Online Search (Germany)

from Wikipedia, the free encyclopedia

Online searches mean that investigative authorities have access to the hard drive of a suspect's computer with the help of software, a so-called Trojan, installed while using the Internet . The data stored on the hard drive are transmitted to the authorities secretly and over a longer period of time. The online search is one of the covert investigative measures.

In criminal procedure law , a legal basis for online searches was created with Section 100b of the Code of Criminal Procedure with effect from August 24, 2017.

The online search is to be distinguished from the open search of the accused's computer in accordance with Section 110, Paragraph 3 of the Code of Criminal Procedure (StPO) and the source telecommunications surveillance ( Quelle TKÜ ) in accordance with Section 100a Paragraph 1 Clause 2 and 3 StPO.

Although the source TKÜ works in a technically similar manner, in contrast to online searches, which allow a comprehensive search of a device, the authority's access rights for the source TKÜ are basically limited to ongoing communication ( Section 100a (5) sentence 1 no. 1a StPO). With the source TKÜ, communication data may be recorded before it is encrypted or after it has been decrypted. Beyond that, however, no information should be obtained that could not have been obtained and recorded during the ongoing transmission process in the public telecommunications network ( Section 100a, Paragraph 5, Clause 1, No. 1b StPO). In the case of online searches, on the other hand, a computer system is searched extensively or specifically so that not only communication data, but all stored data such as chats, uploaded photos, written notes and website history can be viewed. From this, a comprehensive picture of the online behavior of a monitored person can be put together.

It is controversial whether this can actually be defined in practice.

Legal policy debate before the introduction of Section 100b StPO

politics

In the German government's 2006 program to strengthen internal security , online searches are described as a measure of searching remote PCs for process-relevant content without actually being present at the device's location”. Whether it is to be regarded as a search in the legal sense and to what extent it is to be equated with a search of an apartment or house (by which it would have to meet the constitutional requirements for laws encroaching on basic housing law , e.g. according to the German Code of Criminal Procedure ), is controversial among lawyers, although the Federal Government takes the view that for specific types of data, online searches are already covered by applicable law. An authorization basis has z. B. the customs investigation service as the authority initiating the measure. For this purpose, a program for source telecommunications monitoring (also known as sources TKÜ, the monitoring of telecommunications on the computer before it is encrypted) is installed and used if the content is encrypted in traditional telecommunications monitoring.

The Bavarian state government declared on 16 May 2007 to bring a bill to online searches for law enforcement purposes to the parliamentary road. The Bavarian draft law was introduced to the Federal Council on July 4, 2008, but failed there.

In July 2007, federal agencies inquired about the Computer and Internet Protocol Address Verifier monitoring program used by the Federal Bureau of Investigation . It is unknown whether the program or information about how it worked was passed on to federal agencies.

According to a statement by member of the Bundestag Hans-Peter Uhl , state Trojans have been used by state and federal authorities around 35 times a year for the purpose of online surveillance since 2009. Uhl sees Leutheusser-Schnarrenberger as responsible for any breaches of law that may have occurred.

On October 8, 2011, the Chaos Computer Club announced that it had been leaked several versions of state espionage software known in the media as the “state” or “Bavaria Trojan”. He published the extracted binary files of a version together with an assessment of the technical analysis and a report on the scope of functions and criticized their use by investigative authorities, which violated the judgment of the Federal Constitutional Court. On October 10, 2011, the Bavarian Minister of the Interior, Joachim Herrmann, announced that this software was in connection with an investigation in 2009. Following a decision by the Landshut Regional Court on January 20, 2011, this implementation was illegal.

In the opinion of the Bundestag member Peter Altmaier , state and federal authorities could not comprehensively demonstrate the constitutional harmlessness of the DigiTask Trojan.

Civil society and media

Data protectionists also criticize the online search as a massive invasion of privacy , which is why a petition was submitted to the Petitions Committee of the German Bundestag on December 22, 2006 .

In August 2007 it became known that an employee of the BND was using the technical possibilities for private purposes. According to a press release by the Bavarian Commissioner for Data Protection in August 2007, there is a risk that citizens will lose confidence in official electronic communication ( e-government ). The "e-government projects in the federal and state governments that have been driven forward with billions in expenditure up to electronic tax returns (ELSTER) and electronic health cards " are named here.

In the blogger scene, the term Stasi 2.0 arose from the impression of a surveillance state, based on the Ministry for State Security of the GDR ( Stasi for short ) as a term for Schäuble's tightened security laws. As a result, the so-called Schäublone , a portrait of Wolfgang Schäuble with the subtitle Stasi 2.0, was distributed in some areas of Germany .

Against the background that the existence of an institution that has access to information systems of the citizens represents a considerable weakening of the national IT security, the former President of the BND and the Federal Office for the Protection of the Constitution, Hansjörg Geiger , has the introduction of an independent "citizens' attorney" demanded who safeguards the rights of those affected because he does not consider judicial control to be sufficient.

A case from Frankfurt am Main in 2011 is an example of the unpredictability of damage : a senior federal police officer installed a Trojan horse on his daughter's computer of his own accord in order to monitor her computer activities. However, a friend of the girl noticed the "Trojan": He turned the tables and instead monitored the police officer's data traffic. This security hole, opened by the federal police officer himself, subsequently led to the hacker being able to penetrate the network of the federal police. As a result, the police server for the Patras observation program had to be shut down temporarily.

In February 2012 it became known that the Federal Criminal Police Office had saved phone sex recordings using Trojans.

Jurisprudence

Federal Court of Justice

The admissibility of online searches for purposes of criminal prosecution (repressive online searches) was disputed within the Federal Court of Justice .

First of all, the 3rd Senate justified with a resolution of February 21, 2006 "the search of the personal computer / laptop used by the accused [...], in particular the files stored on the hard drive and in the RAM". The search of the accused's PC database without his knowledge is covered by the authorization norm of § 102 StPO. This provision of the Code of Criminal Procedure regulates open house and apartment searches .

With a resolution on November 25, 2006, however, the 1st Senate rejected this legal opinion. A corresponding application of the provisions on searches (Section 102 StPO) is out of the question for secret access to a computer for the purpose of criminal prosecution because of the prohibition of analogy in criminal law . An online search takes place without the knowledge of the person concerned, while the law for a conventional search requires the presence of witnesses (cf. § 105 Paragraph 2 StPO) and the owner (see § 106 Paragraph 1 StPO) of the search object or his Provide representative.

