Schneier on Security
A blog covering security and security technology.
« There Aren't That Many Serious Spammers Out There |
| Childhood Safety vs. Childhood Health »
April 11, 2007
German Police Want the Right to Hack Computers
German Interior Minister Wolfgang Schaeuble has confirmed plans to seek a change to the constitution to allow the state secret access to the computers of private individuals, in an interview published Thursday.
Supposedly Switzerland is also considering a similar law.
Posted on April 11, 2007 at 1:36 PM
• 40 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
What is your source for the statement "Supposedly Switzerland is considering a similar law"? This seems unlikely to me, and it's almost inconceivable that such a law would be enacted in Switzerland, because it would be challenged by referendum. (Unlike most "democracies", Switzerland really is a democracy - citizens can and do throw out legislation by forcing a referendum.)
Yes, Siwtzerland is considering a similar law, in fact they were even "faster".
http://www.heise.de/newsticker/meldung/87914 (in german)
In fact they go even further, because the state wants to reserve the right to access random people's cmputers, without any probable cause.
Of course whether it can be enacted, or whether it is just posturing I don't know.
This issue can't be taken as serious as it might look.. from what the involved politicians stated in interviews, they a) don't know what they're really talking about, b) don't even know the technical implications of such an endeavour, c) do it mostly for gaining screen time, and/or d) don't have an idea on how to get that law passed so it doesn't clash with our Constitution, because as it currently looks, changing the Constitution is largely out of question.
The ideas they published are rather ridiculous.. Schaeuble (or was it Beckstein, his bavarian complement nutcase?) in one case said they want to invest a few 100kEuro to get a "federal trojan" developed which shall be able to install itself on any computer by hijacking regular web traffic, be able to bypass any filtering mechanisms, be undetectable by any virus scanner (experts still discuss whether extreme polymorphing or subpoenaing antivirus vendors would be the easier way to achieve that), run on any OS and be able to deliver evidence on outside commands.
Each day I wonder more how our politicians can talk so boldly about IT topics without having the least clue and without being told to shut up by someone who does have one.
But Minister of Justice Zypries already intervened and said the measures that were already taken are appropriate to reduce the terror risk. And after all with these ideas Schaeuble oversteps his authoritiy.
http://www.spiegel.de/politik/deutschland/... in german.
since this mingles IT with laws it will be difficult for both to understand how the other half sees this.
to sum it up:
- in germany law enforcement has to act "in the open". if the police searches a house they present a warrant, inform the owner and have a public witness (neighbour etc.)
- if a suspects computer is involved it gets confiscated and analyzed (there is a special department for this)
- there are cases, where information has to be gathered without the suspect knowing, this includes tapping phone-lines or placing microphones inside the house/business/flat
- there is a law for searching in the open and a law for doing covert observation, for the covert stuff you need a judge to issue a warrant.
now we combine these points with IT:
- if a suspect encrypts his hard-drive it is very difficult to extract information after confiscating
- the laws currently in place do not say anyhting about hacking computers, so currently it is illegal for the police to do so.
- a law has to be made to allow for this, it will need a judge to approve and since this is not the mass-mailing-backdoor-trojan we are talking about (since a certain computer has to be infected, not a random number somewhere in the world) this will be rather costly to implement.
- people who are technically savvy enough to encrypt their harddrive will most probably keep their computers up-to-date with patches, so the hacking-tech will have to be developed for each case (like you have to buy new telephone-surveillance-stuff for each occasion)
this is just a short summary, if someone needs more detailed information (there is already a Federal Court of Justice - ruling on this) feel free to contact me. bruce should be able to see my mail-adress :)
But if my computer is secure, can they still hack my computer praticaly.
It seems to me that they are under the assumption that hacking a computer is *always* easy. Well the computers of the inocent may be easly comprimised. But if you have something to lose, i think that its not too hard to make it hard.
We are talking about elite hackers, were talking about a Governement deparament.
@Sebastian: In my opinion, the author of the Heise/Telepolis article has shown an extreme amount of, sorry, idiotic prejudice. Just because the man was attacked and suffers from paralysis as a consequence, he's become so mentally ill that he is now an incapable politican out for revenge? A 7 year old could come up with a less embarassing train of thought.
