Bavarian Police Can Legally Place Trojans On PCs

An anonymous reader writes "The Bavarian Parliament passed a law that allows Bavarian police to place 'Remote Forensic Software' (Google translation) on a suspect's computer as well as on the computers of a suspect's contacts. They may break into houses in secret to install the RFS if a remote installation is not possible; and while they are there a (physical) search is permitted too. The RFS may be used to read, delete, and alter data." The translation says that RFSs may be used in cases of an "urgent threat to the existence or the security of the Federation or a country or physical, life or liberty of a person... Even where there is a reasonable assumptions on concrete preparatory acts for such serious offenses."

Yes,

[Daimanta (1140543)]

but does the trojan run on linux?

Re:Yes,

[brunokummel (664267)]

but does the trojan run on linux?

Funny how the context allows a "does it run on linux" joke get modded up as insightful....

...What about the Soviet Russia jokes? Will they get mod as informative?

Re:Yes,

[Daimanta (1140543)]

In the German state Bavaria, the police trojans you!

No, it simply doesn't have that ring to it.

In German state of Bavaria

[by Anonymous Coward]

Polizei in lederhosen kann deine computerhosen.

Re:Yes,

[by Anonymous Coward]

Hey, at least they use trojans when they screw you.

Re:Yes,

[KiloByte (825081)]

If they are allowed to break in, they can install a hardware keylogger. Which yes, does run against linux.

Re:Yes,

[MacDork (560499)]

I think the bigger threat here is that they can break into your house without your knowledge and search it in secret. I guess the Gestapo taught them nothing.

Re:Yes,

[by Anonymous Coward]

Yeah, cause it's nothing like the PATRIOT act in the US

Please

[Orion Blastar (457579)]

Bill Clinton had Carnivor [wikipedia.org] and Magic lantern [wikipedia.org] for this sort of thing long before Bush was even in the White House, around 1995.

The Federal government has been violating due process and the US Constitution since FDR was in office.

Don't try and pretend that Bush was the first to do this sort of thing with the Patriot Act, all he did was use it to amend the Constitution.

Re:Please

[scaryjohn (120394)]

The Federal government has been violating due process and the US Constitution since FDR was in office.

Really? We didn't violate due process before FDR? I know you were trying to make a point, but what about Wilson? [wikipedia.org] Lincoln? [wikipedia.org] Jackson? [wikipedia.org] Or Adams? [wikipedia.org] How about Washington? [wikipedia.org]

Re:Yes,

[colinrichardday (768814)]

Come on, now. I'm pretty sure the Gestapo knew how to break into houses and search them in secret.

Re:Yes,

[Hal_Porter (817932)]

When I was in Munich I had a phone and a PC. The PC had voicemodem so it could act as a answering machine / fax machine. I got some cables to plug it into the phone socket. And the wierd thing is I could get the phone to work or the PC but not both. It turns out that German phone sockets will only allow one device to be connected. Someone said that this was to "prevent eavesdropping. In Germany this is regarded as important because of our experience of Nazism".

I said something like "if the Nazis tapped phones they presumably did it at the exchange, not by having some sinister dude in a leather coat, monacle and jackboots sitting in the spare room taking notes". The German guy explaining gave me a very dirty look.

Re:Yes,

[Pogue Mahone (265053)]

I moved to Germany 10 years ago, and that confused me too. Some of the multi-way phone sockets have a "priority" system - the rightmost (or leftmost - I forget which) gets the line. If you look inside the box it's a simple break-switch. Also the N and F type connectors are very confusing. But if you take the boxes apart and wire everything in parallel it just works as normal.

I assumed that the system was devised to prevent overloading - most commercial exchanges have some kind of limit on how many phones they can support. In the UK it's called "ringer equivalence number" and if you exceed it they don't guarantee that your phones will work. In practice it's the ringers that fail first.

Sorry, you are wrong

[kju (327)]

Sorry, most of what you said or suspected is wrong. The system is actually a very clever design which prevents interruption of data/fax calls by the phone and in fact also eavesdropping from another phone inside the house.

The "multi-way phone sockets" are usually of the NFN-Type. Here F means "Fernsprecher" (Phone) while N means "Nicht-Fernsprecher" (Non-Phone). The socket is designed so that the line goes first to the left N socket , then to the right N socket and finally to the F socket. The phone will always be the last in chain. A non-phone device (fax, modem) plugged into one of the N sockets is supposed to have two electronic switches inside which will chain-through the line to the next socket when the device does not use the line. So if you are not sending a fax or surfing the net, you will be able to use the phone normally. However when the fax/modem takes over, the phone will be cut off. This clever trick prevents you from interfering with the transmission by picking up the phone.

