Published time: March 25, 2013 18:16
A delegate installs a sign during a party meeting of the Pirate Party (Piraten Partei) in Bochum November 24, 2012.(Reuters / Ina Fassbender)
The Pirate Party is requesting that Germany’s Federal Audit Office investigate whether the Federal Criminal Police (known as Bundeskriminalamt, or BKA) have breached the law on economical use of funds.
The BKA bought the trojan spyware from the UK’s Gamma. News emerged of the purchasing in January, according to Netzpolitik.org, a German blog relating to digital issues throughout the world.
The FinFisher/FinSpy toolkit is installed after the target accepts installation of a fake update to commonly used software. The kit is designed to evade detection by anti-virus software.
“The Federal Government and the BKA wasting millions of tax dollars for the purchase and testing of this software is unconstitutional,” the Pirate Party wrote on its website.
It claims the FinFisher/FinSpy software breaches a Constitutional court ruling on secret internet surveillance, referring to a 2008 landmark case in which the Federal Constitutional Court of Germany ruled that surveillance software targeting telecommunications must be technologically limited to a specific task.
Netzpolitik.org says that “current research suggests that the FinFisher/FinSpy toolkit consists of a basic module (the trojan) that can also remotely load additional ‘feature modules,’ for example a module for recording Skype conversations.”
Analysts who have looked at the spyware parts told the site that they have not seen limits on what additional modules can be loaded or even a signature verification of additional modules. If this is indeed the case, it would clearly violate German law.
The BKA bought the spyware to use as a temporary measure to last until it has developed its own internet telephony eavesdropping software. The software is due to be up and running before the end of 2014.
The information has prompted the Pirate Party to fight the use of the spyware, saying the BKA should instead invest its money in training its own employees.
“The BKA should put its money in the training of its computer forensics staff, creating a real safety advantage, rather than spend it on unconstitutional software,” deputy national chairman of the Pirate Party of Germany, Sebastian Mink, said on the party website.
But the Pirate Party says there’s even more reason to be weary of the spyware, and directed a message to the German government: “You go with it in bad company: dictatorships around the world use FinFisher to suppress democratic movements.”
The sentiment has been echoed by Netzpolitik.
“With strong clues that authoritarian regimes such as Bahrain, United Arab Emirates, Qatar, Ethiopia, Mongolia, and Turkmenistan are using these products, the German state is sending a dangerous political message by using exactly the same software,” the site read.
Those running the blog are calling for export restrictions to stop the sale of western surveillance technology to regimes known for their human rights violations.
The Chaos Computer Club (CCC) has also publicly criticized the German government for its use of FinFisher.
It’s not the first time Germany has come under fire for its use of software. In October 2011, the CCC analyzed DigiTask malware used by the German government, claiming it was badly programmed, lacked elementary security, and was in breach of German law.