Germany is about to pass a law that allows german intelligence agencies to use trojan software on its citizens without any reasons for suspicion.

Germany is about to pass a law that allows german intelligence agencies to use trojan software on its citizens without any reasons for suspicion.


Have I misread this? The government can just legally spy on its citizens and install Trojans without any reason to do so? Isn‘t this just what Snowden revealed about the NSA (PRISM) in 2013?


We understand the reason but it is still not okay. They want to monitor people while they are preparing for a crime. This opens to many doors for abuse. It already happened and will happen. Classical police work already works as you can see with the latest crypto messenger operation.


Minority report?


Yes it is something like this but inbetween. Yes I believe they will try to implement something like from minority report but the step we are seeing now is a step inbetween. They try to make legitimate looking steps as long as possible. I don't support it, I just perceive what is happening and evolving for a long time.


I am feeling veeeery tired lately..


I wish it would just fucking end already.


Sadly I don’t think it will


Great observation. The intermediary steps of an unpopular plan are better implemented over generational spans of time. This makes it intentionally more difficult to discern intent and destination at any given time.


My friend from Germany compared it to StaSi tactics.


Because it is exactly that.




I mean, we [already had police officers looking up data](https://netzpolitik.org/2020/datenmissbrauch-durch-polizeibeamte-keine-einzelfaelle-nsu20-hessen/) for various people without legal reason so you can be sure this will be abused as well. Also, shortly after the data for those people was accessed, they started to get threatening letters from right-wingers. Curious.


Heck, not only would it open doors for abuse, but might in fact create and gather so much data and noise to render it useless and perhaps even a worse solution. I’m sure I read heard Snowden mention something about this paradox... (I think even there were examples given like Boston bombings)


YouTube and other tech giants can't get their shit together in their algorithms to discern media that should be flagged/reported versus false flags. I doubt any government is going to do much better.


Do you guys have a court order process? Like some kind of judicial oversight of these spying requests so the police don't become the Stasi?


the law hasn't passed yet, but that's the general idea. Also it is not like PRISM, it is about spying on individual people by putting malware (trojans) on their computers, which is not as simple as it sounds


If we don't get some miracle 'til tomorrow it will, besides don't forget the state-trojan is/has been already used although under much stricter conditions.


Yes and from there we know how complex an operation like this is. I'm also cautiously optimistic that it will be recalled by the courts


It's pretty simple if you get buy-in from Microsoft, Apple, and/or Google. Threats to prevent sales of your product in your country without a backdoor is a very real threat.


Time to go Linux


That time was a while ago, but yes. And with this mindset, you may want to hurry up. Before you know it free software will be an illegal underground scene, so you'll want to get in before all the open forums are shut down and tutorials are banned etc.


Been on it for years. I gotta doubt this outlook though. Too many scientists and servers use it.


Now I don't have to say it.


The "hacking" is done through the ISPs. But yeah I'm not saying it's impossible just that on an individual basis it's more much effort than simply collecting all kinds of data from everyone. So really not comparable to PRISM


Not as simple as it sounds yes. But when you got a team of experts and a bunch of money in your hand, it's just a question of time.


>The government can just legally spy on its citizens and install Trojans without any reason to do so? I'm pretty sure any country, small or big, has always been able to do it. It is not like a country is going to sue itself for breaking their own laws. If powerful interest exist, then no law matters in reality. You can of course duke it out in court and even win, but show me a court that is going to punish their own country? Not possible. Most likely outcome of winning a long and tedious 5+ year lawsuit against a country will be something along these lines: official apology along with newly drafted law that legalizes the very same illegal action they got caught doing.


We have the Federal Constitutional Court that can challenge any passed law but your last sentence sums up the possible outcome pretty accurate. But if i'm not mistaken here, it would delay the law or temporary suspend it for as long as the court reviews it.


If you have a chance, you should crosspost this to r/germany r/berlin or some of these (https://www.reddit.com/r/German/comments/npasji/update_a_longer_list_of_germanspeaking_subreddits/).


Is this worse than the new messaging app laws India? The sad thing is other countries will start learning from all these new laws and will implement all these themselves.


