Here's the video (in German): https://youtu.be/zAV-hTpperU
We shouldn't fear their 'capabilities' but rather their lack of knowledge that'll ultimately lead to 'open systems' which can later be exploited by other criminals.
In fact, our State (I'm from Germany) supports criminal activities by using a crappy software that'll crack the basic security measures of Windows.
I doubt they have any professional Linux programmers working for them. Working for the State also means earning only a fraction of what you can earn in the free market.
I do not fear the State but criminals who'll sooner or later exploit holes created by our "security agencies".
We should fear their intent. Their capabilities are beside the point -- they could hire the very best tomorrow if they found they need to.
Capabilities will evolve on all sides. The mindset that cedes the right of the state to engage in this activity and instead falls back to a position of mounting a technological defense against them is a losing one. It essentially says to the state, "it's fair game to come get whatever you can".
Given enough time and intent, the unlimited resources of the state will ultimately prevail. More importantly, this is not the posture that private citizens should tolerate with their governments. This is first and foremost a legal matter. Technological capabilities are secondary.
Edit: People are also targeted for being critical of the Verfassungsschutz, so me writing this as well as you replying positively is a likely reason to be monitored, take care!
The political views of a far-right politician such as Höcke (probably aka Landolf Ladig), if you translate them into what he hopes to turn Germany into, threaten the liberal democratic basis of the German constitution. And that we have a law against.
Naturally, the means through which said anti-nuclear activists try to achieve their goals, if only of making themselves heard, need to be legal, and if those actions are sufficiently illegal that they constitute a crime, I'm sure that will get the perpetrators in trouble and rightly so.
A considerable part of their actions is very disruptive, seeking to, in the view of the protesters, I imagine, annoy everybody involved in the transport of nuclear waste to such an extent that they'll give up, while in actuality just causing a financial burden for the taxpayer (17000(!) policemen were in service during the protest you linked to according to ). That includes the traditional "Schottern" (the "[removal of] gravel from the bed of the train tracks to stop the train" as the article calls it), see also .
Even encouraging others to go "Schottern" on the internet is punishable (sorry, again only in German) and punished, though.
And with respect to physical attacks, I think those protesters are rather harmless. I believe not a single policeman was injured in the aforementioned protests, even though thousands of protests were there (1500 at some point, 5000 at another point in time).
Anyway, I think that based on this it is not entirely unreasonable that the police does keep an eye on the protesters.
However, I'm quite doubtful about the wisdom of the "Trojan" plan:
If I recall correctly (well, this is from 2011), the majority of injured police was not at the hands of protesters but accidents, exhaustion and "friendly fire" - but a very few police got attacked or were injured in brawls and suffered minor injuries - the paramedics were mistakenly pepper sprayed by the police, and the police vehicles mostly had accidents where they drove into ditches and such, but a one or two were e.g. scrapped or damaged by people throwing train track gravel at it.
Both injuries and damage (to police property), were aggravated by heavy rain and storm and the events taking place in rural areas and/or on gravel train tracks.
According to the police itself, most protesters were strictly peaceful and caused property damage to the train tracks at most ("Schottern").
So you got it mostly wrong, I'm afraid.
I do think it is extremely unreasonable and actually harmful to democracy for the police to track lawful, non-violent peaceful protesters exercising their basic rights (Grundgesetz) of free speech and freedom of assembly, or sanction or discourage them otherwise. This does not include violent people or people breaking the laws by e.g. willfully causing property damage, of course.
I also think it's very wrong to sanction people who you claim to be racist. If they are found to be unlawfully racist by an actual court, or demonstratively found to spread racist garbage as a teacher at a school, then again, that's a different matter.
My understanding of the demonstrations is that they were not intended as lawful, non-violent peaceful protests. The organizers wanted to make criminal damage (the "Shottern"), and some of the group were also very intent on violence.
The problem here is that anyone who was participating surely must have known what they're about to participate, even if many have themselves only wanted to not damage or hit anyone themselves. Just create a crowd where this can be done. And it is indeed hard to decide what level of surveillance is necessary and appropriate to prevent violence and large-scale damage.
(1) That's fair to do, but something to keep in mind when interpreting the numbers.
There's certainly a debate to be had about whether they're too strict, but IMHO, Höcke is so far across the line that I'm all in favor of keeping him out.
Edit: Note: higher standards apply for all government employees, but they're stricter for some, among them teachers, police etc.
