The German Inquiry on Mass Surveillance

The German parliament unanimously decided to have an inquiry on mass surveillance in March 2014. The elections were in September 2013, two months after the first Snowden revelations. (At a later point the huge conservative/social democrat govt. majority in parliament probably wouldn’t have decided in favor or such an investigation, is my personal guess.)

What’s the point of the Inquiry? There is a formal document (pdf) that defines its task which can be found on the website of the inquiry. Main topics of the investigation are mass surveillance by the Five Eyes in Germany and/or in cooperation with Germany, on the population of Germany and on government and its institutions. Germany’s cooperation in the US drone war either through intelligence or the military base in Ramstein on German soil are a specific aspect of the Inquiry. The first major conflict was whether Edward Snowden should be called to testify in the inquiry. Until today the German government evades necessary decisions about the possibility for him to come to Germany.

Since September of last year I’m senior advisor for the Left party in Inquiry. My talk about the first year at the CCC Camp in August:

I also did a slightly different talk about the inquiry at the camp in German which was translated into English and dubbed. In this talk I went more into detail for some legal aspects and presumed some general knowledge of German parliamentary procedures:

After the since talks a group of people who attended set up an English language website to inform about the inquiry since there is very little reporting outside of Germany. You can find the website at, its Twitter account @GermanInq and via the hashtag #GermanInq . Let them know if you have news clips or other English language material that should be added.

Also if you have more questions about the Inquiry feel free to ask me here or via Twitter, my English language account is @Anne_Roth.

Naked Citizens – new documentary about surveillance technology

By accident I found this new documentary out about surveillance, police using drones, legally extracting information form phones, FinFisher, CCTV, the NSA, Wikileaks and new trends in surveillance technology: Naked Citizens, Journeyman Pictures.

With Jacob Applebaum, Birgitta Jónsdóttir, Smári McCarthy, Henrietta Williams, George Gingell, James Orwell, many others, and us.

Cory Doctorow on BoingBoing:

Journeyman Pictures‘ short documentary „Naked Citizens“ is an absolutely terrifying and amazing must-see glimpse of the modern security state, and the ways in which it automatically ascribes guilt to people based on algorithmic inferences, and, having done so, conducts such far-reaching surveillance into its victims‘ lives that the lack of anything incriminating is treated of proof of being a criminal mastermind:

From the film’s website:

„I woke up to pounding on my door“, says Andrej Holm, a sociologist from the Humboldt University. In what felt like a scene from a movie, he was taken from his Berlin home by armed men after a systematic monitoring of his academic research deemed him the probable leader of a militant group. After 30 days in solitary confinement, he was released without charges. Across Western Europe and the USA, surveillance of civilians has become a major business. With one camera for every 14 people in London and drones being used by police to track individuals, the threat of living in a Big Brother state is becoming a reality. At an annual conference of hackers, keynote speaker Jacob Appelbaum asserts, „to be free of suspicion is the most important right to be truly free“. But with most people having a limited understanding of this world of cyber surveillance and how to protect ourselves, are our basic freedoms already being lost?

Hacker News Puzzle

It was good to see how much interest my two posts on details of police surveillance in Germany generated outside the country. In fact much more than in Germany itself. Thanks! I’ll try and post this kind of news more often in English as well.

One of the articles that got a lot of attention was this one German Police eavesdropping Facebook, Gmail, Skype Conversations by The Hacker News. Unfortunately it mixes up some details:

An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country’s constitutional court, according to a European hacker club. The information was released as part of a move towards financial transparency. The government released figures of expenses incurred by the Federal Ministry of the Interior following a parliamentary inquiry.

The ‚eavesdropping tool‘ is the trojan virus analysed by the CCC (the ‚European hacker club‘) one year ago. This was not released now and certainly not as a move towards financial transparency. The released figures mentioned in my blogpost two weeks ago very likely also cover payments for the trojan by Digitask – the company that sold the trojan to the government – but that’s not entirely evident from the covered document by the Federal Ministry of the Interior in July.

The Chaos Computer Club obtained several versions of a program that has allegedly been used by German law enforcement in possibly hundreds of investigations to intercept Skype calls, said Frank Rieger, a member of the club. On page 34 and page 37 of the report the cost …

Frank did say that, only not just now. While the report is all new.

I do think it’s great the issue got coverage from the Hacker News and I completely agree with the conclusion:

Tapping a phone is acceptable in today’s democracy because there are procedures in place for that sort of surveillance, But we are sort of sleep walking quietly from one level to the next.

Just wanted to be clear about what’s what: There’s been one year in between the latest publication of news by the CCC about the government trojan and then my blogpost about public spending on surveillance equipment. My impression is that the post on Hacker News got a bit confused over that. Or that maybe too much got edited out of the original version?

