Germany's federal criminal agency, the BKA, is testing at least one commercial spyware program, FinSpy, delivered through the German subsidiary of Britain's Gamma International.
FinSpy was exposed last year as being a surveillance application that was used in Mubarak's Egypt. It infects computers by fooling targets into installing a fake update for iTunes on desktop computers, or even a spoof download for BlackBerry mobile phones. Then, the application can provide surveillance through the computer's own webcam and microphone, and download files without being detected.
This revelation comes three months after the German government admitted to using a software surveillance tool after a Berlin hacker group announced it had found serious flaws in that application.
The German government confirmed the use of the commercial surveillance software last week in a response to an inquiry by Green Party parliamentarian, Konstantin von Notz, a representative from Mölln, outside of Hamburg, in northern Germany.
In his blog, von Notz published government responses to various questions he raised on the continued and planned future use of spyware developed in the private sector.
Own surveillance software competence
The government confirmed that the BKA acquired in early 2011 a license to test FinSpy for a limited period. The deal was signed previous to the decision that the government would establish its own software surveillance development program.
Moreover, the German government confirmed that the BKA is currently reviewing which commercial software it will deploy for the interim period.
Von Notz believes, however, that the BKA has more in mind than just a test or even an interim solution but possibly a "replacement" for the previous spyware programs used by the authority.
Late last year, the Chaos Computer Club (CCC), a well-known German hacker group, revealed that the so-called "Bundestrojaner," or "Federal Trojan," went beyond it legal restrictions of wiretapping and surveillance of a target computer. The spyware also had the capability to record keystrokes, take screenshots and activate a computer's webcam and microphone.
Complicating matters, BKA director Jörg Ziercke later told parliamentarians that his agency never examined the source code, or fundamental blueprints, of the Federal Trojan surveillance software.
'Practically impossible to detect'
Numerous privacy experts frequently warn of the dangers of improperly audited spyware.
"The potential for abuse in the hands of low-level law enforcement is extraordinarily high, given the limits of any possible oversight mechanisms," Eric King, human rights and technology adviser at Privacy International, told Deutsche Welle in an e-mail response.
"While the intelligence services are only supposed to exercise their powers in the interests of national security, the reality is that this technology is designed to be practically impossible to detect and it would be very difficult to know how or when it is being used."
In his blog, von Notz questions whether the BKA has been given access to the source code of the FinSpy software, which can be used to tap Internet telephony calls. He received no confirmation.
"It would be unusual if BKA didn't have access to the source code," Dirk Kollberg, a specialist with the anti-virus software firm Sophos, told Deutsche Welle. "There may be some reasons. Maybe the government doesn't have the people trained to analyze such code."
Von Notz also questioned whether the government was aware of the FinSpy surveillance technology being used by authorities of former Egyptian president Hosni Mubarak.
Gamma International is rumored to have supplied the technology to other repressive regimes in countries such as Oman and Turkmenistan.
However, some experts believe von Notz and his colleagues may be asking for too much, and that the German government can be trusted with such tools.
"Why on Earth should BKA not use commercial 'spy' software?" wrote Ulrich Boerger, a Hamburg-based privacy lawyer, in an e-mail to Deutsche Welle. "There are most detailed laws and jurisprudence on what law enforcement folks can and can not do. That applies to the use of firearms just as 'spyware.' This is a complete non-issue."
Author: John Blau
Editor: Cyrus Farivar