1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

German police use virus to evade phone encryption

January 27, 2018

A report in German media has said that the BKA accesses data before it is encrypted and inaccessible. While police argue the tool is essential for investigations, critics have warned of a state invasion of privacy.

A man holds his smartphone in his hands
Image: picture-alliance/dpa/C. Klose

Germany's Federal Criminal Police Office (BKA) is using a Trojan virus as a tool to access data of suspected individuals on their smartphones before the information becomes encrypted by apps such as Telegram and WhatsApp, according to a report by German newspaper Süddeutsche Zeitung and public broadcasters WDR and NDR.

The BKA uses the controversial software, which it refers to as "source telecommunication surveillance," to take advantage of security gaps that exist unbeknownst to the public.

Read more: Selling on the darknet? The BKA is buying (undercover)

The BKA maintains that using the virus allows them to more effectively investigate digital communication, but security experts say that the tool could be used by criminals. In addition, anti-surveillance activists argue that its use is an invasion of personal security by the state — a sensitive subject in Germany given the country's history of surveillance, both under the Nazi regime and by the state police in communist East Germany.

Read more: From God to the Stasi, how we respond to being watched

Investigations in a digital world

Federal police use the Trojan virus to access information stored on tablets, desktop computers, and laptops, alongside smartphones. They have complained for years that encryption services, which keep messages between users private, have prevented effective investigations since more and more individuals use such apps for their daily communication.

The whatsapp symbol with shadows of people stansing on top of it and overlaid with code
The BKA uses a Trojan virus to bypass WhatsApp data encryptionImage: Imago/R. Peters

BKA Vice President Peter Henzler told the German parliament in a past hearing that encryption services lead to "partly significant gaps in surveillance."

The BKA refused a request for comment made by the Süddeutsche Zeitung. For "operational reasons," the office would not say to what extent they have already used the tool.

State invasion of privacy?

Critics of using the Trojan virus on suspects' devices argue that the BKA is able to investigate just fine without using the tool. The report pointed out that in dozens of past cases, investigators were able to add another mobile end device to a suspect's account in order to access sent messages. However, the article said this was possible only when communications were not completely secure.

In a press release on Wednesday, Left Party politician and member of parliament, Andrej Hunko, criticized state surveillance of mobile devices, writing that, "The new ability of police and officers will further hollow out trust in the digital sphere of privacy." He shared his release on Twitter while calling for phone bugging to stop:

Last summer, the Bundestag passed a law laying out the guidelines for the use of Trojan viruses in investigations. The legislation allows investigators to review digital communication before criminal prosecutors begin looking into suspects.

In 2017 the BKA also requested millions of euros to improve its IT systems.

Germany's highest court laid out the grounds and restrictions for online searches in 2008.

DW author Cristina Burack.
Cristina Burack Editor and reporter focusing on culture, politics and history