But, besides that, Schäuble does not only want to change the constitution, he wants all available data. I think right now there is enough opposition to defend us from him, but my fear is that he will get some compromises where none should be made, as all his claims are outrageous.
@Joerg: read the TP article again, that's not what it says at all.
@greg: the law enforcement agencies definitely do not think this is easy. but for a politician it is a wise move to tell people this would be easy if said politician believes in the idea of "general prevention" (if people think they ain't safe when encrypting their harddisks criminals might think the risc of getting caught is to high, so they refrain from their activity).
personally i do not think this will work, since criminals do not make a risk analysis, they just think they are to damn clever and won't be caught anyway.
@joerg: it is not necessary to change the constitution, as long as the law allowing for this hacking has barriers in place to prevent it from being used in cases where other methods of police-work would produce the same results.
It might be due to the asassination attempt that Schäuble barely escped, and that put him in the wheelchair, which makes him so paranoid and value security at the expense of everything else.
Or it might be a rather blatant attempt at, well, moving the http://en.wikipedia.org/wiki/Overton_window and pushing through other fringe ideas while keeping the public occupied with this madness.
Too bad Schaeuble survived.
This fascist and scoundrel fully deserves to be shot.
And, no, failed assasination does not have anything to do with his mindset - he was "law and order" and "tax time, serfs" type long before it.
@Greg: You've got quite a contradiction in your last sentence ;)
Schaeuble and the other surveillanists said some time ago that they won't task the BKA or other state agencies with development of their federal trojan, they were considering outsourcing it "for the one or other 100kEur" to some private company.
Now, if you have followed the road toll desaster, the police scheduling software debacle or other successes of federal software development projects, I can vividly imagine the quality of this trojan-to-be.
kaukomieli has is about right. I think the trojans and most of the other "all OS, non-detectable" BS was floated around by truly clueless politicians of the Beckstein caliber. If I understood correctly, what is intended is targeted hacking attempts by a group of specialists.
I would imagine that given the police have access to the telecom routers, they would not even attack the target computer directly (which is too risky) but do traffic analysis and man in the middle attacks on the outside communication, thus retrieving passwords, and encrypted communications. Intruding into the target computed poses the risk of being caught, and I don't think they would try that unless they exhausted other measures. As for doability, having complete control over the outside communication channels given you a lot more attack options than the regular hacker has. A trojan, or exploit code, might be embedded in your "true" banking site, SSL and all. It may be in your gmail account page. Hell, it might be on this page. Ah, the irony.
I feel quite safe when it comes to random hackers, even good ones. But someone in control of the communications infrastructure is just plain scary.
And greg, I would not discount government activities. Germany does not have anthing equivalent to the NSA, but the BSI is a government institution, and they definitely have good people.
I guess its time you bad guys unplug your network connection!
Sorry Typo, I ment:
"We are *not* talking about elite hackers, were talking about a Governement deparament."
True, But thats my point. The best way to break into a "secure" computer, is replace the keyboard while you are out. I belive they can already do just that, with the proper oversight. Which is why I question the usefullness of such a law.
The easiest hacking route for a gov may be to interfere with a s/w vendor's automatic update system and give a custom version of something to particular users.
(There is no Mike Sherwood where I work.)
"The easiest hacking route for a gov may be to interfere with a s/w vendor's automatic update system and give a custom version of something to particular users."
These systems usually use digital signatures to make spoofing them difficult. The ones I have personally written use RSA digital signatures, and I know that for example Apple's built-in software update for Mac OS X does something similar. Whether the software update for random third-party applications does this is something I'm less sure about, though.
"This is always a race between the police and the criminals. We do not want the latter to be better equipped than the security authorities."
They may not want this, but they should learn to accept that a subset of criminals will always be better equipped than the police. No matter what law enforcement tools are available, there will be a group of criminals to attack where there are few defenses. This is why "identity theft" is so popular these days - the police have a hard time keeping up with all of the disconnects between groups of people exchanging information, and if people do get caught, all of the crimes are misdemeanors.
I don't see a way to actually make this happen. Law enforcement agencies want usable evidence. That means following defined, consistent procedures. Any software that can withstand the scrutiny of a strictly regimented process is not going to be nimble enough to change often enough to stay useful. I just don't see a way where the spy program doesn't become a sad joke in short order. There are too many more knowledgeable people who would try to find something like this for sport.
