss@bundestag.de genügt. Die Mailadresse und weitere Informationen zum findet Ihr auch auf der Website des Ausschusses.