The Federal Prosecutor General's complaint against this decision was rejected by the 3rd Criminal Senate with a decision of January 31, 2007 and followed the case law of the 1st Senate. The "covert online search" is not permitted in the absence of an express authorization. It could not be based on § 102 StPO or § 100a StPO. In particular, § 100a StPO does not allow covert online searches. There is the secret surveillance of telecommunications, i. i. the exchange of communicative elements between the suspect and a third party, which was not present during the secret online search. This "serious interference with the right to informational self-determination " requires a special authorization basis. Individual elements of authorization to intervene should not be combined in order to create a basis for a new, technically possible investigative measure. This contradicts the principle of the legal reservation for encroachment on fundamental rights ( Art. 20 Abs. 3 GG) as well as the principle of norm clarity and factual determination of criminal procedural interference norms.

Federal Constitutional Court

In a judgment of February 27, 2008, the Federal Constitutional Court decided on the powers of the constitutional protection authorities to collect various data, in particular from information technology systems, and to handle the data collected. If the state secretly acquires knowledge of the content of Internet communication in the technically intended way, this would constitute an encroachment on Article 10 (1) of the Basic Law. In contrast, when participating in publicly accessible communication content on the Internet, the state does not interfere with fundamental rights.

According to this, the general right of personality protects against interference in information technology systems, unless the protection is guaranteed by other basic rights, such as in particular Art. 10 or Art. 13 GG, as well as the right to informational self-determination . The fundamental rights guarantees of Art. 10 and Art. 13 GG in the form of the general right of personality developed up to then by the Federal Constitutional Court do not adequately take into account the need for protection created by the development of information technology. Insofar as the secret access to an information technology system is used to collect data, the existing protection gap should be closed by the general right of personality in its form as protection of the confidentiality and integrity of information technology systems .

The court derived this fundamental right, which was virtually newly created by the judgment, from the secondary function of the general right of personality, which in turn is based on Article 2, Paragraph 1 of the Basic Law in conjunction with Article 1, Paragraph 1 of the Basic Law.

"It protects the personal and private life of the bearers of fundamental rights from state access in the area of ​​information technology insofar as the information technology system as a whole is accessed and not just individual communication processes or stored data."

From a constitutional point of view, however, this did not mean that every online search is incompatible with the Basic Law. However, the particular proximity of the new "basic computer right" to human dignity creates a particular pressure to justify the legislature. Accordingly, there are the following requirements for the constitutionality of a legal authorization to search online:

  • The regulation must be definite enough, i.e. H. it must describe in detail the prerequisites for intervention.
  • The regulation may only allow online searches for the benefit of extremely important legal interests such as life, limb and freedom of the person as well as goods of the general public whose threat affects the foundations or the existence of the state or the foundations of human existence.
  • The regulation must contain precautions to protect the core area of ​​private life.
  • In the case of criminal procedural online searches, the legal basis must list the circumstances of the event (the serious criminal offenses) in the form of a catalog and contain the restriction that the offense must also weigh heavily in individual cases.
  • In the event of an online search under hazard prevention law, the regulation must require a specific risk for one of the legal interests mentioned.
  • The regulation must finally establish a judge's reservation for preventive control and contain a subsequent notification obligation.

Practical implementation

Infection of IT systems

Pictorial representation of the " Federal Trojan " ( Chaos Computer Club , 2007)

Performing an online search requires prior infiltration of the target system. There must be a program on the system that enables permanent monitoring. Programs that open up access to the target system are colloquially called "state" or "federal Trojans". In the security industry such types of (harmful) software as Govware (of English government , government '), respectively. Programs that allow continuous monitoring of a system are as remote forensic software ( Remote Forensic Software) called (RFS).

In order to physically access a target device, an undercover agent can secretly enter an apartment and install spy software on a PC there. Remote access is also possible by exploiting security gaps in an IT system. Finally, the manipulation of the user offers various options for causing an infection, for example through phishing or sending e-mails under the name of an authority.

In March 2011 and January 2012 the Federal Criminal Police Office (BKA) held talks with the “ Hacking Team ” company in Milan in order to collect information on the “Remote Control System” product “as part of a normal market survey”. According to BKA officials, this is supposed to be a specific keylogger . This should be installed either fully electronically or by observants personally in the apartment directly on the suspect's computer. In this form, the online search is necessarily coupled with entering the suspect's home so that the entire information gathering measure is successful.

Regardless of the technology used, it was doubted whether targeted online searches in particular could be promising when using common communication technology such as routers , firewalls and anti-virus scanners . However, experts were of the opinion that the monitoring interface already in use, for the implementation of telecommunications monitoring Prescription -measures with any Internet provider in Germany must be installed without major problems for introduction of Trojans during any unsecured Software - Downloads be reprogrammed could - a classic man-in-the-middle attack , against which even the best firewall is powerless. In order to rule out such an attack, one would have to restrict oneself to signed files when downloading programs . However, there have been individual cases in which signed software from an official download source contained malware. Many free operating systems do this with the GNU Privacy Guard anyway. However, very few Windows software vendors sign their downloads. You also need a guaranteed real version of the respective public key. Antivirus program manufacturers such as Avira and Kaspersky Lab have already ruled out a cooperation with the BKA. Virus protection programs offer only limited security through the detection of typical behavior and already known program patterns using generic and heuristic procedures, since state Trojans spread atypically and must first be known to the manufacturers in order to have them reliably recognized in their virus protection programs by current virus signatures . To make matters worse, Trojans or spy programs depend on the cooperation of the operating system (and must be specially tailored to this).

Technical details

Hexdump with identification of VoIP services and chat programs
Hexdump with identification of the web browser

On October 8, 2011, the Chaos Computer Club released the version 3.4.26 binaries of a government monitoring program for 32-bit operating system versions of Windows . The FAZ published part of the disassembled program code that the CCC had given the label "0zapftis" (with a leading zero). This made-up word established itself as the name of the malicious program, along with other terms used in the media such as “State Trojan” or “Bavaria Trojan”. The Trojan consisted of the files “mfc42ul.dll” and “winsys32.sys”.