Indias new "IT rules" essentially bans the use of end-to-end encryption, that's the reason why Whatsapp started the lawsuit since it can't operate any longer in India without releasing a separate Whatsapp version exclusively for India. This is not the case here, Whatsapp and other services can operate "normally" but **could** be forced to redirect their services through state services in order to monitor individuals.


And its the same bullshit argument. E2EE allows pedos free reign, so in the name of the kids, lets sacrifice all our privacy to our nameless govt AI overlords. What could possibly go wrong? ***Shhhhh, your govt loves you.***


It's like when a robber shouts "catch the thief" so he can escape...


This law is terrible, but it will almost certainly be tossed by Germany's highest court. Unfortunately this usually happens after a few years and the law can be in effect during this time.


Unless they're stupid, this has nothing to do with catching "bad guys" because clearly laws like this push them even further away from using common tech such as a Windows OS and Google. It actually makes the problem worse. When people know they're undoubtedly being watched and don't want to, they'll hide even more. It will catch the low key dummies, but it will not catch the real bad shit like terrorists which is the idea they're trying to sell this on. This is nothing else but a violation of peoples rights, most of them innocent of any wrongdoing. They should be ashamed of themselves and punished for their attempted crimes against humanity.


If you don't know whose "terrorists" you are talking about, check alkaida involvement in Kosovo 1999, and western selfless support. I'd skip the videos of chainsaw beheadings of Serb civilians if I were you...




yes you are, son


Don’t be so hard on yourself.


I wonder if it will include a cabinet, and a trailer with a generator in the street. Edit for those unfamiliar with the joke: There is a classical Stasi joke about the ineffective wiretapping of the East German secret police


Isn't this more or less what the Stasi did? Spying on and creating records of citizens.


Yes, but yet history keeps repeating itself




Turned out power is not something that is easily given up when given chance.




im pretty sure he meant disappointed


Unless you voted for either the CDU or the SPD in the last election, you're not responsible for this




In my absolute cynical and personal opinion, Windows already contains as much spyware as possible. Intelligence services wouldn't need any additional software to know everything about the user. [And given how often they share user-data with state services](https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report) i don't think they take much offense in the soon-to-be passed law.


The trouble is that the backdoors (likely) present in Windows belong to American intelligence agencies who will be highly reluctant to reveal them to foreign powers. Hence the German agencies need to build their own. This is their take on it.


Windows is such a massive OS - millions of lines of code. The US spends millions if not billions on full time security researchers who just find these exploits all day and stock pile them. Not just on Windows, too. We know this because of the “Shadow Brokers” leak - one of the vulnerabilities from this is what was used in WannaCry. Check out the “Shadow Brokers” episode of The Darknet Diaries podcast for more detail. Yeah - if the goal were cyber defense, NSA would report these to the vendor, not horde them. “For foreign targets only” , of course ;)


Switching to Linux is always an option...


Amen to that!


Which is why its built directly into the Intel CPU. That came out a few years back. Funnily enough I remember when they released those chips, (the ones with the I in the name, 5i, 7i etc..) as i work in I.T and these were announced with the ability for us to remote control machines via their CPU and not extra software. So there's no escape really.




That's good to hear


Hasn't updated or rebooted in 15 years. Kernel 2.6, xfce. Jk. There is absolutely no reason to think that it won't also target Linux (average desktop user will update, not audit code, or they could slip it in Intel Microcode Updates or other blob / firmware updates.) Something something _Scanner Scans You!_


15 years... Would be a shame if someone pulled the plug ( ͡° ͜ʖ ͡°)


FreeBSD ♥️


This is why open source softwares are the way. Also, next time Microsoft offers region-locked update for Windows in Germany, we'd know what it is.


Well, and this is why I use Linux.


One interesting way to make Windows more secure is to run it as a [Qubes](https://www.qubes-os.org/) VM. It's not very easy to infect something when there's a clean instance on every start. For Linux, Qubes allows firing up disposable VMs that are ephemeral by design. Finally as a shameless self-plug, if you need end-point secure messaging that's specifically designed to be secure under a threat such as what the news was about, there's [https://github.com/maqp/tfc](https://github.com/maqp/tfc)


Oh that’s an easy one. We have a pandemic, an upcoming European football tournament, summer, elections and climate change as dominating topics. This one slips past radar easily. They will probably ratify this with the minimum amount of people during a football match where the German team plays and everyone is distracted. They did similar things in the past. What is especially dubious about this being rushed is that the government has no interest in doing the same for removing the word “race” from our laws. Or add children’s rights to Grundgesetz. Which is something they agreed they would to when they came into power...


