Chaos Computer Club : Anatomy of a digital pest

  • -Aktualisiert am

The Chaos Computer Club received, reverse-engineered – and hacked – the „Staatstrojaner“ surveillance program. The findings are alarming. The trojan can read our thoughts and remote control our computers.

          On February 27, 2008 the Bundesverfassungsgericht (Federal Constitutional Court of Germany) issued an historical judgment. Concluding the discussion surrounding the Bundestrojaner (or Staatstrojaner, literally „state/federal trojan“, colloquial German term for the government malware concept) – known as an „online search“ in official German – the highest court in Germany announced a new constitutional right to uphold IT system privacy and integrity. It sets severe restrictions on the secret services and investigation authorities when they seek permission to infiltrate computers in Germany for the purpose of extracting data and surveying core privacy.

          Even so, the judgment contains a passage that has the aware concerned: It is the paragraph on Quellen-Telekommunikationsüberwachung (“source telecommunication surveillance“ or lawful interception at the source). Representatives of the investigation authorities and the government have vehemently argued in the Karlsruhe discussion that they need to capture all encrypted communication on a suspect’s PC before they become encrypted. The court does not want to completely obstruct this and have permitted „source telecommunication surveillance“ – though only „when the surveillance is limited to data from an ongoing telecommunications process. This is to be enforced through technical and legal means.“

          How this type of enforcement is supposed to function in practice was already heatedly debated during the Karlsruhe hearing on the Bundestrojaner. In any case, the court recognized the risks and wrote: „If a complex information technology system is technically infiltrated in order to perform telecommunication surveillance (“source telecommunication surveillance”), the infiltration overcomes the critical hurdle to spying on the system as a whole. The endangerment thereby brought about goes far beyond what is entailed by the mere surveillance of ongoing telecommunication.“

          The concern is that a backdoor which has already been installed on a PC can be easily programmed with functionality (or download functionality over the internet), which surpasses the constitutionally permissible. This backdoor functionality could then infiltrate undetected deep into the protected private core of the infected PC user’s life.

          More than three years have passed since the judgment, and the German investigation authorities have not been idle. Criminal proceedings all over Germany in recent months show the use of trojans as a means of surveillance: for example, the case file shows evidence that could not have been garnered from mere telephone wiretapping, or screenshots taken from a suspect’s PC show up with no traceable origin. These screenshots documenting various (from an investigation viewpoint) incriminating emails or chats were disguised as „source telecommunications surveillance“, applied for and legally approved as wiretapping internet telephony.

          If suspects seek to defend themselves against this infiltration into their private sphere, the authorities justify their actions by saying the program they implemented originates from an extremely safe and security-screened service provider. And that they were also specifically created in accordance with current wiretap laws. Exceptionally strict quality control is supposed to make sure that none contain functionality above and beyond the surveillance rules set forth by the constitutional court.

          Weitere Themen

          Ist das die Zukunft der Oper? Video-Seite öffnen

          „Figaros Hochzeit“ in 360° : Ist das die Zukunft der Oper?

          Ein Mozart für Morgen: Nicht mehr bloß zuhören, zuschauen, sondern mittendrin sein im Geschehen und in der Musik? Jan Schmidt-Garre inszeniert „Figaros Hochzeit“ für die 360-Grad-Kamera – und damit für eine Oper, die man so noch nie gesehen hat.


          Arbeiten im Callcenter : Stress an der Strippe

          In Callcentern arbeiten Hunderttausende Menschen. Dort werden sie angemotzt, lückenlos überwacht und schlecht bezahlt. Warum gehen sie trotzdem hin?


          Immer auf dem Laufenden Sie haben Post! Abonnieren Sie unsere FAZ.NET-Newsletter und wir liefern die wichtigsten Nachrichten direkt in Ihre Mailbox. Es ist ein Fehler aufgetreten. Bitte versuchen Sie es erneut.
          Vielen Dank für Ihr Interesse an den F.A.Z.-Newslettern. Sie erhalten in wenigen Minuten eine E-Mail, um Ihre Newsletterbestellung zu bestätigen.