According to F-Secure , which gave the program the name Backdoor : W32 / R2D2.A , the installation on a target computer can e.g. B. by the program scuinst.exe ( S kype C apture U nit Inst aller). The program monitors u. a. VoIP calls via Skype or Sipgate , has a keylogger and makes screenshots of active chat and web browser windows. By establishing a connection to command and control servers with the IP numbers 83.236.140.90 ( QSC in Hesse, Germany) and 207.158.22.134 ( Web Intellects in Ohio, USA), the monitoring program can also load other programs to expand the functionality that content on the hard drive of the infected computer could then change.

The Chaos Computer Club criticized, among other things, that the investigated Trojans “not only divert extremely intimate data”, but “also offer a remote control function for reloading and executing any further malware”. Furthermore, due to “gross design and implementation errors”, there are glaring security gaps in the infiltrated computers arise "which can also be used by third parties." Federal Minister of the Interior Hans-Peter Friedrich confirmed that the reloading function of the state Trojan is intended and is used by the surveillance authorities to reload additional modules. In a statement that thus turned out to be a false statement , the Bavarian State Criminal Police Office denied the existence of the reload function to the Landshut District Court in August 2010. The reload function is also available in the newer version 3.6.44 of the Trojan, which u. a. was used in December 2010, remains active. Friedrich rejected an independent review of the security and constitutional conformity of the surveillance programs. A more recent version, which was investigated by Kaspersky Lab , also supported 64-bit Windows systems and contained 15 applications.

The software analyzed by the Chaos Computer Club was developed by the Hessian company Digi Task GmbH - Society for special telecommunication systems u. a. developed on behalf of the Bavarian State Government . A lawyer for the company confirmed that DigiTask had programmed the malware, but defended himself against the allegation of incompetence and stated: "It is quite possible that software delivered in November 2008 no longer meets the security requirements today." The said on the constitutional concerns Lawyer, "the limits of the application are not to be observed by the company, but by the authorities." According to information from the Bavarian State Ministry of Justice and Consumer Protection , "DigiTask" charges a one-time fee of 2500 euros for the installation and deinstallation of the software and 3500 euros per month for “Skype capture” and 2500 euros for “SSL decoding” per “measure”. In addition, "DigiTask" recommends leasing two proxy servers , one of which should be located "overseas", for the purpose of disguising the IP address of the surveillance authorities . After the program became known and published, the various antivirus manufacturers included it in their databases and it has been recognized by their anti-virus programs ever since. According to experts from Kaspersky Lab and Symantec, a conventional virus protection program is sufficient to protect against this Trojan.

The German Federal Criminal Police Office founded the DigiTask User Group in July 2008 to coordinate the use of the software within Europe . Security authorities in Baden-Württemberg and Bavaria met twice a year with authorities in Switzerland , Belgium and the Netherlands . The group was later renamed the Remote Forensic Software User Group . The MP Andrej Hunko , on whose question the information was made public, criticized that the BKA's “cross-border secrecy” only becomes public through “tough research”.

In May 2012, the news magazine Der Spiegel reported that the Federal Criminal Police Office had not yet succeeded in developing its own state Trojan. In August 2014, Der Spiegel reported, referring to the response from the Federal Ministry of the Interior to MP Hunko, that the Federal Trojan was completed and ready for use. A solution for source telecommunication monitoring is "currently in the implementation phase after completion of the architecture work".

Introduction of § 100b StPO

Legal regulation

The legal basis for online searches for the purpose of criminal prosecution has been the new Section 100b of the Code of Criminal Procedure (StPO) since Article 3 of the Act on the More Effective and Practical Design of Criminal Proceedings came into force on August 24, 2017 . There the online search is legally defined as intervention with technical means in an information technology system used by the person concerned and the collection of data from it, even without the person concerned being aware of it.

In addition to classic PCs, the term information technology system includes “all devices controlled by a microprocessor, including cell phones (smartphones), organizers or servers and routers through to so-called smart household appliances or so-called digital assistants (e.g. 'Alexa' from Amazon, 'Hello' from Google, 'Cortana' from Microsoft or 'Siri' from Apple). "

Not only all newly added communication content, but also all content stored in the IT system and the user behavior of the person can be monitored.

In the legal literature it is discussed whether § 100b StPO also authorizes the investigative authorities to switch on microphones or cameras of networked systems themselves and thereby to record audio and video signals in the sense of a “large-scale spying attack”. That is mostly rejected. Section 100b of the Code of Criminal Procedure only covers the - passive - collection of relevant data from the use of the system by the person concerned.

Online Search Requirements and Procedures

The measure requires an application from the public prosecutor's office and a written order from the responsible regional court by a chamber not dealing with main proceedings in criminal matters ( Section 100e (2) sentence 1 StPO, Section 74a (4 ) GVG ). The order is to be limited to a maximum of one month. An extension for a further month is permitted. If the duration of the order has been extended to a total of six months, the higher regional court will decide on further extensions.

The online search must not only provide information from the core area of ​​private life ( privacy ), which must be technically ensured ( Section 100d Paragraph 1, Paragraph 3 StPO). Such findings may be subject to a prohibition on exploitation ( Section 100d (2) of the Code of Criminal Procedure). The same applies to statements made by those entitled to refuse to testify ( Section 100d Paragraph 5 StPO, Section 53 StPO).

The order presupposes a justified suspicion that the accused has committed or attempted to commit a particularly serious crime , that the act is particularly serious in individual cases and that the clarification of the facts would otherwise be significantly more difficult or futile ( Section 100b (1) No. 1–3 StPO).

Which particularly serious criminal offenses justify an online search is regulated in Section 100b (2) No. 1–7 StPO. According to this, relevant catalog offenses are certain offenses from the penal code such as endangering the democratic constitutional state, the formation of criminal organizations or the formation of terrorist organizations , the distribution, acquisition and possession of child pornography as well as murder and manslaughter , also from the Asylum Act , the Residence Act ( smuggling crime ) , the Narcotics Act , the War Weapons Control Act , the International Criminal Code and the Weapons Act .

Constitutional Complaints

Since 2018, a number of constitutional complaints from lawyers, artists and journalists, including some members of the German Bundestag, have been pending at the 2nd Senate of the Federal Constitutional Court on the question of whether the changes to the Code of Criminal Procedure, in particular the The possibility of arranging the so-called source telecommunication monitoring and the online search by means of the so-called "state trojan" are constitutional. The responsible rapporteur is Sibylle Kessal-Wulf .

