State trojan

Governmental spy software compromised IT security for everyone

Fotocredit: Karola Riegler cc by-sa

After the exposures by Edward Snowden, internet service providers reacted to the constant surveillance by companies and secret services. They protect the users' communication through encryption. Police authorities, secret services, and security politicians stress steadily that the surveillance of encrypted online communication is a necessity to combat crime. But this is not easy to accomplish on a technical level. So their solution is: The state should be allowed to hack into the devices of the affected people and tap into the communication before it is encrypted / after it is decrypted. But this entails compromising the security of the world-wide IT infrastructure and of every single smartphone, tablet, and computer. In short: In order to monitor the chats of a few suspects, everyone's security is sacrificed. In Austria the government currently tries for the third time to introduce the judicial basis for a state trojan. Twice we successfully fended off these plans. Now they are again part of the surveillance package of the government.

Update end of April 2018: On April 20, 2018, the legalisation of governmental spy software was adopted. The warnings of experts and the political opposition were ignored. It will be allowed to use the state trojan starting April 1, 2020.

Encryption works: Mathematics elude governmental power

The surveillance of encrypted communication quickly finds its mathematical limits when up-to-date methods are used. The concept of cryptographic methods can be defeated neither by supercomputers nor by judicial orders. It is a necessity for our information society. Without working encryption we would no longer be able to trust the technologies currently in use.

What they really want: A state trojan

The only possibility to surveil encrypted communication is to read it before encryption or after decryption directly on the respective device. For that, access to these devices is necessary. In order to access these devices via spy software - the state trojan - security leaks in computer systems have to be exploited.

Security leaks cultivated by the government

Like any other computer virus, the state trojan has to use an existing security leak in common operating systems in order to infect the device. To use existing security leaks means that the state has to purchase information about them on the black market and keep them secret from the manufacturers. This way, millions of tax payers' money go into the INsecurity of the devices on which we rely every day. Installing back doors by the manufacturers themselves - as demanded by the German minister of interiour - means that every device and every application receives a security leak. The state does the exact opposite of what it is supposed to do: It creates dangers for everyone instead of protecting the population. It is an immense conflict of interest when the ministry on one hand is supposed to protect us against cyber crime (find and close security leaks) and on the other hand needs to buy and keep (partly even the same) security leaks open and secret. This is like a door that is required by law to remain unlocked in order to catch burglars red-handed.

Security leaks are a danger for everyone

There are no "governmental" security leaks, there are only security leaks. Other than security leaks in cars and locks which are already incorporated today for the police, IT security leaks can be used to break into millions of systems at the same time. As long as a security leak in a software exists, it can be used by criminals, dictatorial regimes, other countries, and competing companies. Very soon after a security leak becomes known, computer viruses are developed that infect systems on a large scale. This happened with the malware WannaCry which shut down critical infrastructure in dozens of countries. Hospitals in the UK were unable to open patient files prior to critical operations, the service of the Deutsche Bahn was affected, and a Spanish telecommunications company had large scale blackouts. Today we rely on computer systems in almost all areas of our lives. If the state actively compromises the security of these systems, this becomes a hazard to all of us!

Severe violations of personal rights

The complete surveillance of devices is the only way to ensure that the state trojan is not circumvented by simple measures (like reinstalling the operating system or using a different chat app). Technically, a state trojan that exclusively accesses online communication (full or partly) cannot exist. It always has to infiltrate the entire system. This is why a state trojan is indistinguishable from an online search which means full access to the device. This is a severe violation of the right of privacy of the affected person: All data, pictures, notes, contacts, locations, and even deleted messages that were never sent, are monitored. A high-ranking panel of experts of the ministries of interior and justice assessed in 2008 that an online surveillance is legal but an online search is not. See also the report of the expert panel led by the constitutional lawyer Prof. Bernd-Christian Funk, that determined that an online search of computer systems (infiltration and spying out IT systems) and consequently the use of a state trojan are illegal.

No secured proof of evidence

Complete access to a device makes the gathered informations worthless as proof of evidence. The state trojan accesses not only sent messages, but the entire device. So all informations on the device can be manipulated, either by the state trojan or by third parties that use the same security leaks. Under those conditions, it is impossible to establish a complete chain of evidence. Also without manipulation the state trojan is problematic during trials. If the suspect can claim plausibly that the evidence is manipulated, the prosecutors have to prove the opposite - which is impossible on hacked devices.

State trojan

(Click to enlarge image)

Sensible alternatives

For these reasons it is more sensible to rely on classical forensic methods. In case of probable cause and with approval of a judge it is possible to confiscate and analyse the device. With physical access, most encrypted data can be accessed. Furthermore, common observation and other methods of audio surveillance are already at the disposal of the authorities which do not require access to the devices of the target person. Those methods are cheaper and less dangerous for all and they can be used to access encrypted communication in the case of a specific suspicion.

Resistance against the state trojan

Because of these good arguments and continuous educational work, the introduction of the state trojan failed twice. After the first try and after we disassembled a wooden Trojan Horse in front of the ministry of justice, the then minister of justice Brandstetter announced the withdrawal of the draft due to massive criticism because it "is not sensible in this form." The second try as part of the surveillance package was withdrawn my the minister of the interior Wolfgang Sobotka in September 2017. The campaign "Stoppt das Überwachungspaket!" (stop the surveillance package!) was successful for the time being.

Governmental contradictions

In the coalition agreement of the current government the necessity to "close digital security leaks" in "IT systems“ is mentioned repeatedly. It also says that "the digital security is crucial for a successful digitalisation." This blatant contradiction can only be resolved by not introducing a state trojan.

OUR DEMANDS

  • A ban on governmental spy software in Austria
  • Consolidation of the integrity of IT systems in the constitution
  • Diplomatic efforts to internationally condemn the use of cyber weapons
  • Cyberpeace, not cyberwar. Stop the military armament on the internet
  • Evaluation of all anti-terror-measures with regard to their compatibility with the constitution, suitability, and effectiveness (sum of surveillance according to HEAT, manual for the evaluation of anti-terror-laws)