License to hack: domestic Internet intelligence powers growing in Germany

By EDRi · September 13, 2006

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The domestic intelligence agency (Verfassungsschutz) in the German state of
North-Rhine Westfalia (NRW) will be allowed to hack into the computers of
terrosist suspects, if a bill currently under discussion in the state
parliament is adopted. According to the bill, the agency will get the new
competence for “clandestine observation or other reconnaissance of the
Internet, in particular the hidden participation in its communication
facilities or the search for them, and clandestine access to information
technology systems by technical means”.

The entire ruling conservative-liberal coalition is arguing that this is
only a clarification of existing competences for communication
interception and the social democratic party is opposing the bill. Karsten
Rudolph, spokesperson for domestic affairs of the SPD in NRW, called the
new regulation “governmentally organized trespassing”. The public
justifications for this enlargement of intelligence powers are in fact
questionable. Liberal Domestic Affairs minister Ingo Wolf refers to the
fact that the alledged suitcase bombers, who were caught in Germany
recently after a futile attempt to blow up two trains, had found the plans
for building their bombs on the Internet. But he did not explain how
intelligence service hackers could have detected or even prevented this,
given the fact that the assassins had not attracted any attention before.

Another change in the NRW intelligence agency act, according to the bill,
would be the duty of banks, telcoms and other industries to give
information about their customers to intelligence agents if asked by them.
This obligation, introduced after the attacks of 11 September 2001, was
applied so far only if the perceived threat to the constitution and the
state were a foreign power or an international terrorist organization. Now,
corporations would also have to give information about their customers in
cases of “efforts which are directed against the liberal democratic
fundamental order, the existence or the security of the federal republic or
a state, or which aim at an illegal interference with the administration of
the constitutional powers of the federal republic or its members”.

Publicly, this is referred to as “terrorism”, but in the German past has
on various occasions also hit political opposition movements as well as
religious groups.

The new bill seems to be part of a conservative campaign to establish
extensive domestic surveillance powers for the Internet. Federal domestic
affairs minister Wolfgang Schäuble announced further plans for widening
intelligence powers on the Internet, and the German government recently
decided to raise personell and spending for Internet activities of the
federal domestic intelligence agency. In the state of Schleswig-Holstein,
the conservative government is planning to establish a mandatory data
retention scheme for web anonymizer services, which would go much further
than the EU data retention directive envisages. The federal crime agency
(BKA) is currently working on a central database for Internet
investigations. German law enforcement agencies are already “patrolling”
the public parts of the Internet without initial suspicion, and have
established a coordination agency for this as early as 1998.

While the Internet gets more and more into the focus of law enforcement
and intelligence agencies, other sectors have lost their atractiveness.
The new bill in NRW upholds the information duty for companies about their
customers only for the financial services sector and for
telecommunications providers. The regulations that so far had also
established this duty for postal services and airlines will be cancelled.

The bill for the change of the domestic intelligence act of NRW (only in
German, 3.07.2006)
http://www.landtag.nrw.de/portal/WWW/Webmaster/GB_I/I.4/Dokumentenarchiv/dokument.php?k=MMD14/2211

The present act of the domestic intelligence of NRW (only in German,
18.12.2002)
http://www.im.nrw.de/sch/seiten/vs/gesetze/verfschutzg.htm

Heise news (in German) on the new bill (only in German, 31.08.2006)
http://www.heise.de/newsticker/meldung/77519

Heise news (in German) on the extension of Internet surveillance (only in
German, 23.08.2006)
http://www.heise.de/newsticker/meldung/77160

Minister of Justice criticizes anonymization service (23.08.2006)
http://www.heise.de/english/newsticker/news/77162

Ralf Bendrath blog – Internet privacy and related topics
http://bendrath.blogspot.com/

(contribution by Ralf Bendrath, EDRi member Netzwerk Neue Medien)