Federal Commissioner unable to audit Federal Trojan source

Germany's Federal Commissioner for Data Protection and Freedom of Information Peter Schaar has criticised the German government's "Federal Trojan" (Bundestrojaner) since he was not able to review its source code. Schaar is tasked by the German parliament to review the data protection aspects of the government's policies. The Federal Trojan is used by investigative authorities in Germany to collect evidence and to tap into encrypted VoIP traffic (a procedure termed "Quellen-TKÜ" by German legislators).

In a letter to the Interior Committee of the parliament, which was subsequently leaked to the Chaos Computer Club (CCC), Schaar explains that he was not able to review the source code for the trojan. This follows an earlier report by Schaar in which the commissioner stated that the software did not fulfil the data protection requirements set forth by German law. Schaar has now completed his evaluation of the software without access to the source code.

According to the letter leaked by the CCC, the interior ministry and the German federal police have stated that they did try to get access to the software's source code but that these efforts eventually failed because DigiTask, the third party company charged with writing and supporting the software, intended to bill them €1,200 per employee per day to give access to the code. Another reason given was the fact that DigiTask also requested the government officials to sign non-disclosure agreements that were not tenable for the government.

After receiving Schaar's letter from an unnamed source, the CCC also criticised the government, saying that DigiTask should not be allowed to deny an independent audit of its software by the commissioner. The CCC said that this situation showed "the potential for blackmail through outsourcing of sovereign responsibilities to companies that are not subject to effective control."

See also:

• CCC cracks government trojan, a report from The H.
  

(fab)