News

State Trojan almost uncontrollable according to experts

Bugs are yesterday’s listening devices. Nowadays, investigating authorities can wiretap and monitor criminals without getting their hands dirty. This is made possible by so-called “state Trojans”. The malware can be used to gain access to other PCs. However, as an audit report by the Federal Data Protection Commissioner now suggests, this method also has its pitfalls. There are considerable doubts, particularly in the area of control.

Surveillance of PC and smartphone possible

As can be seen from a report by Netzpolitik.org, the so-called state Trojan (Remote Communication Interception Software) has matured significantly since its premiere in 2016. After all, the malware developed by the BKA can no longer be used to fight crime only on PCs. In the meantime, it is also possible to penetrate smartphones. The corresponding technology was already added to the authorities’ toolbox in 2018. Since the state Trojan represents a sensitive encroachment on the rights of third parties, the BKA alone is not free to determine its design. On top of that, other authorities come into play in a controlling capacity. In addition to the Federal Office for Information Security (BSI), Germany’s top data protection commissioner must also take a look at the state Trojan. The latter has now issued its assessment of the malware as part of a test report. The experts at Netzpolitik.org were allowed to view the ten-page document.

Substantial results published

The scope of the issued report alone already makes it clear that this is only a kind of summarized view of the Federal Data Protection Commissioner. It clearly shows that there are no objections to the state Trojan from a data protection perspective. One example of this is the automatic activation and deactivation of the RCIS. It only records active communications and switches itself off again automatically at the end of a conversation. This is a basic requirement for the legality of telecommunications surveillance.

According to experts at Netzpolitik.org, however, the situation is somewhat different when it comes to analyzing the source code. Here, the state Trojan relies on a kind of random sample, which is not really meaningful. According to the report, it is not really possible to control what the random sample looks like. This could mean that important information is lost or taken out of context. But that was the only problem that could be gleaned from the report. To be able to spot other arguable actions of the state Trojan, one has to look elsewhere.

Big problems with IT security

If one takes a look at the state Trojan, one must not disregard the issue of IT security in particular, according to Netzpolitik.org. After all, once the Trojan has leveraged security mechanisms, other attackers can, at least theoretically, gain access via the security gap created.  Furthermore, the risk of an intrusion into the most sensitive personal data should not be underestimated in the case of a state Trojan. The Federal Constitutional Court has pointed this out in a landmark ruling as a very clear limit to state intervention.

This also includes, for example, when personal conversations that are not relevant are not deleted but archived. However, according to the test report available to Netzpolitik.org, in order to comply with the requirements of data protection law, it is sufficient if the communications can also be deleted again. Incidentally, if the world-famous Chaos Computer Club (CCC) has its way, the significance of the test report is nil. Thorsten Schröder, who is considered an expert on state Trojans at the CCC, comments as follows:

“This report disappoints. The data protection authority examines a small part of relevant questions in an excerpt of the state Trojan, and the public is only allowed to read excerpts of the findings.”

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

Related Articles

Neue Antworten laden...

Avatar of Basic Tutorials
Basic Tutorials

Neues Mitglied

3,900 Beiträge 1,492 Likes

Bugs are yesterday’s listening devices. Nowadays, investigating authorities can wiretap and monitor criminals without getting their hands dirty. This is made possible by so-called „state Trojans“. The malware can be used to gain access to other PCs. However, as an audit report by the Federal Data Protection Commissioner now suggests, this method also has its … (Weiterlesen...)

Antworten Like

Back to top button