Are you a creative thinker who can write software and detect computer security vulnerabilities? If yes, federal police in Germany have a job for you.
The Bundeskriminalamt, or BKA, is Germany’s version of the FBI. The agency is currently recruiting for a number of IT specialists to help develop “technical surveillance methods” that can be used to secretly and remotely access computers during crime investigations. What that means, in plain English, is that the BKA is looking for people to help design in-house spyware than can be used to infiltrate computers and mine data.
Surveillance tactics of this kind are controversial everywhere—but in Germany the issue is particularly touchy. Last year there was a national outcry when Berlin-based hacker collective the Chaos Computer Club exposed a police “Bundestrojaner” (federal Trojan) that could record Skype calls and messenger chats, even spy on users through their webcams. This meant that the software could be used in violation of German constitutional law on privacy, which enshrines a “basic right to the confidentiality and integrity of information-technological systems.” Only in exceptional cases involving serious crime can Trojan-style tools be used in Germany, and still then they can be used only to record telephony like Skype conversations—not take screenshots or sift through information stored on hard drives.
So could the new covert software the BKA is developing breach Germany’s privacy laws? It’s certainly possible, even if the spyware is programmed to monitor telephony and nothing more. That’s because it’s statistically very difficult to prove that a given piece of software doesn’t have extra functions within its code that can be exploited for other purposes, according to CCC spokesperson Frank Rieger. “This whole business of government Trojans has so many aspects of possible wrongdoing—intentional or unintentional—that in our opinion they should just skip it and use other methods of investigation,” Rieger said, speaking on the phone from Berlin.
One other thing about the job description may raise a few eyebrows. It says successful candidates would have the opportunity to form “national and international collaborations” and should have good English. As I reported for Future Tense back in April, between 2008-2011 representatives from the FBI and the U.K.’s Serious Organised Crime Agency, among others, held meetings with German federal police about deploying “monitoring software” used to covertly infiltrate computers. It’s likely that the BKA intends to collaborate further with international authorities as it develops its surveillance software.
The FBI in particular is known to have expertise in this area, having designed its own spyware to gather evidence about criminals since at least 1999. However, the use of the technology in Britain remains a legal gray area, as anything construed as “modification of computer material” can be considered a violation of the U.K.’s Computer Misuse Act.
Opponents of Trojan-technology being used by law enforcement argue it can be used to plant, tamper with, or delete electronic evidence. But as growing numbers of people turn to encrypted methods of communication via the Internet, law enforcement agencies have turned to the software as a means of circumvention for eavesdropping. Even if police can’t afford to design their own Trojans like the BKA, they can always just buy them from a growing market of private developers—like Italy’s Hacking Team, which sells licences for government-grade spyware for as little as €200,000 ($254,000).
A spokesperson for the BKA declined to answer questions about the software it was developing for this story, saying that the agency didn’t want to reveal its tactics to criminals.