The German Federal Criminal Police Office (BKA) bought notorious Pegasus spyware from the Israeli firm NSO in 2019, it was revealed Tuesday.
The federal government informed the Interior Committee of the Bundestag of the purchase in a closed-doors session, parliament sources said. That confirmed earlier reports published in German newspaper Die Zeit.
The software was procured under "the utmost secrecy," according to Die Zeit, despite the hesitations of lawyers as the surveillance tool can do much more than German privacy laws permit.
However, the version purchased by the BKA had certain functions blocked to prevent abuse, security circles told the paper — although it is unclear how that works on a practical level.
The revelations were a result of joint research by Die Zeit as well as daily Süddeutsche Zeitung and public broadcasters NDR and WDR.
What has the German government said?
According to the Süddeutsche Zeitung, BKA Vice President Martina Link confirmed to lawmakers that her organization had purchased the software. In late 2020, the BKA acquired a version of the Pegasus Trojan virus software. It has been used in select operations concerning terrorism and organized crime since March of this year.
Germany's Federal Constitutional Court has ruled that security services are only permitted to use spyware on the cellphones and computers of surveillance targets in special cases, and can only initiate certain types of operations.
While the rule of law has placed limits, the technology available has grown seemingly limitless.
The German government has been asked specifically about the use of NSO spyware three times in recent years and has largely refused to account for its use or subject itself to scrutiny for it.
In a written statement to an official inquiry, Left Party lawmaker Martina Renner was told the parliament's right to information conflicted with the "confidentiality interests justified by the welfare of the state in exceptional cases."
Why are NSO and Pegasus controversial?
NSO sells the Pegasus surveillance tool to police and intelligence agencies globally. The tool itself is powerful enough that it can spy on iPhones and Android smartphones in real time, enable the microphone and video functions to record conversations and settings, read location data and bypass encryption on chat messages.
The BKA began its negotiations with NSO in 2017. For years, the BKA had made use of its own in-house surveillance software, but it became cumbersome and outdated, which is why authorities turned to NSO.
Pegasus makes use of vulnerabilities in the security of smartphones to open a privacy-violating Pandora's box of surveillance tools. More troubling yet is who has been targeted by governments around the world that have purchased the tool.
In July, a consortium of news organizations including Die Zeit reported on the extensive abuses of the technology drawn from a list of potential targets in 2016 that included more than 50,000 phone numbers.
Among the targets were human rights activists, journalists and lawyers as well as a dozen heads of state and several government ministers and senior diplomats.
Technical analysis of the cellphones of several of these individuals revealed the phones had been successfully hacked using Pegasus software.
How has Germany reacted?
Green Party member of parliament Konstantin von Notz called it a "nightmare for the rule of law." He demanding "full clarification" from the federal government as to who "specifically bears responsibility for the purchase and use of the spy software."
Frank Überall, the chairman of the German Journalists' Association, said the union wanted to know "whether journalists were spied on without their knowledge, whether their sources are still safe."
Überall called the BKA's action "incomprehensible" and added Interior Minister Horst Seehofer should "lay his cards on the table."
ar/rt (AFP, epd)