Legal Challenge

German State as Hacker?

  • Why it matters

    Why it matters

    IT security companies are fearful that keeping security vulnerabilities open will undermine trust and thereby threaten their bottom line. That in turn could even limit the digitalization of Germany’s economy if it stops companies from moving systems online.

  • Facts


    • The majority of German IT security association TeletrusT’s 300 members, which include tech giants like Microsoft, Siemens and SAP, must agree to support the constitutional complaint before it can move forward.
    • Last year, market researchers IDG and Cisco Germany estimated that 29 percent of German companies were planning on upping their IT security budgets within the next 12 months.
    • The US National Security Agency was reportedly aware of the systemic vulnerability exploited by the WannaCry virus but refrained from informing Microsoft about it.
  • Audio


  • Pdf
One of these connections goes to the German government. Source: Matthias Balk/dpa

It was passed by Angela Merkel’s government under the cover of obscurity earlier this summer, buried in a requested update to the German penal code and other laws. The provocative clause allowed for the surveillance and recording of telecommunication: Government agencies are now legally permitted to develop hacking tools to peer into users’ systems.

Put simply, law enforcement agencies have been given cover to hack into the electronic devices of suspects, by exploiting any security vulnerabilities they might find. This will be done, for example, by uploading Trojans onto suspects’ smartphones, allowing authorities to read messages from apps like WhatsApp, Skype or email. Until now, law enforcement had only been able to pull off this trick against suspected terrorists. Under the new law, the purview has been extended to include suspects of other serious offenses such as murder, tax evasion and counterfeiting.

For a country that has long placed a premium on privacy, particularly after the experiences of those under East German rule in the Cold War, such moves were always going to be controversial. The German state as a hacker has long been a criticism levied by data privacy and civil rights activists, but the new law has brought these once-fringe activists together with business representatives of the digital branch and IT security industry. That’s because it effectively places the government at cross purposes with IT firms, whose job it is to close the very security vulnerabilities that law enforcement agencies hope to exploit.

Want to keep reading?

Subscribe now or log in to read our coverage of Europe’s leading economy.