>This one slips past radar easily. They will probably ratify this with the minimum amount of people during a football match where the German team plays and everyone is distracted. They did similar things in the past. elections in september even. these fuckers out there won't know this about this.


Bread and circus, as the romans would say


>They will probably ratify this with the minimum amount of people during a football match where the German team plays and everyone is distracted No, this one is getting passed tomorrow (jun 9). It's been trending on Twitter for the last two days but nobody in the mainstream news seems to talk about it.


> It's been trending on Twitter for the last two days but nobody in the mainstream news seems to talk about it. There are [scattered](https://www.deutschlandfunk.de/bundestag-beschliesst-staatstrojaner-geheimdienste-und.1939.de.html?drn:news_id=1268308) [articles](https://www.spiegel.de/netzwelt/netzpolitik/bundestag-genehmigt-staatstrojaner-fuer-alle-a-d01006d4-a530-41c9-ad69-21a3990acfa8) but let's not kid ourselves: Most people actually support this kind of legislation or don't care. It's hard to believe but that's what [surveys](https://yougov.de/news/2017/07/03/staatstrojaner-drei-von-funf-stimmen-verwendung-zu/) have shown and that's how most Germans vote.




Well, im from germany and am very entitled to be pissed of af. If this piece of shit passes then i can say that we're all completely fucked. At the end we're probably no different than the usa


True, and worse in some ways. Would advise people to leave Germany, US, and UK if privacy matters to you.


Don't come to Australia. Our laws are close to the worst.


FWIW: I read that even if it passes the BVerfG will probably just cancel it.


I really really hope so.


This is just absolute insanity. How could anyone ever look at this and say "Oh yeah this is a great idea and nothing will go wrong at all"?


>How could anyone ever look at this and say "Oh yeah this is a great idea and nothing will go wrong at all" Well, that's the thing. People don't get to look at it. The law will pass tomorrow. I just checked the front pages of a few of the largest German news outlets and ... nothing. No one is reporting on this, when it should be major headlines. And if they are, the articles are buried somewhere on the second or third page beneath all the latest Covid news.


Seriously what the fuck? I'm so sick of this shit. We're watching all of our privacy and freedom being stripped away from us.


“We’re going to be good THIS time. We promise!”


Well, even here you will find others Europeans defending how well Europe is doing regarding rights and freedom even knowing that was never true so yeah


Germany of all countries knows where this leads, it leads no where else, it never has, it's always bad for everyone.


Every single fucking time. I remember when the discussions started about this government trojan. It was promised by god that it will only be used on the worst criminals and would never be abused. But as fucking always it ends in this. This is why i say there is not one millimeter we should give to governments when i comes to privacy. They every single time will abuse it.


What about people who run linux systems?


Linux can be targeted by malware too, although the nature of Linux makes it harder to go undetected. Be vigilant, don't use proprietary software if you're unsure you can trust the source and avoid custom kernels who haven't received a thorough examination.


For anyone who wants more info. https://www.privacytools.io/operating-systems/


Anyways, it's a good thing for now that I don't live in Germany.


Yes, one of those things that's *technically* possible. But my guess is that this Staatstrojaner targets mainly Windows.


I think the main target are foremost communication devices and especially the Swiss cheese which is stock-android despite being a Linux derivative. :/


The Stasi would have loved it


It's simple: power circles are more and more afraid of people - guess why. Besides, every power likes to know what citizens think and say to each other, when they think nobody eavesdrops them. The next step will be official hardware trojans without option to turn them off. Something like TV displays in the "1984" novel, but not so apparent.


Just reading that Bosch just today opened their chip plants in Germany. "i would like no chip from Germany please"


it is a shame how governments try to 'fix' their internal security -which they obviously could not provide in the past- by discrediting a state and ignoring the basic rights of its citizens.


> The price of freedom is the probability of crime. The price of protection is the probability of slavery. - Dan Geer


And I figure you can't do anything about it?


Yes, you can. Organize something online and vocal about it.


