It was passed by Angela Merkel’s government under the cover of obscurity earlier this summer, buried in a requested update to the German penal code and other laws. The provocative clause allowed for the surveillance and recording of telecommunication: Government agencies are now legally permitted to develop hacking tools to peer into users’ systems.
Put simply, law enforcement agencies have been given cover to hack into the electronic devices of suspects, by exploiting any security vulnerabilities they might find. This will be done, for example, by uploading Trojans onto suspects’ smartphones, allowing authorities to read messages from apps like WhatsApp, Skype or email. Until now, law enforcement had only been able to pull off this trick against suspected terrorists. Under the new law, the purview has been extended to include suspects of other serious offenses such as murder, tax evasion and counterfeiting.
For a country that has long placed a premium on privacy, particularly after the experiences of those under East German rule in the Cold War, such moves were always going to be controversial. The German state as a hacker has long been a criticism levied by data privacy and civil rights activists, but the new law has brought these once-fringe activists together with business representatives of the digital branch and IT security industry. That’s because it effectively places the government at cross purposes with IT firms, whose job it is to close the very security vulnerabilities that law enforcement agencies hope to exploit.