Constitutional concerns: German prosecutor general against federal trrojan
German prosecutor general Harald Range does not currently believe there's a sufficient legal basis for listening in on online telephone services using source interception of telecommunications messages, a technique that employs trojans to record conversations either before encryption on the sender's end or after decryption on the receiver's end. The head prosecutor for the German Federal Court of Justice says that the Federal Constitutional Court's decision on clandestine computer surveillance sets strict limits on the use of federal trojans, according to the recently published response from the federal government to members of the SPD party in the German parliament (Bundestag). The SPD is currently a member of the opposition in the Bundestag. The decision says that the protected system's confidentiality and integrity must not be further compromised but that current computer surveillance technology cannot yet guarantee this.
The Federal Ministry of the Interior, which authored the response, emphasises that the decision against this kind of monitoring is "the prosecutor general's legal opinion". While the Ministry of Justice says that Range, a member of the FDP party, which is part of the current government coalition, "has well founded reasons for his decision", the government as a whole is still intensively studying whether the content and extent of current legal regulations such as article 100a of the German Criminal Procedure Code (StPO) can serve as a basis for allowing telecommunications monitoring on a computer as it happens, either before encryption or after decryption.
Critics have been saying for some time now that the line could be blurred between a source interception trojan and investigation of an entire system. The Ministry of the Interior, on the other hand, says that the communication programs monitored using source interception "by their nature involve a number of interfaces that are only active when communication occurs" and that it is therefore possible, in principle, to determine criteria for internet telephony and chat that would satisfy the Court of Justice's requirements, at least "in individual cases", depending on the program that is used. According to the ministry, this has already been "ensured in the past with extensive logging" and future solutions will explicitly include such measures in the standardised technical specifications.
The federal government says that "system metadata" will also ensure that the only computers infiltrated for a particular case will be those listed in the court order. Information gathered at the time will be compared to system data that was previously known, and telecommunication will only be monitored and recorded if the metadata matches up. Otherwise, the monitoring program will be "immediately deleted from the target system".
The Ministry of Interior also wants to clear up the rumour that Microsoft's Voice over IP provider Skype, in particular, already includes technology that could allow security authorities to record conversations without employing a trojan. "Various groups within the federal government have contacted Skype multiple times over the last few years in order to learn more about how Skype communication works and how it could be monitored," the response states. Apparently, however, the company only sent an information sheet directed toward criminal prosecutors, according to which certain user and communication data gathered as a result of use of the service can be passed on if requested by a court order. Because of technical limitations, content data cannot be made available.
Referring to confidentiality obligations, the government does not answer a number of questions related to issues such as the use of federal trojans outside of Germany and on how to uninstall the monitoring software. The German Criminal Police Office (Bundeskriminalamt) plans to complete development of its own trojan by late 2014. SPD representatives Burkhard Lischka and Lars Klingbeil write that the government's statements are "insufficient and worrying" and that, when it comes to the protection of civil rights, there is still no clarity on "whether source interception of telecommunications messages is legal at all."
- Federal Commissioner unable to audit Federal Trojan source, a report from The H.
- CCC cracks government trojan, a report from The H.
(Stefan Krempl / fab)