And THEN, one week later, the government had to admit that they haven’t found anyone who’d develop a brandnew trojan virus for them so they won’t have to buy more from DigiTask, contrary to what they promised. But that’s a different story again. (Which I’d love to see on some more news sites).


One year later: German police unable to develop ’state trojan‘

One year after the Chaos Computer Club found and analysed an illegal trojan virus used by German police, the so-called „state trojan“, and one year after the German Federal Minister of Justice, Sabine Leutheusser-Schnarrenberger had promised „total transparency and clarification(DE) German police still don’t have an alternative to relying on software by private companies for the infiltration of computers.

Recent answers of the interior ministry to questions by Jan Korte (DE), MP Left party, clearly state that the ministry one year later is still lacking the capacity to do as promised: to develop a software for lawful interception that complies with a decision by Germany’s Federal Constitutional Court.

(Questions and answers in German, pdf)

The original „state trojan“ by Digitask did far more than what is allowed by German law:

The Chaos Computer Club (CCC) has recently received a newer version of the „Staatstrojaner“, a government spyware. The comparison with the older version, already analyzed by the CCC with the actual Sniffer-code from December 2010, revealed new evidence. Despite the claims of the responsible parties, the Trojan can still be remote-controlled, loaded with any code and also the allegedly „revision-proof logging“ can be manipulated. (CCC, 26 Oct 2011)

Also see Several German states admit to use of controversial spy software (Deutsche Welle).

The German minister of the Interior, Hans-Peter Friedrich, then promised that the software was going to be produced in-house (DE).

The new replies by the ministry prove him wrong:

The software by DigiTask GmbH that was used in the past for computer surveillance (lawful interception) is not currently being used by federal public authorities anymore.

The software that will be used for computer surveillance will be developed by a competence centre established within the Federal Criminal Police Office. It will be safeguarded that the source code will be audited regarding its range of functions by qualified experts. It will also be accessible for the relevant authorities for data protection (among others the Federal Commissioner for Data Protection).

For the time until the afore mentioned in-house development is completed the Federal Criminal Police Office is preparing a commercial interim solution. The source code of that software has to undergo extensive audits with respect to the demands by the Federal Constitutional Court. (my translation, A.R.)

In a reply to the second question by MP Korte the ministry states that it doesn’t know whether software by DigiTask or other commercial developers designed for lawful interception is being used by state police forces in Germany. Further details are classified and only accessible to MP Korte.

The spokesman on domestic policy of Angela Merkels conservative party in parliament, Hans-Peter Uhl, commented (DE):

The development of a software by the Federal Criminal Office is presumably going to take months if not years. We may even have to ruefully admit that we lack the capability completely.



Coverage in German media:


German police monitors Skype, GoogleMail and Facebook chat

The German government a while ago answered questions about expenditures by the federal ministry of home affairs for private service providers – hardly noticed by the English speaking world. The parlamentary enquiry („Minor interpellation“) no. 17/10077 by Jan Korte, MP of The Left party, has now been translated into English.

Download the document in English (pdf) or German (pdf).

The answers were far more detailed than one would expect.

There’s 43 pages (this includes questions), 20 of which are tables that list who was contracted, how much money was paid, what for and how each paid item was used. Even though 12 out of 30 answers were defined as classified information – e.g. questions regarding Germany’s domestic and foreign intelligence services or the Federal Office for Information Security (BSI) –  there’s still some interesting news to be found.

The German ministry for home affairs and thus the German police clearly state that they are monitoring Skype, Google Mail, MSN Hotmail, Yahoo Mail and Facebook chat if deemed necessary. Money is spent on trojan viruses and we can be quite certain which company produces the IMSI catchers used by German police. We know how much money was spent by the Federal Police on border control biometrics, on passenger information systems and telecommunications surveillance. Digitask, a company whose reputation was clearly damaged after its trojan virus was found and analysed by the Chaos Computer Club in 2011, seems to still be a regular contractor of German authorities. Altogether more than a billion Euro was spent on private services by German police and other public authorities in the realm of the ministry of home affairs in the years 2002 – 2012.

The translation into English, commissioned by MP Korte, leaves out the 20 pages that contain tables with data who was paid how much for what exactly. If your preferred translation website can’t be of help, let me know and I’ll do my best. I noticed one mistake in the translation of question no. 10: „Federal Agency for the Protection of the Environment (BfV)“ should instead be the domestic secret service „Bundesamt für Verfassungsschutz BfV“.



Picture: Toban Black, Flickr, CC licence


Twitter and the resignation of Germany’s minister of defense

Germanys extremely popular minister of defense Karl Theodor zu Guttenberg resigned from office yesterday. There are two or three interesting aspects which make this resignation different from others.