As you are not supposed to plug two phones into one box, this also prevents eavesdropping. Overload prevention is not the reason. There were and are devices available which either are put before the NFN-box and allow to wire another NFN-box or contain a F or NFN socket themselves. Both will allow to wire a second phone and of course you could use more than one of these devices. These device however contain a automatic switch will will cut-off the other phone when one is in use. But they will all ring.

Re:Sorry, you are wrong

[kju (327)]

A non-phone device (fax, modem) plugged into one of the N sockets is supposed to have two electronic switches inside which will chain-through the line to the next socket when the device does not use the line. So if you are not sending a fax or surfing the net, you will be able to use the phone normally. However when the fax/modem takes over, the phone will be cut off. This clever trick prevents you from interfering with the transmission by picking up the phone.

One addition: The design can also be used to detect if the chained-through phone is picked up. This allows to design for example a answering machine (plugged into N) in such a way that the machine automatically stops when the phone is picked up, allowing the human user to "take over" the call from the machine.

Re:

[drinkypoo (153816)]

I said something like "if the Nazis tapped phones they presumably did it at the exchange, not by having some sinister dude in a leather coat, monacle and jackboots sitting in the spare room taking notes". The German guy explaining gave me a very dirty look.

The Nazis paid rewards for informers. Lots of people got turned in by people they trusted, including people they lived with, who found out that they were a jew.

Of course, telling secrets into a phone whose wire goes... where!?! It's just stupid anyway. But you can't expect people to be rational or informed at the best of times, and those weren't them.

Re:Yes,

[umghhh (965931)]

The original post has few problems

1. the link does not work - I suppose it was meant to be this:
http://www.heise.de/newsticker/Bundesrat-will-heimliche-Online-Durchsuchungen-auf-Terrorabwehr-beschraenken--/meldung/110466 [heise.de]

2. this article says that Bavaria did NOT managed to extend existing proposal on searching, eavesdropping etc, existing proposal is maybe not that nice but it was apparently less harmful politically than the Bavaria's extension.

Besides similar laws (lows?) already exist although not really in such drastic form. OTOH secret services do what it wants anyway - Germans violated its own and other countries' law to get account data of tax criminals. I believe there are countries where even suspicion that evidence was produced illegally or on information received illegally would nullify the whole proceeding. In Germany it apparently is not that important how you get your data as long as you can prosecute whoever you want. I guess each country has its quirks when it comes to powers that the state has.

Re:Yes,

[Pogue Mahone (265053)]

Here's the real link:
http://www.heise.de/newsticker/Bayerischer-Landtag-setzt-den-Bayerntrojaner-frei--/meldung/110426 [heise.de]

It's from yesterday. The story you link to is today's and is talking about the Bundesregierung as opposed to the Staatsregierung Bayern. Roughly speaking, it's the equivalent of Federal and State government in the US.

The article says that the law has no chance of survival - it's pretty clearly in violation of the German constitution, and most Germans take their constitution *very* seriously.

My take is that it's a typical "bargaining play": aim for the moon, and if you fall on the clouds, well, it's still better than the hilltop position that you really wanted. Compare the tactic with the *IAA's lobbying. They ask for outrageous new laws, everyone gets upset and writes to their reps, the law eventually gets watered down, and everyone goes home happy, failing to notice that the *IAA have achieved yet another step along the way to their goal of total control.

Re:

[hyades1 (1149581)]

These swine seem to come around just about every generation and attempt to throw individual rights into the nearest garbage can. What frightens me, though, is that each time, the technology to make their efforts more likely to succeed gets better and better.

Re:Yes,

[svank (1301529)]

Because no one will notice that their freakin' operating system got changed.

Re:Yes,

[Zemran (3101)]

China has quietly been spending as much as the US on their military (without the outgoing expense of 2 theatres of war) for 10 years and has 2,000,000 soldiers in uniform. 10 years ago your view would have been stupid but nowadays it is worrying that people have not noticed how the world has changed. China is already stronger than the US and is growing while the US is in decline. Russia is already back in the frame and growing fast. The US could easily be in 3rd place in 10 years time if people do not wake up soon.

People talk about the 1990s as if Russia collapsed but it did not. It had 4 times the military that the US had and it could not cope with the cost. It cut right back at a speed which looked like collapse but they kept all the good stuff (titanium hulled subs etc.) and grew from that. They are back in the game and growing fast.

I was in China 10 years ago (I look forward to going back) and could see no reason why they would want to rise up against anything. The country is so different from the picture painted in our media that it was hard to recognise it. I was in Russia 5 years ago (and hated the place) and saw a people wholeheartedly behind their government.