@eidesuppe - Is the last part an unrelated comment, or have I given the impression somewhere that by working for unethical people, I share their malice for the human race?
That asshole Schäuble... who was caught accepting bribes from an arms dealer and had to resign. Didn't stop his career for very long though. Funny how the worst "law and order" proponents always have the most skeletons in their closet. I'm not going to say I wish that assasination attempt had been successful. That would probably be illegal and totally bad taste and might not represent my personal opinions.
As far as I know, he don't need to change the constitution, it ist just a single federal law, which has to be changed. And: Some German States (Länder) alredy have the right to install police trojans. The question is, if vendors of security software will work together with the police, so that their products will not find the Bundestrojaner. I hope not.
I have looked you up in the directory, as discussed in the doghouse thread last week, and not found you. I conclude from this that at least 2 banks have rubbish IT.
I didn't say anything about your malice for the human race, nor for cephalopods.
@dlg: As far as I understand the ruling of the Federal Court of Justice this would already be possible under § 100a StPO, since the data traveling online is part of the "telecommunication" that can be tapped.
A warrant has to be ordered by a judge and the target must be a suspect for one of the delicts explicitely named in § 100a StPO.
The data in your outlook-folder (or whatever mailstorage you use) is not part of the telecommunication, since it already has arrived at your place.
Some of the people posting here should take a walk through the local drug-dealing community and ask themselves afterwards if they really think police should not be able to wiretap or search the mail of drug-dealers, kidnappers and the like.
If you could confiscate the suspects computer and analyze it, this would always be cheaper and easier. But under certain conditions (encrypted file-storage, encrypted email, trying to find the big fish behind the drug-dealer, etc.) a "hack" of the computer of the suspect is the only viable method to get the information.
In Germany the Federal Constitutional Court is a "real" control-instance for laws passed by the parliament and a law that would allow to hack into a computer will only get past that barrier if it has appropriate counterbalance to make sure it does only harm the basic rights (as stated in the Basic Constitutional Law of the Federal Republic of Germany, like secrecy of the post or the sanctities of the home) where there is no other way round and the result is necessary to defend the basic rights of others.
Some of you really have to grow a sense of proportion.
I agree that kidnappers, drug dealers and other "bad people" need their phones and computers tapped. But you'll notice there's already a problem. I had to call them "bad people" because there's no way to categorize them. They're not criminals -- no one's convicted them yet -- so they're just people who are suspected of committing crimes. Once you look at it in those terms, everyone can be a suspect.
Granted Germany is not the USA, but people are the same in many ways, worldwide. In the USA, we're going through a streak of paranoia. Rights that were previously considered sacred are being bent little by little. I pray to my God and yours that this will never happen in Germany, but should it, laws like this one could cause problems for normal law-abiding citizens.
Then there's the problem that crackers don't ACL-protect their hacks. Once a door is open, it's open for the whole world to look inside. Trojans rarely get removed completely. In a large country, any case you can imagine will eventually occur; imagine being wrongfully accused of something, having your computer opened to the world, not just Germany, then being cleared of the crime.
It is better to let ten criminals go free than it is to incarcerate one innocent person. This is one of the keystones of modern, just and enlightened societies.
@kaukomeili: I'm not sure if §100 covers actively interfering with communication, posing as a third entity, etc., as necessary for man in the middle attacks or injection of backdoor programs. But it might well be, I'm not a lawyer.
I also don't worry too much about what will actually be the law after it goes through parliament and eventually the constitutional court. But what Schäuble proposes is outrageous nonetheless. It seems to be a general rule in politics to propose the unreasonable just to have some leverage in the following negotiations. I am never quite sure if our top politicians actually want the crass proposals, or if they speculate on a mild outcome beforehand.
d00d, this is interesting alright. do you think Bin Laden is using a computer in his cave/bunker/tribal-hideout?
One more step to Nineteen-eighty-four.
As in USA is presumpted innocence in Europe is presumpted guilt. We pay "author fee" when we buy new HDD or empty CD/DVD not if we ARE using it for non-legal copies but because we COULD.
And police praxis is first to make house searches and then accuse in case that police find something. Again and again communist secret police practices. They have only a new name...
"And police praxis is first to make house searches and then accuse in case that police find something."
