Police get broad phone and computer hacking powers in Germany

The German parliament has waved through a massive expansion of police hacking powers.
Written by David Meyer, Contributor

Germany's coalition government has significantly increased police hacking powers by slipping a last-minute amendment into a law that's nominally supposed to deal with driving bans.

While the police have so far only been allowed to hack into people's phones and computers in extreme cases, such as those involving terrorist plots, the change allows them to use such techniques when investigating dozens of less serious offences.

In Germany, the authorities' hacking tools are widely known as Staatstrojanern, or state trojans. This term essentially refers to malware that the police can use to infect targets' devices, to give them the access they need to monitor communications and conduct searches.

The types of crime where investigators can now use this malware are all of the variety where existing law would allow them to tap a suspect's phone. These range from murder and handling stolen goods to computer fraud and tax evasion.

According to the government, the spread of encrypted communications makes traditional wiretapping impossible, so the authorities need to be able to bypass encryption by directly hacking into the communications device.

However, critics have pointed out that an immense amount of people's personal information is stored on their phones and computers, and authorities would have the technical ability to look at more than they should, if they hack their way in.

Germany's governing coalition of Angela Merkel's conservatives plus Martin Schulz's socialists used its overwhelming majority to push the change through on Thursday, ahead of the summer recess that begins in a week's time.

The opposition, while too weak to do much about it, had its say. The veteran Green politician Hans-Christian Ströbele, who will retire at September's election, decried the change as the coalition's "final attack on civil rights".

He also said it would weaken the "IT infrastructure as a whole" by deliberately maintaining the security vulnerabilities needed for the malware to work, and pointed out the irony in hiding a state trojan measure in the Trojan horse of a law that lets judges issue driving bans for non-vehicle-related criminal offences.

It remains to be seen whether the shift will stand up in the constitutional court. It's a near-certainty that someone will raise a constitutional challenge, and the court in Karlsruhe has previously been clear in strictly limiting the use of electronic searches to very serious cases, where life and limb are at risk.

Other European countries that give the authorities broad hacking powers include the UK thanks to last year's Investigatory Powers Act, and Spain through a 2015 update to the country's criminal procedure law.

More on Germany and technology

Editorial standards