If we, in the west, do not pull our heads out of our arses we will end up losing a major conflict soon as we will end up having to fight in Taiwan or North Korea and we could easily be on the losing side if we still think that Chinese missiles are 1950 models when they took our designs 10 years ago and improved on them.

Bavaria?

[Eudial (590661)]

In my ignorance, I asked myself "where the hell is Bavaria?". So I wiki'd it [wikipedia.org]. Turns out, it's in Germany.

The more you know...

Re:

[furrydave (1309299)]

I'm happy I wasn't the only one :-).

I also enjoy the beer (wait... that's Brava...). oh well.

Sadly, I also realized I had no idea where Colorado was yesterday. I think I need to spend a few hours with a map and un-dumb myself...

Re:

[neomunk (913773)]

The best geography tutorial I've ever had was a game called Hearts of Iron 2. Nothing like learning about the names and basic geographical features of the world while moving various types of military units across the landscape. Cursing a province with mountains by name as your troops take months to march and/or roll through them makes it memorable, especially if you lose your beachhead because your goofy MechInf decides to take 2 weeks going a distance that would take them 2 days, if it were plains they a

Re:Bavaria?

[K. S. Kyosuke (729550)]

In another news, California was found to be a US state! Film at eleven.

Re:

[hedwards (940851)]

China

Yeah, Wiki got...

[TransEurope (889206)]

...the point! http://img512.imageshack.us/img512/9159/germanybavariaalpschurcob4.jpg [imageshack.us]

Re:Where?

[RiotingPacifist (1228016)]

Thats simply because not enough of it is on fire to make it stand out on google earth!

Re:

[Oswald (235719)]

Well, yeah, except that Wyoming isn't in the center of Europe (as Bavaria nearly is), doesn't have Munich as a capital, wasn't the site of Dachau concentration camp, and has in general been of no importance to anyone throughout western history. Trust me, even living in the U.S., not knowing where Bavaria is, is ridiculous.

So...

[furrydave (1309299)]

Does this imply that they can install a virus on my PC in Canada if I'm talking to a suspect in Bavaria?

I hope not.

Will this code be safe? What if it opens the infected PC up to access by hackers and the PC is damaged or materials (virtual) are stolen? Is there any liability for the police?

This is strange...

[Pig Hogger (10379)]

I thought that the memories of the Geheime Staatspolizei made sure the germans would never approve of such things...

Re:This is strange...

[KingOfBLASH (620432)]

I thought that the memories of the Geheime Staatspolizei made sure the germans would never approve of such things...

Most people who were alive to see World War II Germany have passed on. I think this allows the forgetfullness we see across the world -- and unfortunately is allowing history to repeat itself in the restriction of rights in many countries...

Re:

[Reziac (43301)]

WW2 was before my time, but I grew up during the Cold War. It's definitely scary to watch our country turn into the backside of the Iron Curtain that we worked for so long to tear down.

Re:

[flyingfsck (986395)]

Hitler started his run in a beer house in Bavaria. What goes around, comes around.

Forensic?

[gruntled (107194)]

Um, "forensic" software is typically designed to *prevent* the alteration of data. Otherwise you can't reliably go into court and prove that you haven't planted the evidence. Last I heard, Germany still embraced the concept of due process...

Not sure whether this is a crazy law passed by some locals that will be struck down by German courts, a bad write up, or a bad translation...

Re:Forensic?

[satmd (1265572)]

Yes, the translation is mostly correct, but is missing few details: The Verfassungsgericht (highest judicial institution over here) stated that this kind of investigation is illegal and put very high barriers on it... for the whole of Germany. AND they put up a new consitutional right on "digital privacy". The barrier is that high that it should be near to impossible to implement the trojan in a way to stay within law. Now the Bavarians thought they know better and updated their local laws and declared them to be "in accordance" with the new barriers (which they most likely are not and thus are going to get that struck down again). Also... they are NOT allowed to physically enter the house/rooms/flat/... in order to install the trojan. They have to deploy it remotely by dialup or internet. If that was allowed they could secretly search through your other belongings, which is explicitely forbidden to happen with the owner not being around. People have the right to witness a raid or execution of a search warrant. And yes, the risk of alteration is real, so the so-called evidence will probably be very weak and should not last very long in court. Yet, I fear that the "evidence" might be remembered and used to investigate into other activities. Police may use evidence from one case to prove another case. THIS is very dangerous.

fud, Fud, FUD!

[jps25 (1286898)]

I know this is slashdot and jumping at anything so we can scream 1984!!! POLICE STATE!!11!!! gets you modded informative or insightful, but this slashdot article is just crap.