The complainants include members of the FDP and the Pirate Party , TeleTrusT - Bundesverband IT-Sicherheit, the Digitalcourage Association as well as the Society for Freedom Rights (GFF) and the German Lawyers Association (DAV).

Use of software

The Federal Criminal Police Office (BKA) has had three programs for several years: two self-developed systems - called Remote Control Interception Software (RCIS) 1.0 and 2.0 - and FinSpy, the commercially acquired software from FinFisher . The attorney general has in 2019 more than 550 new terrorism procedures initiated, but requested the use of the source TKÜ or online searches in any of these cases. The reason is the still "immense technical effort" to develop suitable software for the target device.

Further authorization bases

Law on the Federal Criminal Police Office

According to Art. 73, Paragraph 1, No. 9a of the Basic Law, the federal government has exclusive legislative competence for the defense of the dangers of international terrorism through the Federal Criminal Police Office in cases in which there is a transnational danger, the competence of a state police authority is not recognizable or the highest state authority requested to take over.

Section 20k of the BKA Act as amended by the Federal Criminal Police Office against the dangers of international terrorism of December 25, 2008 provided for a covert intervention in information technology systems without the knowledge of the person concerned. In a ruling of April 20, 2016, the Federal Constitutional Court declared the Federal Criminal Police Office's authorization to use secret surveillance measures to be compatible in principle with the fundamental rights of the Basic Law, but Section 20k BKAG and other provisions in their version at the time, in conjunction with Article 2, Paragraph 1 with Art. 1 Abs. 1, Art. 10 Abs. 1, Art. 13 Abs. 1 and 3 - also in connection with Art. 1 Abs. 1 and Art. 19 Abs. 4 GG - for incompatible. The design of such powers, which extend deep into private life, must meet the principle of proportionality and require special regulations to protect the core area of ​​private life as well as the protection of those who are subject to professional secrecy, are subject to requirements for transparency, individual legal protection and supervisory control and must be accompanied by deletion obligations with regard to the data collected be flanked.

The law on the restructuring of the Federal Criminal Police Office Act of June 1, 2017 also served to implement this judgment. Section 49 (1) sentence 3 in conjunction with Section 5 BKAG nF authorizes online searches for the purpose of defending against the dangers of international terrorism of transnational importance and largely corresponds to the previous Section 20k, in order to avoid uncertainties in the application of the law, however, there was an express regulation of the risk situation, which was carried out in advance of a specific Danger justifies an intervention in information technology systems. Section 49 (5) BKAG new version implements the requirements of the Federal Constitutional Court on the application to be submitted. Section 49 (7) BKAG new version provides for an independent body to review information from covert interference in information technology systems.

In its response to a small inquiry in 2018, the Federal Government stated that a new organizational unit had been created within the BKA for the "legally and data protection compliant implementation of IT surveillance measures". Your job is to develop and procure the software you need. They also monitor compliance with legal and technical requirements when using the software.

Federal Constitutional Protection Act

In the Federal Constitutional Protection Act there is currently (as of January 2020) no legal basis for an online search by the Federal Office for the Protection of the Constitution .

According to media reports, however, since March 2019 there has been a draft law for the harmonization of constitutional protection law (“Draft BVerfSchG”), also a law for the “modernization of the Federal Office for the Protection of the Constitution (BfV)” from the Federal Ministry of the Interior. This draft also provides for authorization for online searches and for source TKÜ in order to infect cell phones and computers with spy software not only in public places, but also in private homes. In response to a corresponding small request , the federal government does not want to provide any insight into opinion-forming processes that have not yet been completed. According to the rulings of the Federal Constitutional Court , Parliament's powers of control only extend to processes that have already been concluded and do not include the authority to intervene in ongoing negotiations and preparation of decisions.

Back in March 2005, the then Federal Minister of the Interior Otto Schily (SPD) was asked by the President of the Federal Office for the Protection of the Constitution, Heinz Fromm , to create a way to secretly spy on suspects' computers. According to the Parliamentary State Secretary in the Federal Ministry of the Interior, Peter Altmaier (CDU), online investigations have been made possible by secret service instructions since 2005 . The Parliamentary Control Committee was only informed in July 2005 .

It is disputed whether online searches are permitted as an intelligence tool . According to the Federal Ministry of the Interior, the secret searches of PCs for the Federal Office for the Protection of the Constitution , the Military Counter-Intelligence Service (MAD) and the Federal Intelligence Service (BND) should be allowed.

The decision of the Federal Court of Justice of January 2007 cannot be used directly to answer the question of admissibility in the field of intelligence services. It relates solely to the legal basis for the area of ​​law enforcement, while special intervention regulations exist for the area of ​​apron observation by the intelligence services.

After it became known at the beginning of March 2009 that the online search and keylogger had been used by the BND within the framework of a general power of attorney in at least 2500 cases, experts from the governing coalition and the opposition called for a clearer legal basis in order to exclude illegal actions.

State constitution protection laws

North Rhine-Westphalia took on a pioneering role with its FDP-led interior ministry. Since December 30, 2006 , the protection of the constitution was allowed to “secretly observe and otherwise investigate the Internet, in particular covert participation in its communication facilities or the search for them, as well as secret access to information technology systems using technical means” to obtain information . A constitutional complaint was lodged against this provision , which the Federal Constitutional Court upheld on February 27, 2008. Section 5 (2) No. 11 of the Law on the Protection of the Constitution in North Rhine-Westphalia (VSG-NRW) was declared unconstitutional and thus null and void. According to § 5 Abs. 2 Nr. 11 VSG NRW nF, the monitoring of non-public communication content is permitted, but online searches are excluded.

The right to carry out an online intelligence search for the State Office for the Protection of the Constitution, which was envisaged in the 2018 draft law of the parliamentary groups of the CDU and Bündnis 90 / Die Grünen for a law to realign the protection of the constitution in Hesse , was not resolved, but is in accordance with. Section 15c HSOG for the purpose of averting danger by the police.

The Brandenburg Constitutional Protection Act was reformed in June 2019 without introducing online searches.

The Bavarian State Office for the Protection of the Constitution has the authority to covert access to information technology systems in accordance with Article 10 of the Bavarian Constitutional Protection Act. The regulation takes into account in particular the BKAG ruling of the Federal Constitutional Court of 2016.

