One year after the Chaos Computer Club found and analysed an illegal trojan virus used by German police, the so-called „state trojan“, and one year after the German Federal Minister of Justice, Sabine Leutheusser-Schnarrenberger had promised „total transparency and clarification“ (DE) German police still don’t have an alternative to relying on software by private companies for the infiltration of computers.
Recent answers of the interior ministry to questions by Jan Korte (DE), MP Left party, clearly state that the ministry one year later is still lacking the capacity to do as promised: to develop a software for lawful interception that complies with a decision by Germany’s Federal Constitutional Court.
(Questions and answers in German, pdf)
The original „state trojan“ by Digitask did far more than what is allowed by German law:
The Chaos Computer Club (CCC) has recently received a newer version of the „Staatstrojaner“, a government spyware. The comparison with the older version, already analyzed by the CCC with the actual Sniffer-code from December 2010, revealed new evidence. Despite the claims of the responsible parties, the Trojan can still be remote-controlled, loaded with any code and also the allegedly „revision-proof logging“ can be manipulated. (CCC, 26 Oct 2011)
Also see Several German states admit to use of controversial spy software (Deutsche Welle).
The German minister of the Interior, Hans-Peter Friedrich, then promised that the software was going to be produced in-house (DE).
The new replies by the ministry prove him wrong:
The software by DigiTask GmbH that was used in the past for computer surveillance (lawful interception) is not currently being used by federal public authorities anymore.
The software that will be used for computer surveillance will be developed by a competence centre established within the Federal Criminal Police Office. It will be safeguarded that the source code will be audited regarding its range of functions by qualified experts. It will also be accessible for the relevant authorities for data protection (among others the Federal Commissioner for Data Protection).
For the time until the afore mentioned in-house development is completed the Federal Criminal Police Office is preparing a commercial interim solution. The source code of that software has to undergo extensive audits with respect to the demands by the Federal Constitutional Court. (my translation, A.R.)
In a reply to the second question by MP Korte the ministry states that it doesn’t know whether software by DigiTask or other commercial developers designed for lawful interception is being used by state police forces in Germany. Further details are classified and only accessible to MP Korte.
The spokesman on domestic policy of Angela Merkels conservative party in parliament, Hans-Peter Uhl, commented (DE):
The development of a software by the Federal Criminal Office is presumably going to take months if not years. We may even have to ruefully admit that we lack the capability completely.
Coverage in German media:
- Zeit Online: BKA muss neue Überwachungssoftware kaufen
- Tagesschau: „Kompetenzzentrum fehlt offenbar die Kompetenz“
- Netzpolitik.org: Staatstrojaner in Deutschland: Behörden wollen Quellcode prüfen, genaueres regelt ein Vertrag