Konstantin von Notz, chairman of the secret service control committee, urges a break in the use of surveillance software, for example for source TKÜ.
After another glitch in the figures for the use of state trojans in the official statistics on telecommunications surveillance (TKÜ) of the Federal Office of Justice (BfJ), Konstantin von Notz, deputy leader of the Greens in the Bundestag, is making a strong case for the ripcord for the time being to pull such spyware. The new chairman of the Parliamentary Control Committee (PKGr) for the federal secret services has asked voonze online for a moratorium on the use of the controversial tool.
Eliminate “massive legal uncertainty” first
“As long as the massive legal uncertainty surrounding the use of the highly problematic investigative tool is not remedied and the core area of private life is protected effectively,” law enforcement officials and agents should no longer be allowed to use state trojans, von Notz demands. He refers to the coalition agreement of the traffic light alliance. It states that the use of surveillance software for so-called source TKÜ and for secret online searches must be avoided as long as the requirements of the Federal Constitutional Court to protect the core of intimate life are not observed.
This application break, which has already been agreed in principle, must now be implemented, emphasized the domestic politician. Already in the TKÜ statistics for 2019, many state prosecutors had “supplied exorbitantly wrong figures on the use of the state Trojan” last year, von Notz justified his plea. “The fact that this highly distressing process has now been repeated makes it clear how great the ignorance regarding the use of the highly controversial investigative instrument is, even among practitioners and those who are actually supposed to monitor them.”
It also becomes clear to the Greens “that the allegedly indispensable investigative instrument is only used extremely rarely in reality, and for good reason.” Contrary to what is often suggested, it makes “no significant contribution to increasing security – but at the same time it massively endangers fundamental rights”. The traffic light coalition has therefore also generally agreed to fundamentally review the possible applications, which the black-red federal government had previously massively expanded, in the course of a monitoring accounting.
Access without recourse to vulnerabilities
Von Notz previously had one Debate on Twitter triggered by an announcement in an interview with “Spiegel”. When asked about the monitoring of messengers such as Telegram, Signal or WhatsApp, most of which rely on end-to-end encryption, he said: “If the authorities succeed in gaining access to this communication using legal means, there is nothing to be said against it.” In the case of the state Trojan, with which data is tapped directly on the end device before encryption or after decryption, the services would have to exploit security gaps in the device software.
Von Notz explained that these vulnerabilities could also be used by spies from Russia, China or organized crime. There is a black market for it. The coalition agreement states that there should be a balance here: “A gap that only affects a very small number of people could possibly remain open in favor of the security authorities.” Weak points that posed relevant risks for the population would have to be reported and closed immediately.
The coalition agreement states: “The exploitation of vulnerabilities in IT systems is in a highly problematic tension with IT security and civil rights. The state will therefore not buy any security gaps or keep them open, but will engage in vulnerability management under the leadership of a more independent federal agency for security in information technology” (BSI) always try to close it as quickly as possible.
BSI reports gaps
According to experts, in the light of a judgment by the Federal Constitutional Court on source TKÜ, security authorities must already create relevant rules for every use of state Trojans and also assess in advance how high the risk of secrecy of security gaps is for citizens, the economy and the state itself. A few months ago, the formation of an opinion within the federal government on effective vulnerability management was not yet complete. At least the BSI is already reporting all discovered security gaps to the manufacturers.