We have the Federal Constitutional Court which will most likely take a look at it but other than that all we can do is vote. Unfortunately stuff like this hardly gets publicly mentioned and most people don't read election programs of a certain party before they vote. The political parties responsible for this have a large voter-base (mostly conservative elders) and we also deal with some dangerous alternatives to those parties, so voting something different but not completely opposite is difficult for a lot of people.


Well. Unfurtenately its not only the conservatives. SPD voted for it aswell. Even Esken..


True. I guess personal bias was taking over there.


What? SPD is just a way for CDU to catch the slightly more left wing voters. Other than that there's not really any difference.


I've had a remote access trojan on my computer before, lead to extremely creepy circumstances. Nice to see world governments want to make this world as close to an Orwellian nightmare as possible.


My old Commodore machines look better with every passing day.


Excuse me, but what the actual fuck.


By God, sir! The Germans are at it again!


Just wait until they export it to the rest of the EU so that they can fight international terrorism.


Who needs a fascist party when you can have the 'moderate' centrists passing the same fucking laws?


Next thing you know they are eyeing Poland again






Well this is going to be something. [Key Disclosure Law](https://en.wikipedia.org/wiki/Key_disclosure_law#Germany) doesn’t apply in Germany. So the dirty way is written in the article.


I don't think this is feasible. I moved to Germany recently, I work from home as software engineer for an American multinational still with my colleagues from Ireland. I use firewalls, VPNs and the like both privately and professionally, now imagine German govt decides to put a Trojan on my router/system? How exactly is that legal from business standpoint? Seeing as I transmit highly confidential company data over my network? Then 2nd point is, let's say for sake of argument this comes to effect, if I fire up my end to end encrypted Vpn all they see is traffic going somewhere but can't see what and where. I just don't see this happening on large scale, and knowing German govt IT services, this seems a bit out of their grasp.


Well eventually they will make end to end encryption illegal or to only use government approved encryption software. *Ideas taken from blackbook, china, USA and russia. Of course you will be targeted for having something to hide, and why arnt you being a more patriotic citizen huh?


Geez, here we go again…


Imagine an institution that is paid to prevent crime but profits if it doesn't prevent crime, how motivated will that institition be to actually prevent crime?


Yet they don't have street view because they care about pRiVaCy


But this time, German government, pinky promises, to not abuse their access to people’s personal data…. Again….


Unreal isn't it? (You gotta watch out for those *other* authoritarians we are going to spy on, but don't worry about us, we gotcha back).


A Trojan is malware posting as legit software. How do they intend to widespread get Germans to download a Trojan in a way that won't also affect non-Germans? Would sticking to open source software avoid this?


Not malware, a virus to be exact. It's usually attached to anything that gets executed that was legitimate. Most people whether they stick to closed source or not never bother to check what they're running before they run it. Just because you have the source code doesn't mean the build you get for it and run from an unknown site is still clean. You have to read the source code, understand exactly what it does and where it connects to if it uses networks, and then decide if you want to use it or not and compile only what you see to be safe. Most people don't do that, they grab and run the build they see abd if the repository was hacked or redirected (and some have been before), then you're just as screwed as if you used closed source w/ unknowns and a trojan attached to it (or no trojan required if the privacy and compromise is already part of the program lighter ways).




>This reaches as far as being obligated to transfer "software-updates" through the german intelligence agencies in order for them to integrate trojan software. This should only apply to german companies/software developers, right? I don't think they can force a swiss company to integrate a malware in their updates. That's the reason why it's always a good idea, to stay away from services provided from your own country


I'm not sure how far they can be really forced to do something like this but this was stated in the article. I'd like to emphasize that the digital society is not some media outlet who uses exaggeration to increase click numbers. :)


*Nokia 3310 has entered the chat* Honestly, it's becoming more clear and clear that offline methods are the easiest foil to privacy invasions.


GSM and SMS is reaaaaly insecure.


Oh wow, and I thought Germany was one of the strongholds for privacy in Europe.


Germany was part of some "n eyes" countries (dont remember which one specifically), it was never one of the strongholds for privacy in Europe


Oh good, more hypocrisy from the EU regarding governmental access to personal data. They keep making the US jump through hoops regarding US government surveillance, while the member states are not being materially better themselves.