Police laws of the federal states

The coalition agreement for the 19th legislative period of March 12, 2018 provides for the development of a joint model police law to ward off the dangers of Islamist terror . One does not want zones of different security in Germany.

At the state level, there have been various efforts to amend the state police laws since 2018 . One of the legally controversial powers, depending on the majority in the state parliaments, is online searches. The decisions of the Federal Constitutional Court of February 27, 2008 and April 20, 2016 are also decisive for state legislation.

state law Authority Standard
Baden-Württemberg Police Act (PolG) planned
Bavaria Police Task Act (PAG) Art. 45 PAG
Berlin General Safety and Order Act (ASOG)
Brandenburg Brandenburg Police Act (BbgPolG) no
Bremen Bremen Police Act (BremPolG) no
Hamburg Law for the Protection of Public Safety and Order (SOG) no
Hesse Hessian law on public safety and order (HSOG) § 15c HSOG
Mecklenburg-Western Pomerania Safety and Order Act (SOG MV) planned
Lower Saxony Lower Saxony Police and Regulatory Authorities Act (NPOG) Section 33d NPOG
North Rhine-Westphalia Police Act of the State of North Rhine-Westphalia (PolG NRW) § 20c Polg NRW (TKÜ)
Rhineland-Palatinate Police and Regulatory Authorities Act (POG) Section 31c POG
Saarland Saarland Police Act (SPolG) no
Saxony Police Act of the Free State of Saxony (SächsPolG) (since January 1, 2020 Saxon Police Authorities Act - SächsPBG) no
Saxony-Anhalt Law on Public Safety and Order of the State of Saxony-Anhalt (SOG LSA) no
Schleswig-Holstein Section 3 of the State Administration Act (Sections 162 ff. LVwG) planned
Thuringia Police Task Act (PAG)

Selection of literature (chronological)

  • Florian Meininghaus: Access to e-mails in criminal investigations . Kovac, Hamburg 2007, ISBN 978-3-8300-3158-1 .
  • Jörg Ziercke : Pro online search . In: Informatik Spektrum , Volume 31, Issue 1/2008, pp. 62–64.
  • Fredrik Roggan (Ed.): Online searches - Legal and factual consequences of the BVerfG judgment of February 27, 2008 , Berliner Wissenschaftsverlag, Berlin 2008, ISBN 978-3-8305-1560-9 .
  • Werner Beulke / Florian Meininghaus: The public prosecutor as a data traveler - clandestine online searches, remote access and mailbox monitoring . In: Heinz Schöch / Gunter Widmaier (eds.): Criminal defense, revision and the entire criminal law studies: Festschrift for Gunter Widmaier on his 70th birthday . Heymanns, Cologne 2008, ISBN 978-3-452-26938-6 , p. 63-79 .
  • André Weiß: Online searches in criminal proceedings . Kovac, Hamburg 2009, ISBN 978-3-8300-4550-2 .
  • Anne Gudermann: Online searches in the light of constitutional law. Kovač, Hamburg 2010, ISBN 978-3-8300-5004-9 . (Diss. Univ. Münster (Westf.), 2009).
  • Christoph Herrmann: The basic right to guarantee the confidentiality and integrity of information technology systems - development and perspectives , Frankfurt / Main 2010
  • Friedemann Vogel: Traces of battle in the legislative discourse: The debate about the standardization of "online searches" from a legal linguistic perspective. In Sprachreport 3/2011, pp. 7-14 (PDF; 1.1 MB).
  • Thomas A. Bode: Covert criminal investigative measures . Springer, Berlin 2012, series of publications by the Law Faculty of the European University Viadrina Frankfurt (Oder), ISBN 978-3-642-32660-8 .
  • Franziska Schneider: Legal framework for carrying out online searches - online searches as a means of combating terrorism in Germany and the USA . Lang, Frankfurt am Main 2012, ISBN 978-3-631-63697-8 .
  • Friedemann Vogel: Linguistics of legal norm generation. Theory of legal norms discursivity using the example of online searches . de Gruyter, Berlin / New York 2012, ISBN 978-3-11-027839-2 . (= Language and knowledge 6)
  • Dieter Kochheim: Online search and TKÜ sources in the Code of Criminal Procedure - Reorganization of the deep technical intervention measures in the StPO since August 24, 2017 Kriminalpolitische Zeitschrift KriPoz 2018, pp. 60-69

