It would appear that the German government is sending mixed messages when it comes to computer hacking.
After passing antihacking legislation earlier this year to crack down on the sharp rise in computer attacks in the public and private sectors, the government is now floating a plan to develop and smuggle its own spyware on to the hard drives of suspected terrorists through e-mail messages.
German Interior Minister Wolfgang Schauble has been feverishly seeking support for a new security law that would allow federal authorities to investigate suspects’ Internet use and stored data without their knowledge, ever since the country’s Federal Court of Justice halted their cybersnooping activities in February. The judges argued that the hacking of computers by the police is not permitted under Germany’s strict phone-tapping laws and that legislation would be needed to enable covert surveillance.
Schauble’s efforts to introduce a security law with wider police surveillance powers have, however, led to a heated debate that nearly exploded late last week when a copy of the proposed security law was leaked to the German media. The measure would allow authorities to install Trojans carrying remote forensic software on suspects’ hard drives.
While Schauble has said that government cyberspying would only be conducted in a handful of exceptional cases and only on those suspected of planning terrorist attacks, critics say he may have overstepped his bounds.
Max Stadler, a security expert with the German Free Democratic Party, warned in a ZDF television interview last week that the Interior Ministry’s spyware plan would weaken the trust of German citizens in government. He referred to the government Trojan as “an invasion into the private sphere.”
Magnus Kalkuhl, a virus specialist at the German office of Russian security software vendor Kaspersky Lab Ltd., said the plan “would undermine the very purpose of security software, which is to plug – not make – security holes.”
The idea of allowing officials in one specific country to snoop also disturbs Kalkuhl. “What’s going to prevent police in Germany from breaking into computers in Italy?” he asked.
And even if the government approves the use of spyware, Wolfgang Wieland, a member of the Green Party, told the Berliner Zeitung newspaper last week that he questions the success of a measure that assumes suspects know little about computers and won’t detect and remove Trojans and other spyware. It’s naive to believe that terrorists, who live in a world of conspiracy, would trip over something as obvious as e-mail from an unfamiliar source, he said.
In defence of the plan, Schauble said in an interview with Deutschlandradio last week that police need to keep pace with terrorists and criminals, who shouldn’t be allowed to use cyberspace as a protected area. The plan, he said, isn’t to control everyone’s computer but rather only those machines used by suspected criminals and terrorists and only for a limited period of time.
Jorg Ziercke, president of the Federal Criminal Police Office (BKA), said in an interview with the German magazine Stern that the planned remote forensic software can’t be used broadly because it must be tailored to run on each targeted computer. “We’re talking about 10 such measures a year,” he said.
The German government has released no technical details of how the sypware will operate. A spokesman for the Interior Ministry declined to comment, citing security regulations.
The use of spyware by crime fighters isn’t new. For instance, the U.S. Federal Bureau of Investigation uses a tool, called CIPAV (computer and Internet Protocol address verifier), which can record IP addresses and send this data back to government computers.
Nor is Germany the only European country debating spyware legislation. Neighbouring Switzerland and Austria are reportedly considering laws that will give police greater powers to monitor computers online. Neither of the countries has released any information on their spyware plans.
No firm date is set when German parliamentarians are expected to vote on the proposed security law. But with Islamic radicals targeting German troops and others working in Afghanistan in recent weeks, Schauble has spoken of a heightened threat level that makes the spyware issue of increasing urgency.