Germany limits police spyware use to serious crimes

Germany’s top court ruled police can use spyware only for crimes punishable by at least three years in prison.

Germany’s top court ruled that police may only use spyware to monitor devices in cases involving crimes with a maximum sentence of at least three years.

“The interference with both the fundamental right protecting IT-systems and Art. 10(1) of the Basic Law caused by source telecommunications surveillance under § 100a(1) second sentence of the Code of Criminal Procedure cannot be justified insofar as such source telecommunications surveillance is permitted for the investigation of criminal acts which carry a maximum sentence of imprisonment of three years or less and therefore fall into the category of basic criminality.” states the Germany’s top court.

Germany’s top court reviewed a case from Digitalcourage challenging 2017 rules allowing police to use spyware to spy on encrypted chats and messages.

Plaintiffs argued that the rules allowed spyware to monitor encrypted communications of individuals not under investigation. The court agreed, restricting its use to serious cases.

Germany’s top court ruled that a 2017 change to the criminal procedure code lacked clarity on when spyware could be used. It determined that such tools are only appropriate for investigating serious crimes, and could expose citizens to surveillance activities posing a “very severe” intrusion into privacy. The decision limits the use of surveillance software, which can monitor encrypted communications, for cases meeting a high threshold of criminal severity.

“When considered in an overall assessment, source telecommunications surveillance causes a very severe interference with both Art. 10(1) of the Basic Law and the fundamental right protecting IT-systems. Manner and scope of the data collection, which occurs covertly and through direct circumvention of security mechanisms, in themselves intensify the interference with fundamental rights as source telecommunications surveillance permits access to data records which, in terms of their volume and variety, may by far exceed traditional sources of information. Source telecommunications surveillance enables the interception and analysis of all raw data exchanged and thus has an exceptional reach, particularly given the realities of modern information technology and its significance for communication relations.” concludes the statement. “The data that can be intercepted not only carries a vast variety of types of electronic communications, which can then be analysed. Given the ubiquitous and diverse use of IT-systems, all forms of activity of individuals and of human interaction are increasingly reflected in electronic signals and thus become accessible through source telecommunications surveillance in particular. On top of this, the integrity of an IT-system is adversely affected and its confidentiality is at risk.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, spyware)