Web links

Individual evidence

  1. Christoph Keller, Frank Braun: Telecommunications surveillance and other covert investigative measures. Richard Boorberg Verlag , 3rd edition 2019, ISBN 978-3-415-06552-9 . Reading sample .
  2. Art. 3 of the Act on the More Effective and Practical Design of Criminal Proceedings of August 17, 2017, Federal Law Gazette I p. 3202
  3. cf. BGH, decision of January 31, 2007 - StB 18/06
  4. Bernd Heinrich , Tobias Reinbacher: Online search as of October 1, 2019
  5. Bernd Heinrich , Tobias Reinbacher: Sources Telecommunication Monitoring Status: October 1, 2019
  6. Markus Sehl: Leaked draft law shows BMI plans: Secret services want access to PC, smartphone and Alexa Legal Tribune Online , March 28, 2019
  7. ^ Source TKÜ and online searches - necessity, state of affairs and framework conditions. In: https://www.bka.de/ . BKA, accessed on January 1, 2019 .
  8. Questionnaire of the Federal Ministry of Justice. (PDF 283kB) Federal Ministry of the Interior , August 22, 2007, p. 2 , accessed on February 14, 2016 .
  9. Christian Rath: Start at the perpetrator's computer. Interview with BKA boss Ziercke. In: taz.de . March 26, 2007, accessed February 14, 2016 .
  10. Detlef Borchers: Civil rights activists are discussing online searches with the chief of the BKA. In: heise.de . September 22, 2007, accessed February 14, 2016 .
  11. Detlef Borchers: Online Search: Is the Hard Drive an Apartment? In: heise.de. July 25, 2007, accessed February 14, 2016 .
  12. Printed matter 16/6885 answer of the federal government to the small inquiry. (PDF 81kB) Rule of law problems when monitoring telecommunications over the Internet. German Bundestag , October 30, 2007, accessed on February 14, 2016 .
  13. Printed matter 16/7279 answer of the federal government to the small question. (PDF 74kB) Rule of law problems in the monitoring of telecommunications via the Internet (request on Bundestag printed paper 16/6885). German Bundestag, November 27, 2007, accessed on February 14, 2016 .
  14. Stefan Krempl: Federal Council wants to limit secret online searches to counter terrorism. In: heise.de. July 4, 2008, accessed February 14, 2016 .
  15. CIPAV? (PDF 2.7MB) In: Federal Bureau of Investigation . July 24, 2007, archived from the original on May 23, 2012 ; accessed on February 14, 2016 .
  16. Kim Zetter: Germany Sought Info About FBI Spy Tool in 2007. In: Wired . October 13, 2011, accessed February 14, 2016 .
  17. ^ State Trojans: Authorities spied on computers 100 times. In: Spiegel Online. October 15, 2011, accessed February 14, 2016 .
  18. Decision of January 20, 2011. Az. 4 Qs 346/10. Landshut Regional Court , January 20, 2011, accessed on February 14, 2016 .
  19. Kai Biermann: Surveillance Trojan comes from Bavaria. In: zeit.de . October 10, 2011, accessed February 14, 2016 .
  20. a b c Chaos Computer Club analyzes state Trojans. Chaos Computer Club , October 8, 2011, accessed February 14, 2016 .
  21. a b The German state Trojan was cracked. In: faz.net . October 8, 2011, accessed February 14, 2016 .
  22. ^ A b Kai Biermann : Online search: CCC exposes federal Trojans. In: zeit.de. October 8, 2011, accessed February 14, 2016 .
  23. ^ Jürgen Kuri: CCC cracks state trojans. In: heise.de. October 8, 2011, accessed February 14, 2016 .
  24. Peter Altmaier: My new life among pirates. In: Frankfurter Allgemeine Zeitung . October 13, 2011, accessed February 14, 2016 .
  25. Code of Criminal Procedure: Electronic search of databases. German Bundestag, archived from the original on March 6, 2008 ; accessed on February 14, 2016 .
  26. Andreas Förster: Official under suspicion. In: Berliner Zeitung . August 31, 2007, accessed February 14, 2016 .
  27. Data protection officer Betzl: Considerations about federal Trojans must not endanger eGovernment. Press release. The Bavarian State Commissioner for Data Protection (BayLfD), August 30, 2007, accessed on June 24, 2017 .
  28. The best Federal Trojan images - Schliemann's heirs. In: sueddeutsche.de. September 3, 2007, accessed February 14, 2016 .
  29. Südwestrundfunk (SWR) Ex-BND boss calls for "citizens' attorney" in the online search Hansjörg Geiger wants to strengthen the rights of those affected on presseportal.de
  30. ↑ Hacker attack on the federal police: Nasty greeting to the curious papa. In: Spiegel Online. January 8, 2012, accessed February 14, 2016 .
  31. Konrad Lischka and Richard Meusers: Data protection report: BKA saved telephone sex recordings by Trojan horse. In: Spiegel Online. February 20, 2012, accessed February 14, 2016 .
  32. BGH, decision of February 21, 2006 , Az. 3 BGs 31/06; StV 2007, p. 60 ff. M. Note Beulke / Meininghaus
  33. ^ BGH decision of November 25, 2006 , Az. 1 BGs 184/2006; BeckRS 2007 00295
  34. Decision of January 31, 2007. (PDF 89kB) Az. StB 18/06. BGH, January 31, 2007, accessed on February 14, 2016 .
  35. cf. Ulf Buermeyer: The "online search". Technical background of covert sovereign access to computer systems . In: HRRS 4/2007, pp. 154-166
  36. a b c d e Guidelines on the judgment of the First Senate of February 27, 2008. Az. 1 BvR 370/07 and 1 BvR 595/07. Federal Constitutional Court , February 27, 2008, accessed on February 14, 2016 ( full text of the judgment ).
  37. Law amending the law on the protection of the constitution in North Rhine-Westphalia of December 20, 2006 (GVBl NW, p. 620)
  38. Heribert Prantl: A battle for Troy. In: sueddeutsche.de. February 28, 2008, accessed February 14, 2016 .
  39. Rolf Schmidt : Police and Regulatory Law 19th Edition 2017, p. 108 ff, para. 308l
  40. Sophos: We will also stop government Trojans. In: internet.com . February 6, 2007, archived from the original on April 30, 2007 ; accessed on February 14, 2016 .
  41. ^ Konrad Lischka: Online searches: Federal Trojans are ready to spy. In: Spiegel Online . August 28, 2007, accessed February 14, 2016 .
  42. Dirk Fox: Realization, limits and risks of the “online search” (PDF; 317 kB) . In: DuD 11/2007, pp. 827-834
  43. Benjamin Derin, Sebastian Golla: Police may use state Trojans, but often not install them Netzpolitik.org, May 18, 2019
  44. Outrage over Trojan plans. In: netzeitung.de . August 29, 2007, archived from the original on October 13, 2011 ; accessed on February 14, 2016 .
  45. The Federal Criminal Police Office and the hacked hacking team Response of the federal government to a small inquiry, BT-Drs. 18/5779 of August 17, 2015
