Crypto Wars 3.0: renewed dispute over source TKÜ

The Federal Ministry of the Interior relies on the source TKÜ for criminal prosecutors to bypass encryption. In doing so, it wants to forego a statuto
Crypto Wars 3.0

The Federal Ministry of the Interior relies on the source TKÜ for criminal prosecutors to bypass encryption. In doing so, it wants to forego a statutory regulation. The Federal Data Protection Commissioner opposes the government.

Because of the ever-stronger encryption technology, the Federal Ministry of the Interior (BMI) believes it is imperative that investigative authorities also start at the source to intercept a message before it is encrypted. This emerges from the response of the Federal Ministry of the Interior to a request from the Left MP Andrej Hunko in the Bundestag.

Facilitate the use of Trojans

When decrypting encrypted messages in investigative proceedings, the technical means are limited, explains the Parliamentary State Secretary Günter Krings in the response of the Federal Ministry of the Interior. "In this case, an attempt can be made to route the communication to the IT system on which it is encrypted before it is encrypted (source TKÜ)." For Hunko, it is clear: "The debate about breaking encryption is for this purpose To facilitate the use of Trojans. "

In source telecommunications surveillance (Quellen-TKÜ), investigators install a program also known as a "state trojan" on a suspect's computer. This is intended to record e-mails, Internet telephony, or chats directly on the system before the program encrypts the communication.

Currently, there is only a legal basis for terrorist investigations by the Federal Criminal Police Office (BKA). The Federal Constitutional Court has developed special requirements for the use of the source TKÜ and online searches.

Not finished yet

The BKA is currently pursuing two approaches to develop its system and commercial software from Gamma / FinFisher. The in-house development is still in the development phase, explained a spokeswoman for the interior ministry to hackerspunk online.

A specific date for the operational readiness could currently be given "not yet with sufficient accuracy." In the case of commercial software, there is currently "a source code check of the software for compliance with the relevant framework conditions, particularly about data protection and IT security requirements." Here too: no appointment.

The Federal Ministry of the Interior does not consider a unique legal basis necessary for the sources TKÜ. Krings emphasized that "no data is obtained that would not also be obtained through 'conventional' telecommunications surveillance." Krings cited Paragraph 100a of the Code of Criminal Procedure (StPO), Paragraph 20 l of the BKA Act, and the G- 10 law on the restriction of the secrecy of letters, mail, and telecommunications.

Nevertheless, according to the coalition agreement, a revision of the legal basis is on the agenda. It says: "We will clarify the rules on source telecommunications monitoring more precisely to, among other things, support the Federal Criminal Police Office in fulfilling its tasks."

Federal Data Protection Commissioner Andrea Voßhoff, however, emphasizes that there is currently a legal basis solely with the provisions of the BKA Act on combating international terrorism. Paragraph 100a StPO cited by Krings is in light of the Federal Constitutional Court "not a suitable legal basis for the source TKÜ." After the Karlsruhe ruling, the Federal Prosecutor's Office saw it that way.

"In the opinion of the court, the legislature must limit the risks associated with the infiltration of the system," explains Vosshoff. These risks do not only arise when investigators read out the bugged system. "They can arise beforehand if an authority has security vulnerability.

The data protection officer emphasizes that the Code of Criminal Procedure provisions do not contain any provisions for any of this, as they are not intended as a legal basis for a source TKÜ. There is currently no legal basis for the use of source TKÜ for the intelligence services either.

Hot iron spring TKÜ

At the moment, nobody in the SPD's coalition partner wants to touch the hot iron springs TKÜ. It is still completely unclear whether there is even a technical solution that meets the strict requirements of the Federal Constitutional Court, according to the Social Democrats.

Gerold Reichenbach, the reporter for the SPD's data protection and IT security in the Bundestag, sees Berlin as being on the train: "The federal government must first do its homework and ensure that the investigators are given legally compliant means."

Green Konstantin von Notz also calls for clarity and, in addition, a "ban on security authorities buying security loopholes, deliberately keeping them open and obstructing them" as well as "better control of the Exports of Appropriate Techniques.

" Hunko also criticizes "the contradictory Internet policy of the federal government": The Federal Office for Information Security is promoting encryption, but the BKA and the Office for the Protection of the Constitution are looking for back doors. Hunko: "It's not just paradoxical. It's schizophrenic." (Vbr)

Post a Comment