Mass surveillance: "Snowden revelations have become a wish list"


Whistleblower Edward Snowden's publications on the extensive capabilities and powers of the NSA for mass surveillance have led small countries to catch up. "The Snowden revelations have become a wish list," stated Frank Rieger, spokesman for the Chaos Computer Club (CCC), on Friday at the conference "Das ist Netzpolitik" in Berlin. They are talking about a "massive increase in hacking capacities" of state authorities, "hardware implants" for the pre-installed interception of traffic or access to the cloud systems of large Internet groups.

Google, Apple, Facebook and Amazon are now so powerful themselves that they are "equal partners for states," said Rieger on the Conference on the 15th anniversary of out. It comes to a merger of monitoring interests, "which is stronger and stronger." If government agencies bought cloud services for these "megacorps", they would not have "more user interests" in their heads. Rather, they set out to strengthen cooperation with the states.

It is helpful that authorities such as the Central Information Security Office (Zitis), for their part, work to build up clouds for the police and intelligence services. In addition, technology in the computer clouds is increasingly watching people via "intelligent video surveillance" and recognizing individuals, for example, on the face or in the aisle.

Chinese products were already designed to ship as much data as possible, the hacker set another example. Surveillance cameras, vacuum cleaner robots or routers sent the network configuration to the Middle Kingdom, allowing for a kind of catch circuit. The networked device then say "At home in the cloud, I'm here." This has nothing to do with compulsion, but make the remote maintenance easier. Again, there are common interests between companies and the government in Beijing, which can then usually tap the data sent.

The increasing good cooperation between IT companies and the state also paid off with the Crypto Wars, warned Rieger. The debate over cryptography has flared up again, as there are hardly any unencrypted network connections. The keys would be managed by the corporations and transmitted to the users of their servers. A provider could also simply set, "the connection to this person is secretly a group connection" and then there was "the key for the police in there". This could read the plain text so inconspicuously.

The supposed end-to-end encryption will be "enhanced, not broken," said the IT security expert. So everything runs "under the rule of law" from under the US government issued keyword of "responsible encryption". The state must balance the interests of public safety and privacy, the good must be able to look, loud announcement. The corresponding pressure on the providers is extremely strong in the US, but will also increase in this country, predicted Rieger. Then one could "trust no product where the key is assigned unverifiable".

Attempts to use the physical access to devices through clandestine searches for the introduction of surveillance software, according to the hacker in this country are already on the rise. While local security agencies often lack the know-how to install such malware over the network on target systems, at least they have enough personnel "who can break in secret". Then it would be easy to send state trojans, for example, via USB stick to a PC or a smartphone.

In addition, according to Rieger, there is again the trend from China to "trojanize entire population or interest groups". According to reports, Beijing "opened tens of thousands of phones via websites," which focused primarily on the Muslim minority of the Uyghurs. In Germany, such an approach is expected to be "not so fast legal, but other services will do more". If the agents first had an exploit for iOS or Android, for example, and could thus exploit security holes, they also wanted to "get as much benefit out of it as possible" and even "jeopardize" if possible even prophylactically.