Entries Tagged "Germany"

Page 3 of 4

German Courts Rule on Spying in Cyberspace

Good ruling:

The Federal Constitutional Court in Karlsruhe said cyber spying violated individuals’ right to privacy and could be used only in exceptional cases.

More info:

Germany’s Federal Constitutional Court has rejected provisions adopted by the State of North Rhine-Westphalia that allowed investigators to covertly search PCs online. In its ruling, the court creates a new right to confidentiality and integrity of personal data stored on IT systems; the ruling expands the current protection provided by the country’s constitutional rights for telecommunications privacy and the personal right to control private information under the German constitution.

In line with an earlier ruling on censuses, the judges found that the modern digital world requires a new right, but not one which is absolute ­ exceptions can be made if there is just cause. The judges did not feel that the blanket covert online searches that North Rhine-Westphalia’s (NRW) provisions allowed fell under that category; rather, these searches were found to be a severe violation of privacy.

The court explained that strict legal provisions apply for covert online searches of PCs, as with exceptional cases of telephone tapping or other exceptions to the right to privacy. Specifically, the judges say that private PCs can only be covertly searched “if there is evidence that an important overriding right would otherwise be violated.”

More articles. Commentary. And here’s the ruling—in German, of course.

Posted on March 12, 2008 at 6:18 AMView Comments

More on the German Terrorist Plot

This article is a detailed writeup of the actual investigation. While it seems that intercepted emails were instrumental at several points during the investigation, the article doesn’t explain whether the intercepts were the result of some of the wholesale eavesdropping programs or specifically obtained for this case.

The US intelligence agencies, the NSA and CIA, provided the most important information: copies of messages between German Islamists and their contacts in Pakistan. Three people in Germany were apparently the ones maintaining contact. The first was a man with the pseudonym “Muaz,” who investigators suspected was Islamist Attila S., 22. The second was a man named “Zafer,” from the town of Neunkirchen, who they believed was Zafer S., an old friend of Daniel S., one of the three men arrested last week. According to his father, Hizir S., Zafer is currently attending a language course in Istanbul. The third name that kept reappearing in the emails the NSA intercepted was “Abdul Malik,” a.k.a. Fritz Gelowicz, who prosecutors believe was the ringleader of the German cell, a man Deputy Secretary Hanning calls “cold-blooded and full of hate.”


While at the Pakistani camp in the spring of 2006, Adem Y. and Gelowicz probably discussed ways to secretly deliver messages from Pakistan to Germany. They used a Yahoo mailbox, but instead of sending messages directly, they would store them in a draft folder through which their fellow Islamists could then access the messages. But it turned out that the method they hit upon had long been known as an al-Qaida ploy. The CIA, NSA and BKA had no trouble monitoring the group’s communications. Two men who went by the aliases “Sule” or “Suley” and “Jaf” kept up the contact from the IJU side.

This is also interesting, given the many discussions on this blog and elsewhere about stopping people watching and photographing potential terrorist targets:

Early in the evening of Dec. 31, 2006, a car containing several passengers drove silently past the Hutier Barracks in Lamboy, a section of the western German city of Hanau. Hanau is known as the home of a major US military base, where thousands of US soldiers live and routinely look forward to celebrating New Year’s Eve in their home away from home. The BfV’s observation team later noted that the car drove back and forth in front of the barracks several times. When German agents finally stopped the car, they discovered that the passengers were Fritz Gelowicz, Attila S. from the southern city of Ulm, Ayhan T. from Langen near Frankfurt and Dana B., a German of Iranian descent from Frankfurt who, when asked what he and the others were doing there, claimed that they had just wanted to see “how the Americans celebrate New Year’s Eve.”

Posted on September 21, 2007 at 4:00 AMView Comments

Terrorist Plot Foiled in Germany

Score one for the good guys.

EDITED TO ADD (9/7): The more I read about this, the more obvious it is that intelligence and investigation is what caught these guys, and not any wholesale eavesdropping or data mining programs.

EDITED TO ADD (9/18): This article is a detailed writeup of the actual investigation. While it seems that intercepted emails were instrumental at several points during the investigation, the article doesn’t explain whether the intercepts were the result of some of the wholesale eavesdropping programs or specifically obtained for this case.