The starting point was an article about his doctoral thesis (law) containing a number of plagiarisms, published maybe three weeks ago. This led to a vast wiki-based online collaboration of many people looking for pieces in the thesis that were in fact copied from elsewhere. Within days it turned out that approx. 70% of the 400+ pages didn’t have the necessary footnotes. The collaboration on this was started on Google docs but was moved to a proper wiki shortly after:

Guttenberg and his political allies – including the chancellor – tried to belittle the whole affair as irrelevant to his being minister of defense. Alongside wild public debates an open letter was set up by doctoral students protesting against the belittlement of their academic work. Within days 30.000 signatures were collected online and handed over to the chancellor. Almost – the students were refused at the entrance of the Office of the Federal Chancellor and told that because of terrorism dangers the signatures couldn’t be accepted.. (not sure if this is really true but it could be). They were all over the news anyways.

Lastly Berlin’s first demonstration took place last saturday that was organised solely through Twitter and social networks. Some 500 people gathered in Berlin’s commercial center and marched to the ministry of defence holding up shoes – a reminiscence to the Arab shoes. This got attention in virtually all of Germany’s news, major tv news included. I’ve never participated in a demonstration that small – there wasn’t even music – that got this much national attention. (Some pictures here

Another Twitter revolt, style: western industrialised country? I don’t think so. Both tv and big printed papers played the decisive role. But what’s interesting is how public attention is moving ‚our‘ way. Why would less than 500 people protesting against a corrupt defense minister play any role at all? Because ‚the net people started it‘, via Twitter.

The fact that the amount of plagiarism in the dissertation was detected so fast by using a wiki played a role. It was noted widely that online collaboration can be very different and very effective in campaigning against politicians who didn’t have to fear this kind of attack so far.

Both the plagiarism detectives and the doctoral students wouldn’t have been able to get together, do something and go public this waybefore.

We’ve had Twitter, wikis, open letters online for a while. What’s new is the way this is being discussed. And the resignation of the most popular politician Germany’s had for years.

Out now: Prevent and Tame. Protest under (Self)Control

New book by Florian Hessdörfer, Andrea Pabst, Peter Ullrich is out, and free for download here or here (pdf). You can also order a copy at your local bookstore.

In the book there’s also a chapter by Andrej Holm and me, reflecting life with surveillance.

The details:

Prevent and Tame.
Protest under (Self)Control

Florian Heßdörfer, Andrea Pabst, Peter Ullrich (Eds.)

The common dualistic approach to social movements tends to see power and resistance as separate and independent antagonists. The contributors to this book aim to transcend that approach, arguing that to adequately analyze ongoing struggles, it is also critically important to trace the constitutive interconnectedness between social movements and power. This is the aim of the title “Prevent and Tame”: emergent strategies to prevent and tame protest―whether they are undertaken by the state or by factions within the movements themselves―have given rise to new kinds of social relations and regulations that call for a new approach to research on social movements and protest.


Blogging against surveillance

Sometime in June of this year I wrote this text which was meant to be published in a magazine which eventually never got to the printer (but still might, so they say). Just in case some people who (only) read English still pass by this blog I’m now dropping it here (in a slightly edited version).

Update: It did get published, in Digital Security for Activists (pdf, 4mb, p. 11-21) by the Riseup collective.

Blogging against surveillance, or: who’s the terrorist?

On July 31 of last year, at 7 in the morning armed police stormed into the apartment where my partner Andrej Holm, I and our two children live. We learned that day that he was a terrorism suspect and that an investigation had been going on for almost a year. Andrej was arrested and flown to Germany’s Court of Justice the next day. The search of our home lasted 15 hours. I was forced to wake my children, dress them and make them have breakfast with an armed policeman watching us. That day my new life started, a life as the partner of one of Germany’s top terrorists.

Andrej spent three weeks in investigative detention. The arrest warrant was signed on grounds that caused a public outcry, not only in Germany but also in many other countries. Open letters were sent to the court that were signed by several thousand people protesting against the arrests. Among the signatures were those of David Harvey, Mike Davis, Saskia Sassen, Richard Sennett and Peter Marcuse.

Veröffentlicht unter en

Eine Million TerroristInnen in den USA

Man fragt sich, warum so intensiv anderswo nach welchen gesucht wird, wenn sie selber soviele haben..

Die US-amerikanische Bürgerrechtsorganisation ACLU hat heute gemeldet, dass inzwischen eine Million Namen auf der Terrorist Watch List der Vereinigten Staaten stehen und ruft Menschen, die davon ausgehen, dass sie auf der Terror-Liste stehen und etwa Probleme beim Fliegen hatten, dazu auf, sich über das Watchlistformular zu melden.