The "Bundestrojaner" will only be used as a last resort and in defense to terrorism, as you can read here in an article posted today, denying the Bavarian request to use it for other crimes not directly related to terrorism.
Poor google translation:
http://translate.google.com/translate?u=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2FBundesrat-will-heimliche-Online-Durchsuchungen-auf-Terrorabwehr-beschraenken--%2Fmeldung%2F110466&hl=en&ie=UTF8&sl=de&tl=en [google.com]

Ah, screw it. 1984!!! ORWELLIAN STATE!! BURN THE WITCHES!

Re:fud, Fud, FUD!

[witherstaff (713820)]

Oh sure and the US Patriot Act was only for terrorists. It'd never be used improperly or wrongly [msn.com]

bullcrap

[unity100 (970058)]

The "Bundestrojaner" will only be used as a last resort and in defense to terrorism

when the law that allows the police to monitor ALL communication (email, gsm, landline) at all times, without needing any warrant was passed here, (turkey) and gave the daily running of the operation to a small board that would be directly appointed by the prime minister and his cabinet, many idiots believed that 'only as a last resort and in defense against terrorism' bullshit too.

then somehow the private conversations of opposition party members who have had a strife with the administration have been l

Encrypted Drives

[nurb432 (527695)]

If you encrypt your drive, and don't leave it running while you are gone, unless they guess your password not much they can do.

Inadmissible?

[ThatsNotFunny (775189)]

If the software they install can delete and alter files, how can any evidence they procure be admissible in a court of law?

Ironically it is admissible

[Orion Blastar (457579)]

in a court of law even if the trojan is programmed to download porn and other things over the Internet. I can recall American employers using trojans like that to fake employees surfing the Internet too much to fire them for it. "He surfed for porn for more than 5 hours each day, so he fired him" when really the trojan surfed porn and planted it on his computer. They do that sort of thing when they want to discriminate against an employee for their religion, race, color, national origin, disability, age, ge

Typo in title

[gmuslera (3436)]

Barbarian Police Can Legally Place Trojans On PCs

very efficient

[speedtux (1307149)]

RFSs may be used in cases of an "urgent threat to the existence or the security of the Federation or a country or physical, life or liberty of a person...

Apparently, they are drawing on a century of experience that Germany has with intrusion into people's private lives, both under right wing and left wing extremist states. Even the language of the law itself is... classic.

Fruit of the Poisoned Vine

[redelm (54142)]

Ah well, the Bavarians are doing their independence thing, sharply deviating from the Federal Verfassungsgericht. And probably from the EU Charter of Rights and Freedoms. They know it, and are doing it precisely for that effect.

But watch: there will be abuses immediately (cops cannot help themselves, they have a compulsion to "fight crime") and in about 3 years one will be egregious and funded enough to make it to seriously senior courts. Then one of these (especially the EU) will seek to exert its' jurisdiction with a ruling like the US "fruit of the poisoned vine" doctrine.

Odd thing is, the bayricherbeamter are anything but stupid and may even see and desire this.

So, this is what one needs to do:

[mlwmohawk (801821)]

Run Linux
Encrypt Boot and home disks.
Encrypt everything.
md5sum *everything*
Boot off a knoppix or install CD periodically.
Keep a spare motherboard around and/or change motherboards frequently.
Always buy a name brand ethernet card that is a different chipset than your motherboard.
Run wireshark on your laptop which you *NEVER* let out of your sight.

Remember, thieves will only steal your stuff. The government will steal your life and liberty if it is politically possible.

I think I spot a teeny, tiny flaw...

[nick_davison (217681)]

The RFS may be used to read, delete, and alter data.

So, getting this straight... They have the right to modify data in ways that can't be [reasonably] detected... and then they can use this data to press charges?

"Of course not your honor! It was different data we changed. The incredibly convenient file that says, 'I am guilty, it's a fair cop, guv! Oh yeah, it was me!' was there all along."

You're on incredibly shaky ground when you allow the police to manufacture information where they may subsequently use information to support charges. As soon as one dirty cop gets caught manufacturing evidence, you've devalued the entire method for gaining it. How long before the standard defense becomes, "My client has never seen that file before. Given the police routinely add and modify files on people's computers, prove beyond a reasonable doubt that they didn't put it there themselves and then change the logs to simply make it look like my client did it."

Re:

[Creepy Crawler (680178)]

It'd be fun to disassemble, thats for sure.

Re:

[KingOfBLASH (620432)]

A trip wire like for a land mine or methods of destroying the data? I wonder how the defense would stand up in court "I'm sorry judge, if they'd presented me with a warrant I could have given them what they wanted -- but my anti-corporate espionage system destroyed all my data"

Re:Threat to liberty...

[Hatta (162192)]

Yeah it's funny when you put it that way, but that's how it usually is. When a government takes an action under the guise of national security, the nation is actually less secure because a stronger government is a greater threat to liberty.