Data protector 'cannot check police spyware'
Germany’s top data protection official has complained he cannot test how a spy computer program used by the police works – because the firm that made it will not help him examine it and the police do not have the source code.
The Frankfurter Rundschau newspaper reported on Wednesday that Peter Schaar, the government’s data protection commissioner, was unable to check the Trojan program being used by the federal criminal police (BKA).
Schaar wrote in a letter that he was unable to check whether the spyware is doing more than it should and could – and that the BKA did not have the source code of the programs supplied by the company DigiTask.
He had been asked by the parliamentary domestic affairs committee to look into the controversial spyware – but he told the committee’s chairman Wolfgang Bosbach he could not do so.
“The manufacturers have made access dependent on contractual agreements, which I cannot accept,” wrote Schaar, adding that the firm was demanding he sign a legal gagging clause, and would charge €1,200 a day for the access. The BKA has said it would not pay.
He said he was unable to look at the source code in order to check it for legal data protection concerns, and said the BKA should have insisted the code be included in its order for the spyware.
DigiTask earns several hundred thousand euros from the state each year, the Frankfurter Rundschau said.
“An investigation method must be above all legal suspicion. We only want software which can do what it is allowed to do. I would understand if the data protection commissioner complains,” said Bosbach.
The Trojan spyware was hacked and heavily criticised last year by IT experts from the Chaos Computer Club, an association of computer and privacy experts.
The program allows security forces to monitor people’s computers and, it is alleged, to engage in unconstitutional activities such as controlling the camera and microphone of someone’s computer.