Remote Forensic Software – Online-Überwachung and the Austrian law
1. December 2009
I am currently reading the excellent document Erweiterung des Ermittlungsinstrumentariums zur Bekämpfung schwerer, organisierter und terroristischer Kriminalitätsformen („Online-Durchsuchung“), a very good report about the different aspects of remote computer surveillance (including pros/contras, problems, legal questions etc.).
This is especially for our company important, because we are working on the “Remote Surveillance Software”. At DeepSec I presented some of its parts. Of course there is a lot of critics about the usage of a “federal trojan”, however you should read the above document. As they are saying, it is necessary to be in consent with the Verhältnismäßigkeitsgrundsatz (principle of proportionality) which would make it difficult because there are other ways to investigate available.
There is a good summary about the Endbericht zur Online-Durchsuchung written by Univ.-Prof. Dr. Bernd-Christian Funk.
Some issues I want to comment technically (and which I think are very important and missing in the document):
- Seite 13: Verhinderung der Nachahmung “muss jede eingebrachte Komponente in einem hohen Maße einzigartig bzw. hinreichend stark personalisiert sein.”
This would not be software itself, but the used communication servers and protocols. It would be nonsense to develop a new trojan for every suspect, however, it would make sense to have different keys for encrypting the communication and changing investigation protocols for every suspect (e.g. what to look for). - Seite 93: (im engsten Sinne) als „Suche nach verfahrensrelevanten Inhalten auf Datenträgern, die sich nicht im direkten Zugriff der Strafverfolgungsbehörden befinden, sondern nur über Kommunikationsnetze erreichbar sind“ (Anfragbeantwortung im dt Bundestag)
That means we are searching for data not available through forensic analysis of the hard disk, but for data available only in volatile memory.
It is important to differ between Online Durchsuchung and Online Überwachung, the one means to “read” the hard disk, the other to surveil the suspect. Both are currently illegal, because a search warrant (the first) has the character of a real person making the search warrant and offering the possibility to hand over searched materials freely.
The summary of the end report (cite), which I am personally joining:
Für Österreich besteht Einigkeit darüber, dass die heimliche Infiltration informationstechnischer Systeme auf Zwecke der Strafverfolgung beschränkt bleiben und nicht auf den präventiven Bereich erstreckt werden soll.
hello,
i’ve tried to send you an e-mail but i couldn’t find one.
i would like to ask you something, since you have a huge expertise in this issues, have you thought about writing a book or an online manual about how to a ‘normal’ citizen protect himself from the goverment surveillance as well as how to protect our privacy online?
thanks,
[...] intelligence service) published the annual Verfassungsschutzbericht. Previously I wrote [1] and [2] about the BVT. It is in my personal interest because Pichlmayr told in the complaint letter the [...]
Actually, I’m not a fan of “Online-Durchsuchung”, I find the idea but still good, especially if these have been considered in areas of change in