Debate rages over German government spyware plan

IDG News Service - When it comes to who can and who can't be a hacker, the German government appears to want to have its cake and eat it, too.

After passing anti-hacking legislation earlier this year to crack down on the sharp rise in computer attacks in the public and private sectors, the government is now floating a plan to develop and smuggle its own spyware on to the hard drives of suspected terrorists through e-mail messages.

German Interior Minister Wolfgang Schäuble has been feverishly seeking support for a new security law that would allow federal authorities to investigate suspects' Internet use and stored data without their knowledge, ever since the country's Federal Court of Justice halted their cybersnooping activities in February. The judges argued that the hacking of computers by the police is not permitted under Germany's strict phone-tapping laws and that legislation would be needed to enable covert surveillance.

Schäuble's efforts to introduce a security law with wider police surveillance powers have, however, led to a heated debate that nearly exploded late last week when a copy of the proposed security law was leaked to the German media. The measure would allow authorities to install Trojans carrying remote forensic software on suspects' hard drives.

While Schäuble has said that government cyberspying would only be conducted in a handful of exceptional cases and only on those suspected of planning terrorist attacks, critics say he may have overstepped his bounds.

Max Stadler, a security expert with the German Free Democratic Party, warned in a ZDF television interview last week that the Interior Ministry's spyware plan would weaken the trust of German citizens in government. He referred to the government Trojan as "an invasion into the private sphere."

Magnus Kalkuhl, a virus specialist at the German office of Russian security software vendor Kaspersky Lab Ltd., said the plan "would undermine the very purpose of security software, which is to plug -- not make -- security holes." The idea of allowing officials in one specific country to snoop also disturbs Kalkuhl. "What's going to prevent police in Germany from breaking into computers in Italy?" he asked.

And even if the government approves the use of spyware, Wolfgang Wieland, a member of the Green Party, told the Berliner Zeitung newspaper last week that he questions the success of a measure that assumes suspects know little about computers and won't detect and remove Trojans and other spyware. It's naive to believe that terrorists, who live in a world of conspiracy, would trip over something as obvious as e-mail from an unfamiliar source, he said.

In defense of the plan, Schäuble said in an interview with Deutschlandradio last week that police need to keep pace with terrorists and criminals, who shouldn't be allowed to use cyberspace as a protected area. The plan, he said, isn't to control everyone's computer but rather only those machines used by suspected criminals and terrorists and only for a limited period of time.