1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

German police raid spyware firm properties

October 14, 2020

Germany's surveillance authorities use software from FinFisher. But the firm may have illegally exported its software to other countries including Turkey, an investigation shows.

Smartphone and person
Image: Weronika Peneshko/dpa/picture-alliance

The German Customs Investigation Bureau (ZKA) searched 15 residential and business premises in Germany and abroad last week with connections to the Munich-based surveillance software firm FinFisher.

The firm is suspected of exporting its most important surveillance software, known as FinSpy, to other countries without the correct license, German public broadcaster ARD reported on Wednesday.

The Federal Prosecutor's Office is investigating managing directors and employees at the firm for "suspected violations of the Foreign Trade and Payments Act," reported ARD, citing a spokesperson.

FinSpy can access address books, photographs and videos on targeted smartphones, as well as listening in on telephone conversations.

FinFisher also produced the so-called Federal Trojan — software used by the Federal Criminal Police Office and the ZKA — the bureau that carried out the raids on the firm.

In Germany, strict laws govern how surveillance software can be exported.

Read more: Germany: H&M fined record €35 million for illegal surveillance of employees

How could FinFisher illegally export spyware?

FinSpy software surfaced abroad in countries where the German government had not issued an export license, including Turkey.

According to the ARD investigation, FinFisher may have got around the export ban by operating a parallel business structure.

Data from the Malaysian commercial register shows that Stephan Oelkers, one of the businessmen behind FinFisher, founded a company there in 2015 under the name Raedarius M8 Limited. During this time, the export of spy software was much less strictly regulated in Germany.

The business offered: "Solutions in the field of communication and information technology" and "Distribution and sales."

Currently, 25% of the shares in Raedarius M8 belong to a FinSpy developer. The rest is administered by a lawyer from Munich, whose office address also serves as the postal address of FinFisher.

Time up for Germany-FinFisher cooperation?

Konstantin von Notz, deputy faction leader of the Green Party in the Bundestag, called on Germany's federal government to end its cooperation with the FinFisher.

"German and European surveillance and censorship software contribute to massive human rights violations worldwide," Notz told ARD.

Germany must "finally end its cooperation with these companies that deliberately circumvent existing controls and continue to export their programs, coded with German tax money, to despots around the world," said Notz.

Read more: Sieren's China: High tech to track the coronavirus pandemic

Can we trust tracing apps?

Strict rules governing exports

In Germany, every export of surveillance software must be approved by the Federal Office of Economic and Export Control. The responsible Federal Ministry of Economics had repeatedly stated that it had not issued any export licenses for surveillance software since 2015.

The current investigation into FinFisher was in part driven by German press revelations in 2018. Journalists reported that Turkey was using surveillance software to target members that appears to have the same source code as FinFisher's FinSpy.

Read more: Germany: Domestic surveillance bill primed for parliament

Kate Martyr Editor and video producer at DW's Asia Desk and News Digital