Interestingly this list also contains the leftist party "Die Linke" which now has been a member of the federal parliament for a rather long time. That being said it's probably not a hindrance if you are a member there but you are expected to explain yourself.
Due process is there for a reason.
Just because you have a different opinion does not make yours right nor does it make mine wrong. I'll reiterate for you why I don't see any censorship here.
Bernd Höcke is "verbeamteter" Teacher. Beamte in germany are a special kind of state employees that get many benefits (1) but in return give up some liberties (2) and as part of their oath of office they commit themselves to a neutral political view in public and a very strict adherence to the constitution. All kind of extreme political opinion voiced in public are off limits for them - left or right. It's a contract that Bernd Höcke willingly and freely entered without coercion. He violated that rule in 2006 and was warned. He now violated it again. He basically violated his employment contract and for that he's terminated. He's still free to voice his opinion. No censorship here.
(1) can't be fired unless they commit a grave offense, get their health insurance and pension funded by the government etc.
(2) also the right to strike, etc
My understanding is that
1) he is not leading the party, he is one of the speakers for the party in the local (state) assembly. And I understand he is actually repeatedly clashing with the actual AfD leadership.
2) any comments about "shooting children" or even generally changing rules of engagement regarding firearms are not, as far as I know, an AfD party position, as the party leader responds in 
3) I understood the comments about using firearms were for a context where authorities are under a violent attack when performing their duties. Specifically, did they mention children? I didn't think so, but I could be mistaken.
I don't need to like what the "fringe" says, but I wouldn't like to make it bigger than it is. Because precisely this kind of exaggeration is what is undermining the credibility of legitimate criticism of AfD (the most devastating kind being, "hey, what would you really do instead?" because that is a question that is very hard to answer.) Its supporters see the opponents as just twisting the truth.
(I'm not experiencing this in Germany, but there are very similar discussions going on here in the Nordic countries: enormous straw men constructions are built all the time around criticism of immigration policies, and people are really quite fed up with that. If you keep repeating to people that they are racists, they may eventually start to believe you. In Sweden, the political consensus to "exclude the extreme right fringe from politics" seems to be resulting in the "extreme right fringe" now having the second largest electoral support of all parties , and continuing to grow. Once they go near 50 % it's going to be hard to talk about "fringe".)
you are mistaken.
I am just wondering how governments make intelligence "actionable".
(Historically, the Verfassungsschutz was founded after WW2 and its goal was to persecute communists. It was headed by hardcore Nazis for more than 30 years. Even the Americans called it a “phony” institution, since its name translates to “Constitution Protectors”.)
There are rumors that big parts of the Neo-Nazi scene is funded by the Verfassungsschutz. They funded and instrumented the NSU assassinations and the Oktoberfest bombing. That's only what we know of today, go figure.
If there was a fascist regime change in Germany, yes, I would expect a lot of people to be disappeared.
Impact on me personally, right now? How would you feel if there was a military black-ops agency tapping you?
Of course it's unclear what the secret police is up to. This is mainly for the federal police and customs police.
Fortunately for them there is enough of commercial companies already that sell high-quality spyware to any government that able to pay for it.
I shudder to think of code written by interns
But why would they split 'Open' and 'File'?
It doesn't matter that it isn't perfect as long as it works. Let's assume, this one example of finfisher's (IIRC) tools was used on a lesser infraction, I don' remember specifics. Why burn a good traffic encryption that the CCC would go to analyze? The use oftools that will cost more if a simpler, even faulty tool will still beat the target, is also debateable. And why are there capable programmers at the NSA, but none could be in the BSI or BND. We even know they use tools from the NSA, so where's the difference?
Some potential outcomes of malware, poorly written or not: it spreads to other machines, it exposes information publicly which harms many third parties, it is co opted and repurposed by other criminals.
I think you have a very valid point here. Still, their intentions are worrying.
They could do some scary stuff then... or at least they can fuck things up to such an effect that should be worrisome.
That's a nice sentiment and while I hope you're correct it's not really good enough in any country. This state is Germany and it has two of the poster children for state terror in the last 100 years. The Stasi and well, there are times when Godwin's really doesn't apply. National Socialists happened and we can't pretend they didn't.
Neither of these two examples did the state start out the way it became.
This is basically the same thing as using malware for surveillance. I'd argue the malware is even less invasive.
So until there's evidence of German law enforcement planting fake evidence, I still see no issue with this.
someone needs to show up at their parliament or whatever they government with, in a nazi uniform, salute the bench, and start yapping about computer security in your best hitter voice.
