Random Flux

Germany’s Federal Court of Justice (BGH) recently ruled that hacking activities by the German police are illegal, according to a report published by the daily newspaper TAZ (die tageszeitung — it is not possible to link to the articles directly because TAZ requires registration for access).

It seems the German police have been using hacking tools to break into suspects’ computers via the Internet and examine their contents. It’s no big surprise that the court thinks that the police don’t have the right to do this. What is intriguing is that the police have apparently been doing this for some time, with the backing of official court orders. It makes you wonder what is going on in other countries.

These online scans of suspects’ computers are known as “PC screening”, and apparently the BGH has been turning at least one blind eye to them in the past. In most cases when the police or a public prosecutor’s office wanted to screen a computer, the BGH granted a court order to do so. This practice has now been slapped down by BGH judge Ulrich Hebenstreit, who has ruled that there is no legal foundation for it.

What is not clear is what hacking technologies the police has been using to gain access to the computers and perform the scans. Worms, Trojan horse programs and specially-tailored viruses are all possibilities, and there may be others. All that is known is that the police has been devoting a great deal of effort to the project, and that considerable sums of money have been made available for development of police hacking tools.

Apparently the German Ministry of the Interior earmarked a large but currently undisclosed amount of money for the development of better hacking tools for PC screening in the last federal budget. According to the TAZ report, the sum is at least several million euros, but the ministry is naturally being very tight-lipped about both the amount and the exact kind of software technology that is being developed.

Another possibility is that the police has been making targeted use of known weaknesses in Microsoft Windows to gain access to suspects’ computers. This naturally raises the question of whether there has been any direct interaction with Microsoft for access to “back doors” in the company’s operating system. In an interview with the Süddeutsche Zeitung, a Microsoft representative stated categorically that there were no agreements with police authorities in Germany or anywhere else in the world designed to allow them to obtain access to users’ computer systems.

Another German newspaper, the Tagesspiegel, reports that authorities in Switzerland are testing a new online spying software package that can circumvent firewalls and other protection mechanisms. In addition to giving the police access to data on suspects’ computers, the new package is allegedly also able to tap Internet phone calls and activate microphones and webcams connected to the users’ computers. According to the the Tagesspiegel article, Switzerland plans to make the package available to “other security authorities”.

As far as I understand it, the court hasn’t actually said that this kind thing should be banned out of hand, just that there is currently no legal foundation for it. Up to now the police has used the legislation for monitoring of email communication, but the judge says that capturing email “en route” is completely different to physical entry to the targets’ computers, which is more like breaking and entering.

If you think about it this could also have some interesting ramifications in other areas. If this is breaking and entering then so are many of the things that software applications do to your computer without your knowledge or your consent.