This is the second time, in this blog, I have read somebody assert that the police can search private property if they want; it's not so. Aside from exceptional cases like pursue a fleeing suspect into a property or illegal materials in plain view, the police must have a warrant to search. In practice, the police might try to intimidate you into giving up your rights which is why you should be more assertive. I would have thought that readers of this blog would know the basics about their rights (and responsibilities).
Hmm. And the constitutional ban on the german police spying on its citizens is there because why, again?
I'm scared, how low the respect for the constitution is for most of our politicians.
And I don't see evidence for the attack on Schäuble beeing the root cause for his orwell-style. Schily wasn't any better, without being a victim of an attack.
@ Stephan Samuel
"everyone can be a suspect"
this is true, because everyone could have comitted a crime. but the german law has barriers in place, to keep police from inspecting everyone.
it is not possible for me to accurately translate the german texts, but there are several different intensities of "how" suspect someone is. (i hope this was understandable).
there is a very sophisticated system of checks and balances that tries to keep the harassment of innocents on a level as low as possible, but there will always be some kind of "false positives" (there is an interesting article on that at the freedom-to-tinker blog.
the only thing german judges have a differing opinion on is, afaik, the question if the existing § 102 StPO covers hacking into a suspects computer (because § 105ff StPO that says the suspect has to have a chance to witness a search of his house is just a "you can", not a "you must" law) or if there has to be a new law, with the latter being the official ruling of the court.
i am pretty sure § 100a StPO allows everything from a man-in-the-middle to promiscous-mode ports, since it does not state on how the telecommunication can be spied upon. just that you are allowed to do so.
you are even allowed to interfere with the basic rights of innocent third parties, because using an IMSI-catcher or putting up fake access-points for example is allowed, even though third parties might use this fake device and get their calls/access logged.
but this gets balanced by the fact, that you will only get a warrant for this, if you can't continue the investigation any other way.
this is definitely not orwell, this is basic policework.
orwellian is the way secret agencies tap on peoples phones, mails, etc. - without being under control of judges.
The german law has barriers in place, that's right.
We've seen those barriers in work on Murat Kurnaz who was left alone at Guantanamo Bay for years without evidence.
We know the maut-data shouldn't be misused for police-work when introduced, but few years later, the door opened for police observation.
Todays politic is more and more asking for pragmatic usage of existing or potential technics - civil rights are respectless treated as minor issues, not worth to be mentioned.
I can hear the arguing: "We've got this expensive trojan-technic, why shouldn't we use it against filesharers? If you don't got something to hide ... - data protection is offender protection."
The weird thing about this is how they try to explain the necessity for this. Most of what comes out of politicians mouths in favour of this is plain bullshit.
German-speaking people might be interesting in what I put on bundestrojaner.blogspot.com, comments are welcome (yet moderated).
@ stephan wagner:
i can't see the connection between this debate and murat kurnaz. he was detained by us-forces in a way no civilized country should treat prisoners.
i am not that familiar with the kurnaz case, but i thought the main problem there was, that he was not allowed back into germany - even though it was clear that he had no terrorism-record.
on the other hand i am sure, that the barriers the german law puts up will be ignored in a number of cases by the police and federal prosecutors, but that is because those are humans and not infallible.
for example some of those barriers have been ignored by the police when the son of the Metzlers was kidnapped and killed - and the police told the suspect he will be tortured if he does not say where the boy is.
the reason why i would deem the use of a trojan against file-sharers (and i think this is the main reason many people are against this) is, that a law allowing to hack into suspects computers will need a judge to issue a warrant and it will only be possible to get this for certain enumbered crimes, just like phone-tapping.
and i can't see federal prosecutors doing this to filesharers, since they already dismiss almost all cases against filesharers due to marginal criminal activity. unfortunately they currently do this after requesting names and adresses from isps, so the recording industries (ab)use their powers to get names for their civil cases. but this is a different story.
@ Tobias Weisserth
To be honest, I can't see why anyone could be against this - as long as it is not freely available for every petty crime.
And I am absolutely sure, that a law allowing for this will have a limited action radius - especially since I can't see this being used in a spam-based distribution. prosecution has to be for individuals, so for every single use of this trojan-technic there has to be a tailor-made trojan, fitting the OS, firewall, encryption, root-kit-detection, snort-rules of the suspect. No way will that be used against someone sharing britney-spears-albums (or whatever people are sharing these days). it is plain to expensive.