The alternative is that the government co-opts manufacturers so that government agencies can carry out security tasks without using digital violence. That’s what the FBI is seeking in the Apple case and it is a much worse direction for society because it challenges the existence of strong security in our increasingly digital society.
Note that the legitimate use of force is done according to law. As stated in the article, “In order to use the malware, government officials will have to get a court order, allowing authorities to hack into a citizen's system.”. If your objection to this is “they say that it’s done according to law but we know there will also be instances of them using it inappropriately” then you are also arguing that strong encryption (and pretty much any interesting technology) should not be allowed for public use because we know there will also be instances of it being used to achieve bad ends.
I understand that the reality of police, military, etc are not as nice as the theory but I have not seen people here explicitly rejecting the use of force by the state. If you oppose the German government employing spyware, you should consider whether you also oppose it arresting people in general. I suspect most people here have no alternative to suggest in place of the centuries of legal tradition that western societies are built on.
Governments have been using their digital force violently, indiscriminately, and secretly. None of those are acceptable even on their own and all three together is outrageous.
On a specific line:
> If your objection to this is [...] you are also arguing that strong encryption [...] should not be allowed for public use
This is a false equivalence: asking for restrictions on the state is not equivalent to asking for restrictions on the public.
Also in general, there is no requirement to make "digital violence" the same as "physical violence". The state's use of violence is restricted by law, I don't see a reason the forbidding of "digital violence" would fall outside the legal framework already established.
The problem with both approaches is that it requires organisation among citizens, which in turn requires a way to communicate with minimal danger of the secret police showing up immedietly afterwards. In the past this was ensured because surveilance was extremely hard to scale to an entire country. In recent years mass surveilance has become a reality, is increasingly hard to escape, and requires fewer and fewer human beings.
Of course right now the system is limited by judical oversight, and that's great. But over the course of decades the seperation of powers is bound to fail occasionally. We need more protection from the government than that.
>If you oppose the German government employing spyware, you should consider whether you also oppose it arresting people in general
Obviously we still need law enforcement, but police existed before the wiretap and can exist in a post-wiretap world.
Not quite the same thing, because the SWAT team is not stealthy when it breaks down a door.
The stealth aspect is what bothers me about this: it's much harder to make ensure a stealthy operation sticks to all the rules than a public one.
In fact, the recent years in Germany have shown that the Parliament doesn't have firm control over what the various secret services do.
> According to a 2008 decision by the German Constitutional Court, remote access to a citizen's computer is permissible only if there is life-threatening danger or suspicion of criminal activity against the state.
"Life-threatening danger" my ass.
Was that ever illegal? The license plates are publicly displayed and visible, and you could already put people on the field watching and manually noting the license plates down, or even put cameras and look at the footage later. The only thing that changes is the economics of making it automated, no?
Putting fixed cameras up and filming the public is not legal either in Germany - you can't have a surveillance camera pointed to public space, for example filming the boardwalk in front of your house. Whether dashcams are legal is still contested .
Whether large=scale manual collection would be legal is an interesting question which has - to the best of my limited knowledge - never been put to the test :)
 a fairly ok high level summary in german: https://www.adac.de/infotestrat/ratgeber-verkehr/verkehrsrec...
Interesting so a business for example can't have a camera monitoring outside (or inside) the place of business for security purposes? Can they apply for an exemption and is it normally granted?
> Can they apply for an exemption and is it normally granted?
No. If your camera monitors public space (streets, sidewalk, ...) it either has to be so far in the distance that it can't identify people or cars, or you have to block these parts of the image (either physically, or by blanking those parts of the signal before they are recorded. Many cameras allow to put black boxes over parts of the image in firmware)
Even that is restricted. For example it is not allowed to video monitor your employees in almost all cases. To use video surveillance you have to have a legitimate reason and even then the rights of you and the ones being filmed need to be carefully balanced.
In England if you have CCTV you're expected to register with the Information Commissioner.
Even so, we're heavily surveilled in the UK.
(supercool, for that occasion I figured out that there's an official english translation, didn't know that)
Is this really true? My understanding is you guys do a lot of speed limit enforcement by camera.
Or does it only take a picture in response to an instantaneous speed measurement? This seems much less useful, as you could just speed everywhere except the tiny range of the speed trap.
Just as a more concrete example, I'm not allowed to point a camera out of my window and film the things happening at the lively public street below me 24/7. A single short clip of the general area on the other hand is completely fine.
Well, you are also publicly visible when you walk around the town, but police following you around all the time without a reason/warrant is illegal (at least that's the case in my country, it should be in yours too if it's not).
