The Staatstrojaner (literally „state trojan“, colloquial German term for the government malware), whose self-destruct function obviously failed, was discovered, reverse-engineered and analyzed by Chaos Computer Club hackers. The findings, if the CCC’s analysis is correct, are conclusive and alarming: The government surveillance software not only contains illegal functionality, it also appears to be so significantly flawed, that anyone who can encrypt the key can also hack all similar versions and control them remotely. Should evidence captured this way have any legitimacy in a court of law? And, first and foremost: What does it mean when, as demonstrated by the CCC, anyone that knows the IP address of the infected computer can install fake „evidence“ without leaving so much as a trace or little chance of acquittal? The HSH Nordbank case, where child pornography was planted on a work computer by private detectives, is an omen of a new type of reputation-destroying strategy.
But there’s more: Computers are not only instruments of communication, they are instruments of thought. A series of screenshots taken every second (forwarded to the United States and from there back to Germany) of someone creating a text – never emails or digital monologues – shadows the thought-process itself. What is happening here makes your hair stand on end. The CCC analysis could change the political world forever in an era that prompted the success of the Pirate Party.
Spyware Without Functional Limits
For, in view of our current state of knowledge, this can not be trivialized. There is only one reason why it isn’t completely unsettling; it is, ironically, our trust in the government. Germany is not a country known for rule-bending judges and prosecutors. Sometimes they know as little as anyone else does on the subject of complex software. Just about everybody, the Bundesverfassungsgericht (German constitutional court) and the CCC hackers alike, agree that digital surveillance can be used to prevent or detect the worst criminal activities – as long as legal provisions are enforced.
This, however, is no appeasement. Quite the contrary. Apparently this trojan is allowed to do absolutely anything. It is only a matter of which parts are activated, or disabled. But the function that enables this is disguised – meaning the programmers knew that what they were doing was wrong. But who else knew this? And who else can understand the machine code that discloses this fact?
A New Question for Democracy
It is not a question of how moral and constitutional are our institutions, but who has the power over digital society now. This question arises wherever digital systems have become instruments for control, from financial markets and social networks to the government. Years ago the American doctor of law Lawrence Lessig introduced the phrase: „Code is law.“ What he meant was that those who code relegate conduct in modern society. While the digital age brings with it perhaps the greatest emancipation of humanity since the discovery of the printed book, at the same time it dramatically threatens the concept of freedom. Who determines ethical values in a digital society? The citizen, or the coders and their contractors? This is the newest power struggle in democracy, and it is, as shown in the case at hand, in the process of being decided in favor of code.
We should not delude ourselves into thinking that those who have the power use it. Internet surveillance technology available to the secret services has acquired a whole new level of relevance with the German police and law authorities. Here the police apparatus itself is at risk of becoming shadowed by secret services with one vital difference – they would have to present their findings as evidence before a court of law.
The Task of Harmonising Law and Code
Who has the power over the programmer? Who contracts the coding job? Is it really enough to trust the state’s loyalty to the constitution when the code, which only the contractor and programmers understand, has already betrayed constitutional rights? All these questions remain unanswered. The internet is not revolutionizing the citizenry and industry architecture; we are now seeing it happening to the state as well. The freedom of the individual depends entirely on bringing code and law into balance.
Now, since the success of the Pirate Party, there may be a chance that this will become a realpolitik task. We need to realize that the new world is not only bright and shiny, but that it also has the potential to create a monster.