Once again, Schwarz-Rot disregarded warnings from experts about a disproportionate and thus potentially unconstitutional initiative and channeled the draft law on the “adaptation of the constitutional protection law” through the Bundestag. With the decision of Thursday, the Federal Office for the Protection of the Constitution (BfV), the Federal Intelligence Service (BND), the Military Shielding Service (MAD) and the constitutional protection offices of the federal states will be allowed to use state trojan messenger communication via WhatsApp, Signal or Threema as well as Internet calls and Monitor video calls.
The opposition voted unanimously against the project, with which the legislature, according to lawyers, is “running into unconstitutionality” with sight. Overall, the draft passed the plenary session with 355 votes to 280, with four abstentions. The so-called Quellen-TKÜ plus is permitted. The agents are not only allowed to tap the ongoing communication directly on the hacked end device before it has been encrypted or after it has been decrypted. In addition, there is the license already provided in the draft of the federal government, according to which you can also access saved chats and emails.
Telecommunications service providers are responsible
Providers of telecommunications services must support the “authorized bodies” in “bringing in” “technical means” such as state Trojans for the source TKÜ and redirecting the communication to them. Experts and providers complained about a particularly high potential for abuse: This not only diverts a copy of the communication, but also enables the data to be manipulated by the secret services in a targeted manner.
With an amendment, the grand coalition made it clear that the obligations “only apply to those who operate a telecommunications system with which publicly available services” are provided. This means that providers of app stores or individual applications are left out. In addition, Schwarz-Rot has introduced a special obligation to report on measures taken by the Quellen-TKÜ.
Interpretation sovereignty over the political expression on the net
MEPs have also expanded their powers to monitor individuals rather than groups, giving the secret services a wide margin of discretion. They justify this primarily with dangerous activities of individuals on the Internet. The digital society association fears: “With such a discretion, the constitutional protection offices are given an even greater authority to interpret political expression on the Internet. Instead of formulating precise rules for secret services, they are largely given a free hand.”
In the police sector, constitutional complaints are pending against the existing options for the use of state Trojans. The Federal Criminal Police Office and the Federal Prosecutor General have not used the instrument in recent years. Nevertheless, the Bundestag has the parallel Draft for the reform of the Federal Police Act and thus also granted the special police responsible for train stations, airports and national borders the authority to play federal Trojans on suspect devices with the reservation of a judge. The opposition voted against.
Tampering and Identity Theft
With their amendment to the previous draft of the law for the “Modernization of the Legal Basis of the Federal Police”, the CDU / CSU and SPD have deleted the possibility of access to already saved content and circumstances of communication within the framework of the sources TKÜ. However, there is general permission to monitor WhatsApp & Co. with the tool. Andrea Lindholz (CDU) emphasized that the clause is primarily restricted to human trafficking and smuggling.
The Federal Data Protection Commissioner Ulrich Kelber warned during the legislative process that the former border guards would also receive access data for online services such as passwords in clear text with the data stream recorded via source TKÜ and thus comprehensive access to e-mail inboxes and cloud storage. Even unnoticed manipulation and identity theft would be possible. It even contained a “constitutionally highly problematic extension of the sources TKÜ” to even more extensive clandestine online searches.
Monitoring without a specific initial suspicion
From now on, the federal police may also preventively monitor the telecommunications of citizens, for example “to ward off an urgent danger to the existence or security of the federal government or a country or to the life, limb or freedom of a person”. This even applies to cases without a specific initial suspicion and also applies to the source TKÜ. Here, given the depth of such an encroachment on fundamental rights, the threshold is set far too low, Kelber criticized. For example, the strict conditions set by the Federal Constitutional Court for recording contact persons would be undermined.
The authority of the Federal Police to carry out identification measures, such as taking fingerprints, is also being expanded to include cases of crimes that have not yet been committed. The officers are also allowed to take unrestricted action against “remote manipulated devices” such as drones. The area of activity of the Federal Police is generally being expanded significantly. In the future, at the request of a public prosecutor’s office, it will be able to act in complex cross-border issues such as groups of perpetrators who have concentrated on breaking into ticket and ATM machines, smuggling crime, vehicle theft, the import of drugs or burglary.
IT security in Germany “maximally modest”
The Bundestag has also introduced a legal basis for the transmission of image recordings that the Federal Police has made in their area of responsibility to the police forces of the federal states. The prerequisite is that the transfer is necessary and the recipients are entitled to create the recordings themselves. The same applies to the use of automatic image recording devices by the federal police, such as body cameras, by the state police.
The “GroKo” was coming in the last hours of the legislative period with devastating, half-baked and constitutionally highly problematic instruments, criticized the Green Konstantin von Notz: Everyone from the Chaos Computer Club (CCC) to the tech giants had said: “Please don’t do it. ” The vulnerabilities required for Trojans would affect 82 million people and the economy. Other intelligence services could go through these just like criminals. It is therefore not surprising that Germany is “as modest as possible” in the area of IT security. State hacking would not have prevented a single attack.
“Security Policy as a Security Risk”
Stephan Thomae (FDP) recalled that Saskia Esken, co-chair of the SPD, had just described state Trojans as a “fundamental interference with our freedom rights”. The SPD nonetheless surrenders civil rights without need and operates security policy as a security risk. “Today is a black day for civil rights,” added the liberal Konstantin Kuhle. The leftist André Hahn emphasized: The constitutional protection reform was “very obviously unconstitutional”.
The Jusos had their “comrades” on Wednesday A fire letter also called for the license for state Trojans to be deleted from both laws. The SPD is not allowed to support an initiative in which the sources TKÜ plus is already possible “below the threshold of a concrete suspicion”. The youth organization also recalled that “the work of the constitutional protection offices in particular has been shaped by scandals in recent years”. The resolutions caused “massive damage and loss of credibility” to the party.
Damage to the freedom of the press and the protection of digital sources
Uli Grötsch (SPD) defended the new constitutional protection law. The coalition had to react due to the increasing radicalization of individual perpetrators on the Internet. It is important to be brave. The enemies of the free-democratic order communicated via messenger. Anyone who speaks of mass surveillance of citizens is telling the untruth. Michael Kuffer (CSU) emphasized that extremism could not be fought with funds from the era of the rotary dial. The Greens worked directly into the hands of terrorists.
“The amendment to the Constitutional Protection Act shoots far beyond the goal of an efficient fight against crime with completely disproportionate measures,” complained the IT association Bitkom. The new obligation “to provide information about the structures of networks, services and systems to government agencies” is “diametrically opposed to the security requirements of critical infrastructures that are worth protecting”. The media organization Reporters Without Borders announced that it would “quickly file a constitutional complaint” together with lawyer Niko Härting. The expanded state hacking threatened serious damage to the freedom of the press and the protection of digital sources.