  46. Stefan Krempl: "Bundestrojaner" is now supposedly called "Remote Forensic Software". In: heise.de. August 3, 2007, accessed February 14, 2016 .
  47. Lutz Herkner: Hacking for the State. In: The time . May 17, 2007, accessed February 14, 2016 .
  48. Jörg Donner: Federal Trojan in the Computer. In: sueddeutsche.de . December 7, 2006, archived from the original on May 4, 2008 ; accessed on February 14, 2016 .
  49. Jürgen Schmidt: Federal Trojan: Goes what - what goes. Technical options for online searches. In: heise.de. March 11, 2007, accessed February 14, 2016 .
  50. Volker Birk: The state as a burglar: clandestine online searches are possible. In: Telepolis . March 3, 2007, accessed February 14, 2016 .
  51. Nils Weisensee: Controversial online searches: attack on the unsuspecting. In: Spiegel-Online. July 5, 2007, accessed February 14, 2016 .
  52. ^ Ole Reissmann, Christian Stöcker, Konrad Lischka: Plumper Snoopers: Virus programs recognize the state trojan Der Spiegel , October 10, 2011
  53. a b Possible Governmental Backdoor found ("case R2D2"). In: F-Secure Weblog: News from the Lab. F-Secure , October 8, 2011, accessed February 14, 2016 .
  54. Markus Beckedahl: CCC on the inner workings of the federal Trojan. In: netzpolitik.org. October 9, 2011, retrieved on May 26, 2018 (The binary files published by the CCC do not contain the string “0zapftis”.).
  55. ^ Federal Trojan is actually a Bavaria Trojan. In: Financial Times Germany . October 10, 2011, archived from the original on October 11, 2011 ; accessed on February 14, 2016 .
  56. http://www.pc-magazin.de/news/diese-virenscanner-finden-den-bundestrojaner-1202731.html
  57. More Info on German State Backdoor: Case R2D2. In: F-Secure Weblog: News from the Lab. F-Secure , October 11, 2011, accessed February 14, 2016 .
  58. ↑ Locate IP (83.236.140.90). In: IP-address.com . February 14, 2016, accessed February 14, 2016 .
  59. Jürgen Kuri: Use of the State Trojan: Between a lack of legal framework and unconstitutionality. In: heise online. October 11, 2011, accessed February 14, 2016 .
  60. New allegations of the Chaos Computer Club: Also new state trojan illegal. In: stern.de. October 26, 2011, accessed February 14, 2016 .
  61. 0ZAPFTIS - Part 2 Analysis of Government Malware: Three years is a really long time in IT. (PDF 471kB) Chaos Computer Club, October 26, 2011, accessed on February 14, 2016 .
  62. Online search: Friedrich defends surveillance by Trojans. In: Frankfurter Allgemeine Zeitung. October 15, 2011, accessed February 14, 2016 .
  63. Tillmann Werner: Federal Trojan's got a “Big Brother”. In: securelist.com . October 18, 2011, accessed February 14, 2016 .
  64. The state Trojan can do even more. In: Frankfurter Rundschau . October 19, 2011, accessed February 14, 2016 .
  65. Commercial register: Wetzlar HRB 3177
  66. Oliver Voss: On the trail of the Trojan. In: wiwo.de . October 10, 2011, accessed February 14, 2016 .
  67. a b Matthias Thieme: Spy Software: The Private Behind the Federal Trojan. In: Frankfurter Rundschau. October 10, 2011, accessed February 14, 2016 .
  68. Jürgen Kuri: State Trojan: A spy software, among other things from Bavaria. In: Heise online. October 10, 2011, accessed February 14, 2016 .
  69. Confirmation by a lawyer: "Staatstrojaner" comes from Hessen. October 10, 2011, archived from the original on September 4, 2012 ; accessed on February 14, 2016 .
  70. ^ Konrad Lischka, Ole Reissmann: Staatstrojaner: DigiTask defends itself against allegations of incompetence. In: Spiegel online. October 12, 2011, accessed February 14, 2016 .
  71. Matthias Thiema: Computer Monitoring: transactions with the software run well. In: Mitteldeutsche Zeitung . October 11, 2011, accessed February 14, 2016 .
  72. Costs of telecommunications monitoring when using Voice-over-IP and the Skype software. (PDF 9,1MB) Bavarian State Ministry of Justice and Consumer Protection , 2008, archived from the original on February 23, 2016 ; Retrieved on February 14, 2016 (provided by Frankfurter Rundschau).
  73. mfc42ul.dll. In: VirusTotal . October 11, 2011, archived from the original on October 13, 2011 ; accessed on February 14, 2016 .
  74. ^ Ingo Arzt, Sebastian Erb and Martin Kaul: A Trojan is a Bavarian. In: taz.de. October 11, 2011, accessed February 14, 2016 .
  75. ^ Stenographic report, 138th meeting. (PDF 847kB) German Bundestag, November 9, 2011, archived from the original on November 20, 2011 ; accessed on February 14, 2016 .
  76. Andreas Wilkens: BKA initiated international state Trojan working group. In: Heise online. November 14, 2011, accessed February 14, 2016 .
  77. Lisa Hemmerich: Staatstrojaner: BKA fails because of software development. In: netzwelt.de . May 14, 2012, accessed February 16, 2016 .
  78. ^ Federal Trojan: BKA completes its first own Trojan. In: Spiegel Online. August 15, 2014, accessed February 14, 2016 .
  79. Law on the more effective and more practical design of criminal proceedings , Federal Law Gazette I p. 3202 (pdf), BT-Drs. 18/11277 (pdf)
  80. Bruns, in: Karlsruhe Commentary on the Code of Criminal Procedure , 8th edition 2019, § 100b Rn. 4th
  81. Bruns, in: Karlsruhe Commentary on the Code of Criminal Procedure , 8th edition 2019, § 100b Rn. 5
  82. cf. to the opinion level access to networked devices for the purpose of law enforcement. Framework conditions under criminal procedural law Scientific services of the German Bundestag , elaboration from 19 August 2019, p. 15 ff.
  83. cf. Graf, in: BeckOK StPO , 34th Edition, as of July 1, 2019, § 100b Rn. 16
  84. Federal Constitutional Court: Overview for 2019 Second Senate, No. 26
  85. Stefan Krempl: Extra-parliamentary opposition complains against surveillance laws June 28, 2017
  86. ^ "Bundestrojaner": TeleTrusT - Bundesverband IT-Sicherheit eV announces constitutional complaint. Press release of August 9, 2017
  87. Martin Holland: Federal Constitutional Court: Digital courage sues against state trojans heise online, July 27, 2017
  88. Gap in the private area New Germany , August 22, 2018
  89. New constitutional complaints against clandestine online searches with state Trojans haufe.de, August 27, 2018
  90. Florian Flade: Monitoring software: The federal Trojan that nobody uses tagesschau.de, October 25, 2019
  91. cf. Draft law by the Federal Criminal Police Office to avert the dangers of international terrorism dated July 11, 2007 ( Memento from September 2, 2009 in the Internet Archive )