Posted on September 6, 2007 at 11:57 AMView Comments

New German Hacking Law

There has been much written about the new German hacker-tool law, which went into effect earlier this month.

Dark Reading has the most interesting speculation:

Many security people say the law is so flawed and so broad and that no one can really comply with it. “In essence, the way the laws are phrased now, there is no way to ever comply… even as a non-security company,” says researcher Halvar Flake, a.k.a. Thomas Dullien, CEO and head of research at Sabre Security.

“If I walked into a store now and told the clerk that I wish to buy Windows XP and I will use it to hack, then the clerk is aiding me in committing a crime by [selling me] Windows XP,” Dullien says. “The law doesn’t actually distinguish between what the intended purpose of a program is. It just says if you put a piece of code in a disposition that is used to commit a crime, you’re complicit in that crime.”

Dullien says his company’s BinNavi tool for debugging and analyzing code or malware is fairly insulated from the law because it doesn’t include exploits. But his company still must ensure it doesn’t sell to “dodgy” customers.

Many other German security researchers, meanwhile, have pulled their proof-of-concept exploit code and hacking tools offline for fear of prosecution.


The German law has even given some U.S. researchers pause as well. It’s unclear whether the long arm of the German law could reach them, so some aren’t taking any chances: The exploit-laden Metasploit hacking tool could fall under German law if someone possesses it, distributes it, or uses it, for instance. “I’m staying out of Germany,” says HD Moore, Metasploit’s creator and director of security research for BreakingPoint Systems.

“Just about everything the Metasploit project provides [could] fall under that law,” Moore says. “Every exploit, most of the tools, and even the documentation in some cases.”

Moore notes that most Linux distros are now illegal in Germany as well, because they include the open-source nmap security scanner tool—and some include Metasploit as well.

The law basically leaves the door open to outlaw any software used in a crime, notes Sabre Security’s Dullien.

Zoller says the biggest problem with the new law is that it’s so vague that no one really knows what it means yet. “We have to wait for something to happen to know the limits.”

Posted on August 28, 2007 at 1:32 PMView Comments

More on Smell Samples

Earlier this month, I blogged about a library of people’s smells kept by the former East German police. Seems that the current German police is still doing it:

The Stasi secret police used scent gathering in Communist East Germany, collecting smells in empty jam jars and storing them. The method has reminded Germans of that failed regime of snoopers, and was highlighted in the recent Oscar-winning film “The Lives of Others” about a Stasi surveillance officer.

The domestic policy spokesman for the Social Democrat Party, Dieter Wiefelspütz, finds the new weapon “pretty bizarre.” But he knows that unappetising though it may be, the method has been employed by German investigators for a long time.

In legal terms, recording someone’s body odour is no different than taking their finger prints. It’s covered by the criminal statue book. The scent contains a person’s identity just like the lines of his finger tips or his DNA.

Taking someone’s DNA is subject to strict conditions but the law permits finger printing and scent recording whenever police deem it necessary as part of a criminal investigation—which means virtually always. Erhard Denninger, an expert on Germany’s justice system, has no problem with scent analysis. “It’s harmless by comparison with sledgehammer plans like searching people’s computers,” he said.

Suspects are told to hold several 10 centimeter steel pipes in succession for several minutes each.

There are strict rules governing this procedure. The interior minister of the state of North Rhine-Westphalia has decreed that “persons must contaminate the metal tubes through their hands”, and that the aromatic traces thereby recorded “be secured in glass containers in dry condition.”

It sounds harmless. But a number of defence lawyers, Düsseldorf-based Udo Vetter among them, advise their clients not to agree to scent recording. If the state sniffs the sweat of its citizens, it amounts to a “considerable intrusion into one’s intimate sphere,” he says.

The complexity of collecting someone’s scent is the theme of Patrick Süskind’s novel “Perfume”, recently made into a movie, in which an 18th century murderer wraps beautiful women in cloths which he later boils. Unlike in real life, the perfume specialist chose to kill his victims before taking their scent.

Posted on August 1, 2007 at 2:05 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.