German Police Used Trojan Horses In InvestigationsPublished on 10 October 2011 @ 11:02 pm
Intellectual Property Watch
By Monika Ermert for Intellectual Property Watch
Europe’s biggest hacker organisation, the German Chaos Computer Club (CCC), has analysed trojan horse software used by the German police to spy on suspects in several cases in apparent violation of their constitutional rights. In its 20-page analysis [English short version], the club revealed that the software, sent to the hackers for analysis, allowed authorities to not only listen into Skype calls, but also allowed to control and manipulate infected machines from a command server using IP address 184.108.40.206, sitting on a server of a commercial hosting provider in Columbus, Ohio, in the United States.
Putting the command server outside German jurisdiction was intended to conceal its origin, according to the CCC. The hackers warned that the software not only opened the door for police spying on constitutionally strictly protected private communication of a suspect. It also allowed third parties to use the back-door created because the software did not live up to professional coding standards.
Members of the German Parliament announced they would fully investigate the case, and the German Minister of Justice, Sabine Leutheusser-Schnarrenberger, said that if the allegations against German police authorities could be substantiated, the legislature must consider clarifying the limitations for online searches. While the Federal Ministry of the Interior rejected any allegations that it had used the spy software, the Bavarian Minister of the Interior confirmed it had been used by police in Bavaria but in full compliance with existing laws.
The German Constitutional Court in 2008 in a much-quoted judgment decided that online searches had to be tightly limited to investigate grave felonies and terrorism. Private content contained in the tapped computer had to be kept outside the reach of law enforcement because it was strictly protected by the constitution. But in one well-documented case in Bavaria against an alleged dealer of narcotic substances, the police in fact received screen shots from the suspect’s PC every 30 seconds.
Categories: IP-Watch Briefs, Access to Knowledge, Copyright Policy, Enforcement, English, European Policy, Human Rights, IP Law, Information and Communications Technology/ Broadcasting, Trademarks/Geographical Indications/Domains