Debate rages over German government spyware plan
Irony of government propagating malware after cracking down on research? Noted
IDG News Service - When it comes to who can and who can't be a hacker, the German government appears to want to have its cake and eat it, too.
After passing anti-hacking legislation earlier this year to crack down on the sharp rise in computer attacks in the public and private sectors, the government is now floating a plan to develop and smuggle its own spyware on to the hard drives of suspected terrorists through e-mail messages.
German Interior Minister Wolfgang Schäuble has been feverishly seeking support for a new security law that would allow federal authorities to investigate suspects' Internet use and stored data without their knowledge, ever since the country's Federal Court of Justice halted their cybersnooping activities in February. The judges argued that the hacking of computers by the police is not permitted under Germany's strict phone-tapping laws and that legislation would be needed to enable covert surveillance.
Schäuble's efforts to introduce a security law with wider police surveillance powers have, however, led to a heated debate that nearly exploded late last week when a copy of the proposed security law was leaked to the German media. The measure would allow authorities to install Trojans carrying remote forensic software on suspects' hard drives.
While Schäuble has said that government cyberspying would only be conducted in a handful of exceptional cases and only on those suspected of planning terrorist attacks, critics say he may have overstepped his bounds.
Max Stadler, a security expert with the German Free Democratic Party, warned in a ZDF television interview last week that the Interior Ministry's spyware plan would weaken the trust of German citizens in government. He referred to the government Trojan as "an invasion into the private sphere."
Magnus Kalkuhl, a virus specialist at the German office of Russian security software vendor Kaspersky Lab Ltd., said the plan "would undermine the very purpose of security software, which is to plug -- not make -- security holes." The idea of allowing officials in one specific country to snoop also disturbs Kalkuhl. "What's going to prevent police in Germany from breaking into computers in Italy?" he asked.
And even if the government approves the use of spyware, Wolfgang Wieland, a member of the Green Party, told the Berliner Zeitung newspaper last week that he questions the success of a measure that assumes suspects know little about computers and won't detect and remove Trojans and other spyware. It's naive to believe that terrorists, who live in a world of conspiracy, would trip over something as obvious as e-mail from an unfamiliar source, he said.
In defense of the plan, Schäuble said in an interview with Deutschlandradio last week that police need to keep pace with terrorists and criminals, who shouldn't be allowed to use cyberspace as a protected area. The plan, he said, isn't to control everyone's computer but rather only those machines used by suspected criminals and terrorists and only for a limited period of time.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts