Hacker News Puzzle

It was good to see how much interest my two posts on details of police surveillance in Germany generated outside the country. In fact much more than in Germany itself. Thanks! I’ll try and post this kind of news more often in English as well.

One of the articles that got a lot of attention was this one German Police eavesdropping Facebook, Gmail, Skype Conversations by The Hacker News. Unfortunately it mixes up some details:

An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country’s constitutional court, according to a European hacker club. The information was released as part of a move towards financial transparency. The government released figures of expenses incurred by the Federal Ministry of the Interior following a parliamentary inquiry.

The ‚eavesdropping tool‘ is the trojan virus analysed by the CCC (the ‚European hacker club‘) one year ago. This was not released now and certainly not as a move towards financial transparency. The released figures mentioned in my blogpost two weeks ago very likely also cover payments for the trojan by Digitask – the company that sold the trojan to the government – but that’s not entirely evident from the covered document by the Federal Ministry of the Interior in July.

The Chaos Computer Club obtained several versions of a program that has allegedly been used by German law enforcement in possibly hundreds of investigations to intercept Skype calls, said Frank Rieger, a member of the club. On page 34 and page 37 of the report the cost …

Frank did say that, only not just now. While the report is all new.

I do think it’s great the issue got coverage from the Hacker News and I completely agree with the conclusion:

Tapping a phone is acceptable in today’s democracy because there are procedures in place for that sort of surveillance, But we are sort of sleep walking quietly from one level to the next.

Just wanted to be clear about what’s what: There’s been one year in between the latest publication of news by the CCC about the government trojan and then my blogpost about public spending on surveillance equipment. My impression is that the post on Hacker News got a bit confused over that. Or that maybe too much got edited out of the original version?

And THEN, one week later, the government had to admit that they haven’t found anyone who’d develop a brandnew trojan virus for them so they won’t have to buy more from DigiTask, contrary to what they promised. But that’s a different story again. (Which I’d love to see on some more news sites).

 

German police monitors Skype, GoogleMail and Facebook chat

The German government a while ago answered questions about expenditures by the federal ministry of home affairs for private service providers – hardly noticed by the English speaking world. The parlamentary enquiry („Minor interpellation“) no. 17/10077 by Jan Korte, MP of The Left party, has now been translated into English.

Download the document in English (pdf) or German (pdf).

The answers were far more detailed than one would expect.

There’s 43 pages (this includes questions), 20 of which are tables that list who was contracted, how much money was paid, what for and how each paid item was used. Even though 12 out of 30 answers were defined as classified information – e.g. questions regarding Germany’s domestic and foreign intelligence services or the Federal Office for Information Security (BSI) –  there’s still some interesting news to be found.

The German ministry for home affairs and thus the German police clearly state that they are monitoring Skype, Google Mail, MSN Hotmail, Yahoo Mail and Facebook chat if deemed necessary. Money is spent on trojan viruses and we can be quite certain which company produces the IMSI catchers used by German police. We know how much money was spent by the Federal Police on border control biometrics, on passenger information systems and telecommunications surveillance. Digitask, a company whose reputation was clearly damaged after its trojan virus was found and analysed by the Chaos Computer Club in 2011, seems to still be a regular contractor of German authorities. Altogether more than a billion Euro was spent on private services by German police and other public authorities in the realm of the ministry of home affairs in the years 2002 – 2012.

The translation into English, commissioned by MP Korte, leaves out the 20 pages that contain tables with data who was paid how much for what exactly. If your preferred translation website can’t be of help, let me know and I’ll do my best. I noticed one mistake in the translation of question no. 10: „Federal Agency for the Protection of the Environment (BfV)“ should instead be the domestic secret service „Bundesamt für Verfassungsschutz BfV“.

 

 

Picture: Toban Black, Flickr, CC licence