The federal government wants to allow the secret services to read communications via WhatsApp and other encrypted courier services in the future. The cabinet decided on Wednesday that the Office for the Protection of the Constitution, the Federal Intelligence Service and the Military Counter-Intelligence Service (MAD) should monitor not only ongoing conversations via Messenger, but also messages sent via Messenger.
The reform has yet to be approved by the Bundestag. Proponents of the draft say it would only bring domestic intelligence back to pre-invented levels of the Internet and mobile communications. At that time it was enough to eavesdrop on landline telephones.
Test now for free!
[Wenn Sie alle aktuellen Nachrichten live auf Ihr Handy haben wollen, empfehlen wir Ihnen unsere runderneuerte App, die Sie hier für Apple- und Android-Geräte herunterladen können.]
The reform was highly controversial in the coalition. A first draft had already been sent to the other ministries for comment in March 2019. At the time, he also authorized the secret services for “online searches”. This means secret access to computers, smartphones and other IT devices from which the data can then be read. This passage has been deleted under pressure from the SPD.
Authorities must hack cell phones to read chats
The Federal Interior Ministry draft, now approved by the cabinet, also provides for extensive information exchange between the MAD and the constitutional protection authorities. Barriers to the observation of individuals by constitutional protection will also be lowered. The federal government thus draws conclusions from the right-wing extremist terrorist attacks in Halle and Hanau.
Both attacks were committed by perpetrators who, according to previous knowledge, did not belong to a group. In order to improve the control of the supervisory measures, the number of members of the Bundestag G10 committee responsible for their approval will be increased. A technical advisor should also be appointed to assist the Commission.
In general, it is technically difficult to control encrypted messaging services. To do this, authorities usually need to access the target person’s mobile phone as decrypting messages that have already been encrypted is very time consuming. Governments gain this access to the terminal via a so-called source of telecommunications supervision (source TKÜ).
In addition to the Bureau for the Protection of the Constitution, the Federal Intelligence Service and the Military Counterintelligence Service are likely to hack cell phones. Photo: obs
A trojan is loaded on the smartphone. The software may divert certain data. For example, information about what is being entered via the display. Sometimes such Trojans can also access the microphone and camera.
[Mehr aus der Hauptstadt. Mehr aus der Region. Mehr zu Politik und Gesellschaft. Und mehr Nützliches für Sie. Das gibt’s nun mit Tagesspiegel Plus: Jetzt 30 Tage kostenlos testen.]
This type of software is produced by, among others, the German-British company FinFisher from Munich, which also supplies German authorities. The software is installed through physical contact – ie, through direct access to the device – or through targeted links and email attachments.
Saudi Trojan was on the Amazon boss’s cell phone
For example, if a target knows he has a weakness for video clip maintenance, it is conceivable that a Trojan horse could be loaded onto the smartphone using such a video. Amazon boss Jeff Bezos, for example, is said to have been monitored by the Saudi authorities via an espionage program that was sent to him via WhatsApp with a football clip and played on his smartphone.
[In unseren Leute-Newslettern aus den zwölf Berliner Bezirken befassen wir uns regelmäßig unter anderem mit Polizei- und Sicherheitsthemen. Die Newsletter können Sie hier kostenlos bestellen: leute.tagesspiegel.de]
It is also conceivable that security vulnerabilities in operating systems will be specifically exploited. There has been a dispute for years about whether or not to use such “back doors” by government agencies in Germany. Physical contact with the device can be established, for example, during personal or border checks.
However, obtaining a source TKÜ is very complex for authorities. A court order is required for this: no smartphone can be spied without such a decision. The secret services cannot read and save the communication as they see fit.
Serious crimes should warrant surveillance
A “serious crime” according to article 100a of the Code of Criminal Procedure is necessary for a judicial decision. This includes very different crimes: murder, particularly serious cases of tax evasion or endangering the democratic rule of law. There must always be a well-founded suspicion of a crime, and it must also be shown that it would not be possible to clarify a particular matter without the source TKÜ.
According to the Federal Office of Justice, a total of 18,784 surveillance measures against mobile phones were imposed in 2018. Most of the surveillance warrants related to serious violations of the Narcotics Act, computer fraud and gangs.