At a hearing in the Bundestag on Monday, experts voiced considerable constitutional concerns about the federal government’s plan to enable German secret services to use state Trojans to monitor messengers in the future. The legislature is thus “seeing the unconstitutionality”, warned Benjamin Rusteberg, a state lawyer from Göttingen.
With the envisaged extended source telecommunication monitoring (Quellen-TKÜ plus), employees of the Federal Office for the Protection of the Constitution (BfV), the Federal Intelligence Service (BND), the Military Shielding Service (MAD) and the constitutional protection offices of the federal states should also be able to access saved chats and other messages. Rusteberg criticized that this would not do justice to the requirements of the fundamental right to confidentiality and integrity of IT systems.
“Considerable potential for abuse”
Rusteberg sees a “very considerable potential for abuse” in the planned, far-reaching obligations to cooperate and tolerate service providers. In this way, not only is a copy of the communication diverted, but targeted manipulation of the data by the secret services is enabled: “Anything could be played onto anyone’s computer.” One of the plans is to install a Trojan horse via a Windows update without the help of Microsoft. The provider could then no longer guarantee.
In urgent cases, all-round surveillance would be feasible, the co-editor of the constitution blog pointed out. The G10 Commission, which is actually supposed to control interference in telecommunications secrecy by the secret services in advance, could not intervene here for the time being. Any subsequent judicial control is also “practically extremely weak” in the secret service system. The spies could further argue that the clause also allowed them to access communications between users and voice assistants such as Alexa and Siri. However, listening in in the room should not be switched on.
“Extremely serious intervention”
Kurt Graulich, ex-judge at the Federal Administrative Court, also rated the source TKÜ combined with a “hard drive inspection” as an “extremely serious intervention”. He already missed the fact that the necessary factual prerequisites were described. The former investigator in the BND-NSA scandal was “very surprised” that the instrument was intended for all intelligence services and that it was not differentiated according to their different tasks: this “definitely does not meet the proportionality requirements”. His major sentence is therefore: “This law should not come.” If the grand coalition insists on “such a spectacular settlement”, it would at least have to be limited in time and the control regime would have to be improved.
Ralf Poscher, Director of the Max Planck Institute for Research into Crime, Security and Law, criticized the fact that the widespread use of state Trojans should simply be introduced as a “foreign body” into the G10 law, which allows the secret services to intervene in telecommunications secrecy. At this point it seemed to him “as if the legislature itself had been misled”. What would be needed would be an “independent substantive and legal norm of authority”. In the current version, however, it would not be clear whether the agents might not also investigate communication chains and threads, some of which went back years. In addition, the required particularly high intervention thresholds were missing.