German states say “federal trojan” used within legal boundaries
The reaction following CCC’s claims that a government-made “lawful interception” Trojan has abilities that exceed those allowed by the nation’s legislature was rather swift – Joachim Herrmann, the Interior Minister of the Bavaria has confirmed (via Google Translate) that the Trojan in question has been used occasionally by their agencies, but only to effect telecommunication surveillance of suspects.
He also said that it could not be confirmed yet whether the sample that the CCC hackers have analyzed is a test version from the development phase or one that was actually used, but that an investigation into the matter will be mounted to make sure that there was no overstepping of legal boundaries. The Trojan has allegedly been used in 2009.
The confirmation came after a German Lawyer by the name of Patrick Schladt said a client of his had the Trojan installed on his computer during a customs check and that it definitively had screenshot-grabbing capabilities. He said that he was the one who provided this particular sample to the CCC for analysis.
According to Deutsche Welle, a number of other German states – Baden-Württemberg, Brandenburg, Schleswig-Holstein and Lower Saxony – have also confirmed that they have used the Trojan in criminal investigations.
Following requests from security experts, privacy advocates and politicians, federal government spokesman Steffen Seiber confirmed that there will be an investigation into the matter on a federal level. Hopefully it will not only address the use of the Trojan by the authorities, but also the allegations that its features can easily be misused by third parties.