Federal Trojan
October 20, 2011Ten days after the revelation that the German government's authorized spy software went far beyond legal surveillance and wiretapping, the scandal continues to have political, technical and legal effects throughout Germany.
On Wednesday, at a closed session of the Parliamentary Committee on Internal Affairs, Jörg Ziercke, the head of Germany's federal criminal agency, the BKA, told parliamentarians that his agency never examined the source code, or fundamental digital blueprints, of the "Bundestrojan," or Federal Trojan surveillance software.
"We have not committed any constitutional violation," he said at the session. "The BKA has used source-wiretapping only 23 times. This shows how sensitive we are [when using] this tool."
Anke Spriestersbach, a BKA spokesperson, confirmed the statements, and added that that all digital surveillance activity by the BKA and individual states ceased immediately following last Saturday's revelation by the Chaos Computer Club, a well-known German hacker club, that the software went beyond its legal restrictions of wiretapping and surveillance of a target computer.
The revealed version could also record keystrokes, take screenshots, and activate a computer's webcam and microphone.
She also declined to comment on how exactly the software was installed on target computers, citing “police tactical reasons.”
A second version
On Tuesday, a pair of German researchers working for Kaspersky Labs, a computer security firm, discovered that there is a second, more powerful version of the Federal Trojan spyware, which can be run on more recent, 64-bit Windows computers.
It is also capable of conducting surveillance on a total of 15 applications, including Yahoo Messenger and Internet Explorer, more than the previous version.
A research paper published Thursday by the official analysis wing of the German parliament said that the CCC's publication of the trojan and its source code may in fact violate German law.
"Overall, it appears possible that the publication of the source code of a so-called trojan state is regarded as a criminal act under Section 258 of the Criminal Code obstruction of justice," the paper said.
Anke Spriestersbach, the BKA spokesperson, added that some of those 23 cases, were ongoing prior to the halt of the surveillance software's use.
The BKA had previously denied using the specific version of the spyware exposed by the CCC.
BKA rejected exposed software version
In the committee session, Jörg Ziercke also explained that the software that the BKA could use had the capability to intercept telephone calls, e-mails and online chats, and that it had only been used 100 times between 36 law enforcement agencies across Germany since 2007, when the software came into force.
Spriestersbach also told Deutsche Welle that the version of the software the CCC exposed was never used by the BKA.
"This one that they criticized was one that was only used from Bavaria," she said. "We never used that version. This is a version from 2007 and we tested it and for the BKA, we came to the conclusion that this (did not comply with the law.) The BKA used something similar which conforms with German law. What the CCC criticized is that the Bavarian office can use the opportunity to make screen shots, or to recognize keystrokes - we only used our software for (source wiretapping), to register an ongoing conversation, for example from one Skype user to another Skype user."
She also confirmed that the software the BKA used was also made by the same German software company, DigiTask.
Expanded digital surveillance
Some German politicians have called for expanded federal powers, including the development of a new federal agency that would be responsible for the development of future generations of such surveillance software.
The federal interior minister and his counterpart at the state level are scheduled to have a telephone conference on Thursday to discuss this issue.
"The federal government will develop the software themselves in the future," said Hans-Peter Uhl, the domestic policy spokesperson, in an interview with the Mitteldeutsche Zeitung, a newspaper in eastern Germany.
Similary, André Schulz, the head of the federal police union told the Neue Osnabrücker Zeitung, a newspaper in northwestern Germany that it was "high time for a Federal Internet Minister who solves the pressing problems of the digital age, (including) security and privacy."
Legal wrangling
Beyond political posturing, Federal Trojan-related lawsuits are now on the horizon.
On Monday, the Pirate Party in Germany called for criminal charges to be filed in Munich against Joachim Herrmann, the Bavarian Interior Minister and Peter Dathe, the president of the Bavarian Office of Criminal Investigation (LKA) on the grounds that they were responsible for this software that is, in the Pirate Party's view, a clear violation of the law.
"It follows that a significant suspicion arises from the possibility that those persons who have participated in the operation of the Trojan, those which it arranged as well, those who purchased this computer program, have committed a punishable offense," the party's letter states, which was faxed to the federal prosecutor's office in Munich.
In a related case on Thursday, Dominick Boecker, a Cologne-based IT attorney, announced his intention to file a civil lawsuit against DigiTask, the company behind the spyware. Boecker is representing Wavecon, a competitor based in Fürth, outside Nuremburg, in southern Germany.
"DigiTask manufactured products and sold software to law enforcement agencies [that] met the criminal definition of unauthorized interception of data," Boecker wrote in a German-language statement on his website.
Author: Cyrus Farivar
Editor: Nathan Witkop