Germany’s Pirate Party has accused the country’s Federal Criminal Police of spending millions on what it deems to be unconstitutional spyware. The party’s vice president says state spyware is not allowed in Germany.
The Pirate Party is requesting that Germany’s Federal Audit
Office investigate whether the Federal Criminal Police (known as
Bundeskriminalamt, or BKA) have breached the law on economical use
of funds.
The BKA bought the trojan spyware from the UK’s Gamma. News emerged
of the purchasing in January, according to Netzpolitik.org, a
German blog relating to digital issues throughout the world.
The FinFisher/FinSpy toolkit is installed after the target accepts
installation of a fake update to commonly used software. The kit is
designed to evade detection by anti-virus software.
"The Federal Government and the BKA wasting millions of tax
dollars for the purchase and testing of this software is
unconstitutional,” the Pirate Party wrote on its website.
It claims the FinFisher/FinSpy software breaches a Constitutional
court ruling on secret internet surveillance, referring to a 2008
landmark case in which the Federal Constitutional Court of Germany
ruled that surveillance software targeting telecommunications must
be technologically limited to a specific task.
Netzpolitik.org says that “current research suggests that the
FinFisher/FinSpy toolkit consists of a basic module (the trojan)
that can also remotely load additional ‘feature modules,’ for
example a module for recording Skype conversations.”
Analysts who have looked at the spyware parts told the site that
they have not seen limits on what additional modules can be loaded
or even a signature verification of additional modules. If this is
indeed the case, it would clearly violate German law.
The BKA bought the spyware to use as a temporary measure to last
until it has developed its own internet telephony eavesdropping
software. The software is due to be up and running before the end
of 2014.
The information has prompted the Pirate Party to fight the use of
the spyware, saying the BKA should instead invest its money in
training its own employees.
“The BKA should put its money in the training of its computer
forensics staff, creating a real safety advantage, rather than
spend it on unconstitutional software," deputy national
chairman of the Pirate Party of Germany, Sebastian Mink, said on
the party website.
But the Pirate Party says there’s even more reason to be weary of
the spyware, and directed a message to the German government:
“You go with it in bad company: dictatorships around the world
use FinFisher to suppress democratic movements.”
The sentiment has been echoed by Netzpolitik.
“With strong clues that authoritarian regimes such as Bahrain,
United Arab Emirates, Qatar, Ethiopia, Mongolia, and Turkmenistan
are using these products, the German state is sending a dangerous
political message by using exactly the same software,” the site
read.
Those running the blog are calling for export restrictions to stop
the sale of western surveillance technology to regimes known for
their human rights violations.
The Chaos Computer Club (CCC) has also publicly criticized the
German government for its use of FinFisher.
It’s not the first time Germany has come under fire for its use of
software. In October 2011, the CCC analyzed DigiTask malware used
by the German government, claiming it was badly programmed, lacked
elementary security, and was in breach of German law.