23.06.2017

eco: State Trojan Must Not Undermine IT Security on the Internet

On the legislative amendment concluded yesterday in the German federal parliament for the use of so-called “State Trojans” for the surveillance of messenger services on smartphones, eco Director Professor Dr. Norbert Pohlmann comments:

“Similar to what we have already seen with blanket data retention, we are again dealing with a law for which not all of the consequences have been thoroughly thought through. As a society, we want to push digitalization forward in order to successfully shape the future. The state needs to create framework conditions for this, to ensure appropriate levels of IT security and adequate trust in the Internet. The surveillance law approved yesterday unfortunately goes – despite all recognition of the sovereignty of the state in matters of law enforcement – in completely the opposite direction and may lead to a damaging weakening of IT security in the Internet, if not to the endangerment of the entire process of the digitalization of society and industry. This is especially the case if the “State” itself makes use of so-called Zero-Day Exploits for placing State Trojans. The exploitation of such vulnerabilities represents a great risk both for companies and for individual privacy, and must not be allowed to become standard practice for law enforcement. Whether this legislative amendment – which includes the use of Lawful Interception at the Source and online searches – is constitutional, is something the courts must decide.”

Prof. Dr. Norbert Pohlmann
© eco - Verband der Internetwirtschaft e.V.