[liberationtech] One year later: German police unable to develop bstate trojanb

[Anne Roth]

http://annalist.noblogs.org/post/2012/10/12/one-year-later-german-police-unable-to-develop-state-trojan/

One year after the Chaos Computer Club found and analysed an illegal
trojan virus used by German police, the so-called bstate trojanb, and
one year after the German Federal Minister of Justice, Sabine
Leutheusser-Schnarrenberger had promised btotal transparency and
clarificationb German police still donbt have an alternative to relying
on software by private companies for the infiltration of computers.

Recent answers of the interior ministry to questions by Jan Korte, MP
Left party, clearly state that the ministry one year later is still
lacking the capacity to do as promised: to develop a software for lawful
interception that complies with a decision by Germanybs Federal
Constitutional Court.

(The original German document can be downloaded here
http://annalist.noblogs.org/files/2012/10/121010_SchriftlichenFragenStaatstrojaner.pdf
- no official translation into English yet)


The original bstate trojanb by Digitask did far more than what is
allowed by German law:

"The Chaos Computer Club (CCC) has recently received a newer version of
the bStaatstrojanerb, a government spyware. The comparison with the
older version, already analyzed by the CCC with the actual Sniffer-code
from December 2010, revealed new evidence. Despite the claims of the
responsible parties, the Trojan can still be remote-controlled, loaded
with any code and also the allegedly brevision-proof loggingb can be
manipulated. (CCC, 26 Oct 2011)"

Also see "Several German states admit to use of controversial spy
software" http://www.dw.de/dw/article/0,,15449054,00.html (Deutsche Welle).

The German minister of the Interior, Hans-Peter Friedrich, then promised
that the software was going to be produced in-house.

The new replies by the ministry prove him wrong:

    "The software by DigiTask GmbH that was used in the past for
computer surveillance (lawful interception) is not currently being used
by federal public authorities anymore.

    The software that will be used for computer surveillance will be
developed by a competence centre established within the Federal Criminal
Police Office. It will be safeguarded that the source code will be
audited regarding its range of functions by qualified experts. It will
also be accessible for the relevant authorities for data protection
(among others the Federal Commissioner for Data Protection).

    For the time until the afore mentioned in-house development is
completed the Federal Criminal Police Office is preparing a commercial
interim solution. The source code of that software has to undergo
extensive audits with respect to the demands by the Federal
Constitutional Court. (my translation, A.R.)"

In a reply to the second question by MP Korte the ministry states that
it doesnbt know whether software by DigiTask or other commercial
developers designed for lawful interception is being used by state
police forces in Germany. Further details are classified and only
accessible to MP Korte.

The spokesman on domestic policy of Angela Merkels conservative party in
parliament, Hans-Peter Uhl, commented:

"The development of a software by the Federal Criminal Office is
presumably going to take months if not years. We may even have to
ruefully admit that we lack the capability completely."


-- 

http://about.me/annalist
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x7689407F942951E2
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE