German police will be able to read encrypted messages using government malware by the end of 2017, according to leaked documents obtained by Netzpolitik. They are legally able to deploy this malware because of a new law. Last month, Germany passed a law that allows police to use “Staatstrojaner” or state trojans to hack into mobile phones to read encrypted messages on apps such as WhatsApp. Police would be allowed to utilize this technology to hack into smart phones for even minor crimes.
Leaked documents show German government malware deployment timeline and history
The truly damning information from the leak is this: the German Federal Criminal Police (BKA) have been working on this trojan since the beginning of 2016 – for over a year and a half – well before they received permission to do so. Prior to developing their own software for this purpose, German police had also bought a software called “FinSpy” from a Russian firm to spy on phones. Formal permission from the German people was just a rubber stamp, it seems.
Nowadays, smart phones are like a person’s digital brain – with a near perfect memory copy of just about everything. A spokesperson for the Chaos Computer Club (CCC), Falk Gabsch, explained his distaste for the upcoming upgrade to German police hacking abilities to Netzpolitik:
“To sell state hacking as just another surveillance measure like any other is, in the face of the newly published papers, a brazen distortion of the truth. An arsenal of Trojans is being built as if it were already normal for the state to hack the digital brains of its citizens.”
The German police’s new tool to bypass, not break, encryption is a dangerous precedent. Frank Herrmann, a member of Germany’s Pirate Party, told Deutsche Welle:
“People don’t realize that this malware endangers the security of the whole device, the technological intervention is much more severe than just listening in on a phone call.”
Many countries such as Germany and France have been clamoring for encryption golden keys for years; and while the EU has signaled support for strong end-to-end encryption, government malware can be used to circumvent strong crypto. Similar malware tactics are being used in China: In Xinjiang, checkpoints have been setup to ensure that you have downloaded the government malware onto your phone. While Germany’s government malware is still only being used for minor crimes, the potential path to a dystopian future is clear.