The German government has taken the controversial decision to allow intelligence agencies to use malware for the purpose of monitoring people under suspicion.
A spokesman for the German interior minister announced on Monday that authorities would be able to use government-developed trojan software to infect a suspect's computers and mobile devices. The only reason the malware can be deployed, however, is if lives are at risk or the state is threatened. Additionally, a court order will be required to use the software.
"Basically, we now have the skills in an area where we did not have this kind of skill," said the spokesman. The ministry also pointed out that the program was already endorsed by members of the government in autumn 2015.
Privacy advocates are not happy about the ruling, with many groups claiming it crosses the line between the need to monitor dangerous individuals and basic privacy rights.
"We do understand the needs of security officials, but still, in a country under the rule of law, the means don't justify the end," said Konstantin von Notz, deputy head of Germany's Green party.
The software must not monitor any activities other than communications, but a spokesman from Germany-based hacker association Chaos Computer Club (CCC) has expressed doubt that this really will be the case. Frank Rieger said that the technical capabilities of the government's malware needed to be reduced. "It's almost like you're watching people think, if you're reading as they type," he said.
Germany's constitutional court ruled in 2008 that the government must respect an individual's right to confidentiality when it comes to data stored on information technology systems. Monitoring must be limited to a suspect's communications with the outside world.
The CCC reverse engineered and analyzed a "lawful interception" malware program used by German police forces back in 2011. The group found that the software could "not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet."