For the time being, there will be no specific technical and organizational requirements as to how providers of telecommunications services should in future help all 19 official German secret services in the fight against threats when using state Trojans and other spyware. On Friday, the Federal Council did not approve a relevant draft ordinance by the Federal Ministry of the Interior (BMI). This means that the planned regulations cannot come into force.
Change of direction in the federal government
The interior and economic committees of the regional chamber had recommended the heads of government of the federal states to support the initiative. The draft comes from the time when Horst Seehofer (CSU) was head of the BMI. In the meantime, he has been replaced by the SPD politician Nancy Faeser in the new federal government. The traffic light coalition, to which it belongs, views state Trojans more skeptically than the black-red predecessor alliance. She wants to review the corresponding powers, in particular for the Federal Office for the Protection of the Constitution, within the framework of the planned surveillance accounting.
According to the red-green-yellow coalition agreement, the state should “not buy security gaps or keep them open”, but “always endeavor to close them as quickly as possible” in a weak point management system under the leadership of a more independent Federal Office for Information Security (BSI).
With the controversial law, the Bundestag had extensive competence for all federal and state espionage authorities to use digital bugs to break into smartphones and computers and to record encrypted messages, Internet calls and video calls via WhatsApp, Skype, Signal, Threema & Co. to “adapt the constitution protection law” decided in the summer under black and red. This allows extended source telecommunication monitoring (TKÜ): Agents are allowed to tap the ongoing communication directly on the hacked device – before it has been encrypted or after it has been decrypted – as well as saved chats and emails.
Rules for the supervision assistance
The MPs have already stated that the service providers must support the “authorized bodies” in “bringing in” “technical means” for the source TKÜ, such as Trojans and additionally required interception hardware, and redirecting the communication to them. With the draft ordinance, the Federal Ministry of the Interior wanted to regulate the details of the implementation of these obligations to cooperate.
Providers should therefore orientate themselves towards the goal of the “highest possible success probability of the installation of the monitoring software”. For this purpose, a “connection point” was provided for necessary measures. It should allow access “exclusively to the data flow specified in the arrangement” via standardized, generally available transmission protocols. The maintenance and remote administration of this interface by the authorized authorities was planned.
“Network-side measures” which are not described in more detail and which “make it difficult or impossible” to tap the communication should be removed by the provider concerned. The Interior Committee of the Bundestag had explicitly emphasized in an addendum to the legal resolution that providers do not have to give out at least “any keys” and do not have to revoke the encryption of services.
Great potential for abuse and manipulation
Providers should also try out “suitable models” for monitoring and implement orders immediately. The network and service security was to be maintained in spite of the planned massive interventions as well as the “stability of the network operation”, it had been said. Overloading should be avoided and the network integrity should be jeopardized “as little as possible”.
Lawyers and providers complained in advance that there was a particularly high potential for abuse and manipulation in view of the imminent obligation to cooperate. The eco association of the Internet industry asked the Federal Council on Thursday to reject the regulation. The use of state spy software is “unconstitutional without legally regulated balancing by parliament”. The Federal Constitutional Court recently clarified this.
Furthermore, according to the eco, it is still unclear to what extent the companies concerned themselves bore risks and responsibility in helping to an “ordered online search”. Furthermore, preventive injunctive actions by journalists and media organizations are pending in administrative courts against the authority to use spyware by the constitution protection, the Federal Intelligence Service & Co.
The Baden-Württemberg Interior Minister Thomas Strobl, on the other hand, had massively promoted the regulation in the plenary session. This is necessary “in order not to keep our security authorities blind and deaf in parts,” emphasized the CDU politician. “The enemies of our democracy are arming themselves, they are networking,” he warned. With messenger services such as Telegram in particular, new, serious dangers have arisen. A large part of the communication is encrypted.
“Essential” with the help of the provider
The eavesdropping is no longer possible “without special software” on the end device, explained Strobl. So far, users usually had to click on a specific link. Now the program should “be able to be installed without the involvement of the target person”. The help of the telecommunications companies is essential for this. It is important to use the instruments of defensive democracy to counteract the “forces of evil”. He therefore does not give up hope that the statutory regulation will soon come. With the project only “existing arrows in the quiver” of the authorities would have been pointed, no new ones would have been inserted.
According to the new Federal Justice Minister Marco Buschmann (FDP), the failure shows “that the current legal basis, which would have specified the regulation, is not adequately accepted”. All the more he now wants to campaign “that we quickly implement the objectives of the coalition agreement”. This includes increasing the legal requirements for the protection of digital privacy and making them strict.
We will also examine whether such an intrusive investigative instrument belongs in the hands of the intelligence services, “emphasized the Liberal. When potentially exploiting weaknesses in IT systems, the state must” pay particular attention to the principle of proportionality. “
(mho)