eco Association on the State Trojan: Risks and Responsibility Must Not Be Offloaded onto Companies

eco Board member Klaus Landefeld urges the German Federal Council (Bundesrat) to vote against the obligation of companies to participate in state spyware

On Friday, 17 December, the German Bundesrat is to address the question of how the participation of companies in source telecommunication surveillance should be organised and technically implemented in the future.

eco – Association of the Internet Industry is sharply critical of the fact that companies may be legally obliged to make their telecommunications equipment available for the imperceptible installation of government spying software and the redirection of data.

Klaus Landefeld, Vice-Chair of the Board at the eco Association, says:

“For three reasons, I am critical of the obligation for companies to cooperate in the use of State Trojans. Firstly, the use of state spying software without legally regulated consideration by parliament is unconstitutional. The Federal Constitutional Court recently made this clear and the legislator must now follow suit. It is unacceptable that the source telecommunication surveillance allows online state searches which may even technically access past communications to some degree.

“Secondly, it is still unclear as to what extent the companies concerned do not bear risks and responsibility themselves. When in doubt, are companies liable if they have to cooperate in state-ordered online searches? It is imperative that the legislator rule out any chance of this risk and prevent this from happening.

“Thirdly, there is still no state information obligation if technical disruptions occur due to interventions by the intelligence services. Here, too, there is an urgent need for the legislator to act.

“I therefore appeal to the new German federal government to ensure the integrity of the Internet and services. It is good that, in their coalition agreement, the traffic light parties have clearly committed to not purchasing vulnerabilities and keeping them open; the renunciation of the State Trojan for the Federal Police also sends a signal in the right direction. I hope that the German federal government will also oblige state agencies to report vulnerabilities in practice from now on and consistently stop the use of Trojans for all state agencies as soon as possible.”