If you don't object to computer searches without your consent, searches that you can't monitor, searches that include modifications to your computer that might damage your installation and open it up for further misuse, then you certainly won't object to secret searches of your house either. Both affect the same rights. A document that you keep locked in the drawer of your desk is protected by the constitution in a way that police may not search your home secretly to gain access to it. The same MUST apply to documents you keep digitally on your harddrive.
Even if these searches are targeted against a specific suspect, the fundamental rights of this suspect are still violated. How can this suspect defend legally against such an action when it takes place without his knowledge? Especially if this action could lead to planted evidence on his computer. This ain't the same as tapping a phone line. Hacking a computer touches much more sensitive data.
This has to be fought to the utmost. If the government manages to change the constitution, what's next? Since hacking computers in secret is almost the same as searching a house in secret this might be next on the wishlist of our government and you won't be able to reject it since the then changed constitution already allows it in part.
@Woo: "Schaeuble and the other surveillanists said some time ago that they won't task the BKA or other state agencies with development of their federal trojan, they were considering outsourcing it "for the one or other 100kEur" to some private company."
Damn! If I were in the "evil-doer" business, I'd be elbowing and shoving my way to the head of the line for that contract! Heck, even if the actual fee didn't cover the costs of a top-notch development job, I'd take it.
Can you imagine the potential?
The active backing and collusion of a major western government in deliberately spreading malware! Not only would my version do everything the Government asked for, it would do even more! I would be able to "zombie" any "officially sanctioned" computer, and even the (legally-sanctioned) malware-detectors wouldn't raise a peep (if I'd done such a bad job with my BIOS-flashing rootkit that it was detected at all). And I didn't even have to take any legal risk in developing, installing, and otherwise spreading it - the Germans would officially pay me to do it! (As long as nobody noticed the "extras", of course.) There's BIG money in that there contract, so long as you're willing to "over-perform" a bit on the requirements.
Heck, I could even give them the source-code to independently review, in all safety. That's because this is being presented as a "known to exist" infection, so all "freedom first" anti-malware developers will be actively targeting it. That means there *MUST* be a built-in update mechanism, to deal with the ever-changing "threat" of spyware-removal tools. I was "forced" to build in a way to remotely update my spyware, without user intervention. The Government would never even know about the "real code" that immediately "updates" any officially-infected machine. Especially since, to "prevent unauthorized capture and analysis" of surveilled data by evil-doers, I'd be forced to use Tor to handle all clandestine communications, ostensibly back to government servers only, of course.
It wouldn't even break the Tor network - it would vastly improve it! All infected computers would automatically join the onion-routing network. Constant, indecipherable traffic to and from random locations would become the norm on every computer in Germany (and anywhere else my little gem traveled to), so even traffic analysis would be useless in detecting any "extra" activity.
What a colossal joke of a disaster!
Yes - that's the connection I liked to draw - security forces are normally people and produce errors, commit crimes.
A secret trojan, installed against the law might easily be removed, and nobody will mention there was something wrong going on.
Make need for a judgement first doesn't appease me.
I recently read about a person, having his flat searched by the police in a case of less than 100 €. Later another judge judged this was illegal. But the victim had to do without his PC-Equipment for about one year.
Attornys claim, house searches are allowed far too often.
Hidden PC-searches might not be observed.
Power corrupts, and much power corrupts much.
The case of Kurnaz doesn't only show - imho - that the government makes mistakes - it's the way they react to the fact their mistake get's public, which disturbs me:
The lack of respect to human and civil rights in general.
I live in this country. It seems our political leaders - that's what I call them for lack of a better word, though it comes with hesitation - from time to time either don't know what they're talking about or fail to use their head. Wolfgang Schaeuble is famous for both. As Chaos Computer Club pointed out immediately, what are the chance of this not being an invitation for everyone to hack you, and what is your defence against someone - even inside police - planting evidence on your computer? It HAS happened before. And seriously, we are talking about my computer, my property, my freedom.
Fortunately, the supreme court has ruled against his plans before (causing him to think about a change of constitution, oh dear), and there is quite some resistance to him in his own coalition. With any luck, his push will be defeated. I certainly do hope so.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.