Second, something being "publicly displayed" and "allowed to be scanned automatically by government (or another party), catalogued and stored for millions of people" is not the same thing.
>The only thing that changes is the economics of making it automated, no?
No, it's the "mass surveillance of citizens whereabouts" that's the illegal part that is/should be illegal. Even if it was to be performed manually by people.
Now, one could say that it's just the "economics" that changes, but beyond that, the economics are also an enabler. If it wasn't for automated scanning it would impractical to even do it, so what changes is the very possibility of this happening.
One didn't need to make non-automated license plate scanning illegal because it wasn't practical to perform it in the first place.
Sure, it could happen at low scale, with "spies" manually writing e.g. all the plates parked in an area, or whenever a particular car passes from a particular street. But it wasn't practical or widespread enough to make sense to single out and ban as a practice. The law is not an absolute affair.
That should not be legal.
Last time, less than 100 years ago, 2/3rds of the Jewish race was eliminated. How much damage could be done to a targeted minority in the information age? Governments by my account, have killed (6 million) an order of magnitude more innocents than terrorists ever have, and short of nukes, ever will.
And this is not a theoretical worry, in an interview with Gen.Alexander there was a question whether he is worried about building this technological infrastructure and its abuse potential by future potential successor entities. His reply was along the lines of "Nothing will come after us." Which to a German, strikes a lot of similar chords to Nazi Germany's eternal Reich rhetoric.
As a side note, I've seen some pretty heated arguments about this. It's a bit strange to me why this is such a contentious subject. Is this coming from people who still think we have cleanly delineated "races" like Caucasoid, Mongoloid & Negroid?
instantly made me think about Donald Trump... :/
This is for your own protection, citizen.
Your prompt compliance in this matter is appreciated, citizen.
Beeing spyed on by the same institution that has the monopoly on violence. If that institution stops liking me, I have a huge problem, a potentially life threatning situation. If the state of Iran has a simular problem with me, I don't care because they dont have a police force and an army in central europe.
It is interesting that you mentioned the state of Iran. They are, for example, responsible for the assassination of 85 innocent Argentinian civilians in '94, and I am sure of many other crimes around the world too. They did not have a police force or an army in Argentina. So, I think one should care.
So if the police wants to deploy it against a suspect they first get access to their network traffic and then work from there. It was intended as an alternative to breaking and entering to deploy surveillance equipment or gain physical access to hardware.
Of course this approach has several obvious limitations (e.g. encryption) but there may be other approaches in use. That's just what I remember from when the original trojan was reported on a few years back.
Legal German is like any other "legal Language". Not for human consumption. ;)
By this do they mean they've only now just found and hired someone that can build this program? Is that what they mean by "skill"?
From media reports it's unclear if communication includes chat and email, which would make the trojan a keylogger. There are lawyers that argue email, without PGP encryption, is within the 'Quellen-TKÜ' laws reach.
Furthermore the government is not allowed to turn the infected machine into a listening station, by law the flat of a person is under stronger protection than his communication.
Technically this will be really hard to enforce in software...
when we were STASI
As Dan Geer explains:
In other words, [c]onvergence is an inevitable consequence of the
very power of cyberspace in and of itself. [I]ncreasingly powerful,
location independent technology in the hands of the many will tend
to force changes in the distribution of power. In fact, that is
the central theme of this essay -- that the power that is growing
in the net, per se, will soon surpass the ability of our existing
institutions to modify it in any meaningful way, so either the net
must be broken up into governable chunks or the net becomes government.
It seems to me that the leverage here favors cyberspace whenever
and wherever we give cyberspace a monopoly position, which we are
doing that blindly and often. In the last couple of years, I've
found that institutions that I more or less must use [...] no longer
accept paper letter instructions, they each only accept digital
delivery of such instructions. This means that each of them has
created a critical dependence on an Internet swarming with men in
the middle and, which is more, they have doubtlessly given up their
own ability to fall back to what worked for a century before.
It is that giving up of alternative means that really defines what
convergence is and does. It is said that all civil wars are about
on whose terms re-unification will occur. I would argue that we
are in, to coin a phrase, a Cold Civil War to determine on whose
terms convergence occurs.
http://geer.tinho.net/geer.blackhat.6viii14.txt (section "10. Convergence")
I genuinely am interested in their payloads...