Hypocrisy from the EU surrounding widespread unconstitutional, illegal, and morally indecent surveillance; of their own citizens and people all over the globe, in comparison to the behaviour of the US? Am I missing something here?


Hypocrisy regarding the analysis and reasoning behind the Schrems II decision which invalidated Privacy Shield and mandates a case by case analysis of the laws regarding governmental access to personal data in any country outside the EU (or without an adequacy decision). The decision was based on US mass surveillance, but has impacts that reach far, far beyond US government spying. It’s hypocrisy because the kind of law Germany is putting in place here wouldn’t pass the required post-Schrems analysis. They’re holding non-EU countries to a higher standard than what is practiced by EU member states.


EU court will probably strike that law down. Thats been a recent CDU tactic. Pass a (EU) unconstitutional law. Have courts strike it down. Fongle just enough with the courts critizisms to adapt the law and pass a new one..


This is really disappointing, Throughout history Germany has had a really good track record with things like these but now they’re throwing it away...😔😔😔


Swedish politicians and police also want this, it won’t be long before it happens here too. We have a lot of violent gang crime and it seems most of the people want this too because of this. Ignorant.


Shit if the swedes do it, the rest of the Nordics will follow suite as well very soon. Goodbye Finland, I'm moving to Tibet to become a monk


First the government creates the problem, then the government solves the problem. It's a sad world.


After this no one will ever vote CDU or SPD again. LoL, no the people just elect those criminals over and over. But criticize them for.... Accepting refugees. It's a giant mental institution dressed up as a country.


Tell that to the old people who won't care about that


Can I just get the lo-fi version of 1980. And have spy stand behind my couch dressed as a lamp instead. I need that oppressive East German feeling .


at least it's point out to public... think about PRISM...


It being known to the public is not necessarily better. The problem is that once people know they're being watched, they act differently. So now you don't have free speech anymore because you know that anything you say or do can and will be used against you


That would be really bad, especially if the Nazis would come back


I fukin hate how clueless people are. The state knows people do not care or even know what this really means. Everytime im annoying my friends about chinas control and how dangerous it is they tell me "we dont have to worry, we are in europe. We are safe from this kind of mass surveillance". I wish you were goddamn true...


They learned nothing from ww2. This is full on Stasi and they know it. I thought the German government was better than this, guess i was wrong.


If you have nothing to hide then your boring af but should still consider the consequences of unchecked government power to surveil it's citizens.


Yeah something legal now may become terribly socially unacceptable or illegal later and a person may lose job or end up in prison for what they did 10 years ago.


The world I grew up in is withering away and being replaced with something really evil. And I haven't even been alive that long.


What's their reasoning for this? Is it because "Think of the children!" or "National security"?


[Official excerpt translated](https://www.bundesregierung.de/breg-de/aktuelles/verfassungsschutzgesetz-1803422): > In order to improve the fight against right-wing extremism, extended observation of individuals is also planned - this in response to the phenomenon of isolated lone perpetrators - such as in [Halle](https://en.wikipedia.org/wiki/Halle_synagogue_shooting) or [Hanau](https://en.wikipedia.org/wiki/Hanau_shootings).


>In order to improve the fight against right-wing extremism, extended observation of individuals is also planned ironic, dont they know any history? what a joke


So basically "National security" is their excuse.


Yes, one should add that this is also a reaction of a number scandals surrounding the german "Federal Office for the Protection of the Constitution" where confidential informants switched sides and subsidized radical groups. Or special police departments who used Whatsapp group chats for anticonstitutional meetings, ranging from Nazi-Symbols (who are banned in Germany) over to planning for "Day-X" with secret weapon stockpiling in secluded sheds and so forth. But as much as i despise the above putting everyone under general suspicion is and should never be the solution.


Sounds like Germany has become a radical left-wing terrorist organization masquerading as a country?


No. There's a good chunk of people who are in awe for "the good ol' days" and a government which is trying to patch that in the worst way possible. If you can give the benefit of the doubt, I would believe that they are actually scared for the country.




Hope you German fellows are starting to use Linux now. Also, get your phones off of Google and Apple stuff, if you can.


This is dystopic.


Who is to say once they have access to a persons system they dont then install incriminating evidence on the machine so they can then arrest that person? Very scary scenario.