  92. BGBl. I p. 3083
  93. cf. Florian Albrecht, Sebastian Dienst: The hidden sovereign access to information technology systems - legal questions of online searches and source TKÜ . In: JurPC . tape 5/2012 , January 10, 2012, paras. 1-65 ( online ).
  94. BVerfG, judgment of April 20, 2016 - 1 BvR 966/09, 1 BvR 1140/09 LS 3
  95. Internal security: Federal Constitutional Court declares BKA law to be partially unconstitutional Der Spiegel , April 20, 2016
  96. BGBl. I p. 1354
  97. ^ Draft of a law to restructure the Federal Criminal Police Office Act BT-Drs. 18/11163 of February 14, 2017
  98. Kurt Graulich : Tasks and powers of the Federal Criminal Police Office in the digital legal area - The law for the redesign of the BKAG in 2017 KriPoZ, accessed on January 11, 2020
  99. BT-Drs. 18/11163 of February 14, 2017, p. 118 f.
  100. BKAG - Drafts : Draft of a law to restructure the Federal Criminal Police Office act kripoz.de, accessed on January 11, 2020
  101. Information technology monitoring by the Federal Criminal Police Office and Customs BT-Drs. 19/522 of January 24, 2018, p. 6
  102. Against terror suspects: The protection of the constitution should receive permission for online searches FAZ , March 15, 2019
  103. Cybersecurity: CDU wants to expand the powers of the Office for the Protection of the Constitution and the Federal Police Süddeutsche Zeitung , December 29, 2019
  104. Inquiry to the draft of a law for the harmonization of the constitution protection law and secret entering of apartments Small inquiry, BT-Drs. 19/14602 of October 30, 2019
  105. BVerfGE 124, 78, 120 f.
  106. Inquiry on the draft of a law on the harmonization of constitutional protection law and on secret entry into apartments, response of the federal government to a small inquiry, BT-Drs. 19/15219 of November 14, 2019
  107. Michael Beyer and Kay Walter: Bug in the living room - online spying by the protection of the constitution. Rundfunk Berlin-Brandenburg , May 10, 2007, accessed on February 14, 2016 (blog about the program Kontraste from May 10, 2007).
  108. Secret services have been spying on for years. In: stern.de . April 25, 2007, accessed February 14, 2016 .
  109. Florian Rötzer: Ministry of the Interior: The Protection of the Constitution, MAD and BND can carry out online searches. In: Telepolis. March 24, 2007, accessed February 14, 2016 .
  110. Holger Stark: Digital espionage. In: Spiegel Online. March 9, 2009, accessed February 14, 2016 .
  111. Narrow boundaries for federal Trojans. Tagesschau.de , February 27, 2008, archived from the original on December 11, 2011 ; accessed on February 14, 2016 .
  112. Law on the protection of the constitution in North Rhine-Westphalia (Verfassungsschutzgesetz Nordrhein-Westfalen - VSG NRW) as of January 1, 2020 ,recht.nrw.de, accessed on January 16, 2020
  113. Hessischer Landtag, Drs. 19/5412 of November 14, 2018
  114. After a stormy debate: Hesse's constitutional protection law passed heise online, June 22, 2018
  115. Hessian law on public safety and order (HSOG) Last amended by Article 2 of the law of 23 August 2018 (GVBl. P. 374)
  116. Law on the protection of the constitution in the state of Brandenburg (Brandenburgisches Verfassungsschutzgesetz - BbgVerfSchG) of April 5, 1993 (GVBl.I / 93, [No. 04], p. 78)
  117. Oliver von Riegen: The Protection of the Constitution in Brandenburg: More Powers and Stricter Controls for the Secret Service Potsdam Latest News , June 14, 2019
  118. Bavarian Law for the Protection of the Constitution (BayVSG) of July 12, 2016 (GVBl. P. 145)
  119. Reform of the Bavarian Constitution Protection Act 2018 Website of the Bavarian State Commissioner for Data Protection , accessed on January 16, 2020
  120. A new departure for Europe. A new dynamic for Germany. A new cohesion for our country. Coalition agreement between CDU, CSU and SPD of March 12, 2018, p. 126, line 5922 ff.
  121. Overview of the changes to the police laws in the individual federal states Amnesty International , Society for Freedom Rights , as of June 13, 2019
  122. Police Act Baden-Württemberg: tightening only in 2020 and probably without an online search of the Stuttgarter Zeitung , December 5, 2019
  123. TKÜ according to Section 23b PolG
  124. Law on the reorganization of Bavarian police law (PAG Reorganization Act) of May 18, 2018, GVBl. P. 301
  125. Brandenburg: Landtag passes controversial police law Legal Tribune Online , March 13, 2019
  126. Ralf Michel: Video surveillance and shackles: Bremen CDU presents draft law for new Weser-Kurier police law , June 26, 2018
  127. Ankle cuffs for offenders Hamburg Senate adopts new police law Hamburger Morgenpost , July 30, 2019
  128. ^ IM-MV: Interior Minister Lorenz Caffier presents amendment to the Security and Ordinance Act MV. Caffier: The new Security and Order Act is the answer to the digital age Ministry of the Interior and Europe of the State of Mecklenburg-Western Pomerania , January 29, 2019
  129. ^ Draft of a law on public safety and order in Mecklenburg-Western Pomerania and to amend other laws in the Mecklenburg-Western Pomerania State Parliament, Drs. 7/3694 of June 5, 2019: Section 33c SOG-MV-E
  130. Expanded police competencies: Cabinet in Mecklenburg-Western Pomerania approves new security and regulatory law labournet.de , August 26, 2019
  131. Peter Mlodoch: Security in Lower Saxony: Criticism of the new Weser-Kurier Police Act , September 24, 2019
  132. Christiane Schulzki-Haddouti: Police Act NRW: Constitutional complaint against state Trojans and "Lex Hambi" heise online, October 29, 2019
  133. Stefan Holzner: Rhineland-Palatinate: Online searches and further telecommunications monitoring measures planned , news service MMR-Aktuell edition 7/2010, MMR-Aktuell 2010, 302767
  134. ^ Jan Ziekow , Alfred G. Debus, Dieter Katz, Alexander Niestedt, Axel Piesker, Corinna Sicko: Covert data collection measures in police practice. Results of the evaluation according to § 100 Police and Regulatory Authorities Act Rhineland-Palatinate Speyerer Research Reports 290, 2018
  135. TKÜ according to Section 28b SPolG
  136. SächsGVBl. 2019 No. 9 (PDF; 1.3 MB)
  137. Police in Saxony get new powers MDR , September 19, 2018
  138. General Administrative Law for the State of Schleswig-Holstein (Landesverwaltungsgesetz - LVwG -) GVOBl. 1992 243, 534
  139. Matthias Hoenig: Kiel reforms police law Die Welt , November 6, 2019