Skip to main content
banner image
venafi logo

Germany’s “State Trojans” Given a Boost in Nation’s Ongoing Fight against Encryption

Germany’s “State Trojans” Given a Boost in Nation’s Ongoing Fight against Encryption

encryption and nation state attacks
July 12, 2017 | David Bisson

Lawmakers have broadened German law enforcement's ability to use malware to circumvent encryption as part of active criminal investigations.

On 22 June, the Bundestag--Germany's parliament--passed legislation broadening the hacking capabilities of the country's police. German law enforcement can now incorporate what's known collectively as "state trojans", or state-owned malicious programs, into over 30 types of criminal investigations including drug trafficking and money laundering.

The ruling coalition of the conservative CDU/CSU and the Social Democrats SPD was the major force behind expanding German police's use of state trojans. Michael Frieser, domestic policy expert of the CSU party, feels the broadened capabilities help "facilitate efficient, cutting-edge law enforcement that's keeping us all safe."

Interior minister Thomas de Maiziere is also pleased by the new measures. As quoted by Bitcoinist:

"We often see that criminals communicate using encrypted ways. Encryption protects a right for private communication. But it is not a carte blanche for criminals."

Germany's interior minister is a known opponent of encryption. In August 2016, he voiced his support for legislation that would compel mobile operators to grant law enforcement access to encrypted content as part of terrorist investigations. He later announced that Germany was considering legislation that would empower authorities to decrypt and read encrypted messages. An amendment proposed by the European Parliament could block the law, however.

State trojans enable law enforcement to bypass encrypted messaging apps like Signal and WhatsApp. Via the malware, German police can hack a device directly and obtain messaging communication before Signal or WhatsApp has a chance to encrypt it. These capabilities have Jan Korte MP (Left Party) concerned. As cited by Spiegel:

"State-sponsored hacking is much worse than a big malware attack, because nowadays the entire private life is stored on mobile devices, including photos, contacts, SMS, emails as well as location and movement data."

Along those same lines, President of the German Lawyers Association Ulrich Schellenberg told RT he considered it wrong to hide a "serious infraction of civil liberties" inside of a "regular adjustment bill… [and] push it through quickly and without discussion."

Nefarious individuals do abuse encryption. But that doesn't mean Germany and other countries should grant their law enforcement carte blanche to circumvent encrypted messaging apps. Encryption helps companies protect their corporate and customers' data, but state hacking undermines such safeguards. In the interest of these companies' ability to maintain trust with their customers, Germany should respect organizations' legitimate use of encryption as well as their investment in solutions designed to prevent key and certificate misuse.

Like this blog? We think you will love this.
Featured Blog

What Is an SSL Certificate and How Does it Enable Security

SSL Nomenclature

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more