Update: it passed, we are soo fucked and nobody gives a damn


There are quite a number of people and organizations who give a damn and are already preparing to take it to the Federal Constitutional Court. What's important is to keep this story in the loop. :)


I am surprised the people of Germany are okay with this given their history.


The problem is that stuff like this doesn’t get enough publicity. If it would, people would react


People understood Stasi agents spying on them with low-tech methods. People do not understand agents spying on them with high-tech methods, because these are basically invisible.


Now Germans, come and tell me with a straight face that the Merkell government is not a bunch of tyrants?


How would they even go about installing this stuff on people's computers?


Well as stated in the article it could be side-loaded into regular software updates (**if** companies have to comply to it). But no software is bug free, loopholes always exist it's just a matter of time to find them and some of them then can be used to infiltrate someones computer, smartphone or even smart-tv. This is another predicament, update your system to close those loopholes but run the risk of an uninvited guest or don't update but run the risk of getting infiltrated because of bug in a software.


This is surprising considering how privacy-focused most German laws are.


You got that wrong. We have good privacy regulations for corporations. But the government can violate them no problem. Rules are for other people, not for themselves. After all, it would be a shame, if the gov would be not allowed to have full access to their citizens devices, now would it? I hate Germany somtimes


This just in, forced updates are now literally part of the botnet. Who would've guessed this would happen? This literally makes anything proprietary that is capable of autonomous updating into an active security threat, as it could be activated at any time regardless of how benign assembly analysis might've previously revealed it to be.


Oh good, just Germany spying on and cataloging its citizens again. What could go wrong?


I wonder how this will affect US personnel and families living there under SOFA and NATO agreements.


Sounds very... SS






Germany is a shithole


No wonder. In India the government is forcing IM services like WhatsApp to provide them with any information about its users and the messages they sent, which means the removal of end-to-end encryption. Its an 'obey or get ready to be banned' situation.


This virus will spread.


"Digital papers please!"


So another shithole on my travel blacklist. They fear that someone else failed art school and they really think a truly malicious person would fall for their trojans? If someone wants to do some damage, they won't use technology to begin with...


Thank you! Shared


If I am not mistaken they already have passed this law. And also this law includes that german secret services are allowed to use that trojan to spy on neighboring countries, too




Thanks for linking i've added it to the main post. :)


The harsh reality is we are one of the last generations with the knowledge of what freedom tastes like. Even riots against this agenda would only speed up freedom loss.


Hmmm, how about giving a conditional response - if ALL public employees (politicians to ministry clerks) install the same and provide the same level of access to all of German public on a public website, then ok? :) Maybe it is finally time to bury the privacy, nobody cared a decade ago, and it seems things haven't changed.


Somewhere, in the afterlife, Erich Honecker and Markus Wolf are laughing at this development.


imagine what scary things hitler could have achieve with that sort of power.


Imagine having a political party in the German Federal Parliament who has a lot of people in it who sympathize with that bastard. There is even a court ruling that we're allowed to call some of them Nazi. Imagine that said party has a large backing in rural areas all over germany. Now stop imagine since this is the reality here in good ol' Germany. :/


fuck.... thats kind of terrifying. its the first i have heard of it but should have known this is sort of his it is.


Good luck Trojaning my Linux box I whipe weekly. Sounds like a lotta overhead work for them lol




Germany is now worse than **Germany**!!!


For now i wouldn't go that far, we're still able to speak freely about anything we don't like without the fear of getting arrested but THIS up there is an undeniable move in the wrong and in a dangerous direction.




In theory it should be but there is a lot of money involved. Facebook alone has 32 million monthly users (based on last years market snapshot), this might be a bit less this year due to the recent uncovering of data breaches and the upwind Signal has received but all in all its still a lot. Then there is Instagram and Whatsapp who add even more market-"value" to the mix. So removing the service from a country is hardly an option for them given whats at stake.


It's also not an option for German government. Imagine if facebook show error message to German citizen saying they can't provide service to them because they don't want to comply with the new German spying law. Can u imagine how bad would that hit government ?


Not on China's level, but still really bad.


This is unfortunate...


Einigkeit und Recht und Freiheit. Unity and Justice and Freedom. 🤔


The US just uses Facebook for that