Exclusive
Status: 07.09.2021 12:56
The BKA has bought controversial spy software from Israel – and is already using it to monitor smartphones. Federal Interior Minister Seehofer is said to be according to information from NDR, WDR and SZ allegedly not been informed.
It was an unusual meeting of the Interior Committee that took place on Tuesday morning in the German Bundestag. It was classified as “secret” and that has to do with the subject matter it was about. The federal government should report to the MPs whether German security authorities are using the controversial espionage software “Pegasus” from the Israeli company NSO. The Trojan can be used to spy on smartphones extensively, and it can even be used to monitor encrypted communication.
So far, the government and the authorities have refused to provide any information. Now, albeit behind a closed door, the Federal Ministry of the Interior and the Federal Criminal Police Office (BKA) broke their silence. Yes, the BKA bought a version of the “Pegasus” software, the deputy head of the authorities Martina Link is said to have confirmed to the parliamentarians in the interior committee.
Last year negotiations were held with the Israeli manufacturing company NSO to buy the Trojan and a contract was finally signed in the fall – at a time when there were already numerous reports of possible misuse of the software. For example, the suspicion that the program is being used by authoritarian states against members of the opposition and critics of the regime. Since March of this year, a modified version of the spy software has been used by the BKA in Germany, Link is said to have reported to the parliamentarians.
Legal requirements not met
In its standard version, “Pegasus” is too powerful, the program did not meet the legal requirements in Germany, the BKA Vice-President is said to have declared. The Trojan did not make any distinction between source telecommunications monitoring, i.e. reading and listening to ongoing communication such as chats, and online searches, secretly spying on photos and other data stored on a mobile phone. There is also insufficient logging of what the software is doing on a target device.
In July, a consortium made up of international media and Amnesty International revealed that NSO had sold the “Pegasus” Trojan to numerous countries, where the program was apparently also used against opposition activists, journalists and human rights activists. NSO denies this and claims not to know which target persons are being monitored by the customers with the software.
Modified “Pegasus” version?
The company NSO Group is said to have agreed in negotiations with the BKA last year to develop a modified version of “Pegasus” that meets all the requirements of German law. It was technically improved and finally a software was presented that was checked by the BKA and considered to be constitutional, BKA Vice President Link is said to have reported in the Bundestag. The BKA then acquired this Trojan. The costs would amount to a single-digit million amount.
According to the deputy head of the agency, the BKA ensured that no sensitive data would end up with the NSO company. For example, hash values are assigned to telephone numbers so that the company cannot identify the target persons. In addition, NSO had contractually assured them that no data would flow to the company.
Seehofer allegedly not informed
So far, the “Made in Israel” state Trojan has been used by the BKA in a mid-single-digit number of investigations. These are said to be proceedings in the area of terrorism and serious and organized crime. None of the proceedings has so far been completed. The BKA had also offered the purchased Trojan to the state criminal police offices, but they had not yet made use of it.
The Federal Ministry of the Interior had been informed about the procurement process, but Federal Interior Minister Horst Seehofer had not been informed about the purchase. A representative of the ministry in the interior committee is said to have said that this is not necessary either, the BKA is allowed to decide independently on the acquisition of such tools.
The involvement of the Federal Data Protection Officer or other authorities is also not legally necessary. However, the BKA coordinated its review of the “Pegasus” version with the Federal Office for Information Security (BSI) and sent the test report to the authority responsible for IT security.
In the past few years, the Israeli company NSO Group had tried several times to sell its products to German authorities. There should have been meetings with the BKA as early as 2017 and later with the Bavarian State Criminal Police Office. At that time, however, no contract should have been concluded.