Yes, it will spark discussions again, and certainly be tested in front of our highest courts, and probably fail in some aspects and send back to the drawing boards again after a few years, but I don't expect that much "outrage", at least as long as it remains a tool for few specialized cases.
Let's not forget they are the country of the Stasi, where your own colleagues will report to your manager about your little Facebook habit, where people yell at you on the spot for not recycling properly and where landlords demand intrusive credit records before renting.
If it's like any other IT project, they probably have just finished the Windows XP version of their 'trojan'.
What does this make the German government?
If you get something on a suspect, bring him/her into custody and start your investigation but bugging them and putting their digital life at risk for the lure and greed for information gathering is just detestable and unethical.
Nobody moves the definition every day and it has nothing to do with encryption nor can those laws ever used against encryption by definition as they all include doing something in public.
Probably everybody who knows the German society will know whether something is "just an opinion" or violates one of those laws just be looking at most statements. It's one of those "I know when I see it" definitions that is shared among Germans. That being said courts have created very narrow and clear precedent on those laws.
Those are all opinions. An opinion is a view or judgement on a given item. Just because they are opinions you do not like doesn't make them anything more than opinions.
>Nobody moves the definition every day and it has nothing to do with encryption nor can those laws ever used against encryption by definition as they all include doing something in public.
Nobody moves to definition? Talk to me about the use of spyware on citizens, I'm pretty sure that definition just got moved.
>Probably everybody who knows the German society will know whether something is "just an opinion" or violates one of those laws just be looking at most statements. It's one of those "I know when I see it" definitions that is shared among Germans. That being said courts have created very narrow and clear precedent on those laws.
Well if the state say so then it has to be okay right?
You will probably not even find a reasonable number of people living in Germany in favor of repealing those laws let alone something near a majority. Those laws are ok because the people living here are ok with those kinds of hate-speech laws. If you don't like it you are free to stay away from Germany.
Some comments comparable to those in question are curated at a tumblr blog (https://perlen-aus-freital.tumblr.com/). Those comments are anything but a political statement against Merkel's policies. They are born out of pure hatred.
The “no censorship (with some exceptions)” law in our constitution is
usually interpreted in the sense that you can say, write, show,
publish anything you want and that only afterwards a court can
rule that it’s violating some law and censor it („Verbot der
Vorzensur“). This principle is turned upside down when the government
demands that private companies do the censoring and all public
oversight is lost.
Also: I’m pretty sad that gone mad „Asylkritiker“ are here too :( I
always thought of hackernews as this little civilized island.
Merkle and co. are trying to manipulate public opinion through the destruction of contrarian thought from the public realm.
Those laws are also not created by "Merkel and co." but decades old and introduced by the allies after the second world-war.
On a related note, the hate speech laws have not been introduced by the Merkel government.
When you stand on the street and loudly demand that specific people or groups of people should be killed or injured in specific ways, that's a different matter from just saying those same people shouldn't be allowed into the country or should be deported.
One is demanding a change in policy or political action. The other is demanding vigilante "justice" and lynching.
This has nothing to do with Merkel (who btw is a conservative -- her refugee policy has been the single most liberal thing she did since entering office) and everything to do with upholding the constitution and the state of law.
Whether you demand the murder of refugees, nazis or antifa, if you openly do so while addressing the public, you are committing a crime under German law. The law protects all humans, not just refugees.
Doing hate speech against ethnic groups or sympathize with Hitler in public is no problem for Facebook it seems (German: Volksverhetzung). Here in Germany it is and was against the law!
At the same time USA and facebook is getting crazy and deletes posts immediately if you see naked female body parts! This is not against any law here in Germany.
So what is more dangerous for the public?
Anecdotally speaking, FB & TW are doing an awful job of complying with Merkel's "supposed orders" as I see people dissing her and her policies esp. immigration whether for or against all the time and in German too.
On the sidelines of a United Nations luncheon on Saturday, Merkel was caught on a hot mic pressing Zuckerberg about social media posts about the wave of Syrian refugees entering Germany, the publication reported.
The Facebook CEO was overheard responding that "we need to do some work" on curtailing anti-immigrant posts about the refugee crisis. "Are you working on this?" Merkel asked in English, to which Zuckerberg replied in the affirmative before the transmission was disrupted.
Don't you think that something that grave would warrant official communications instead other than informal exchange of words without a single mention of refugees or immigrants?
Much ado about nothing!
The concern with the NSA is dragnet surveillance. The concern with the Bundestrojaner is pinpoint surveillance (plus the high risk of third party abuse of infected systems and the chance of infecting unrelated systems).