WhatsApp can only be intercepted via the source TKÜ
Photo: Nick Ansell / dpa
In the course of criminal investigations, slightly fewer telephone and internet connections were monitored in Germany in 2020 than in the previous year.
The Federal Office of Justice announced on Monday in Bonn that the number of monitored connections fell by 2.7 percent to 17,731.
The number of investigations in which courts ordered such monitoring remained almost the same at 5,222.
Most of the procedures were therefore in Bavaria (1278), followed by Hesse (798) and Baden-Württemberg (579).
Few ran in Brandenburg (90), in Saarland (47) and in Bremen (35).
Focus on drug trafficking
There are significantly more monitored connections than processes, as it is often possible to monitor several connections in a running process.
By far the most common cases involved violations of the Narcotics Act.
8117 connections were tapped in this category.
To investigate fraud and computer fraud, 2,960 connections were monitored, in connection with gang theft 1,746 and in connection with murder and manslaughter 1,681 connections.
The authority also presented figures on source telecommunications surveillance (source TKÜ) and on online searches.
The source TKÜ is used to monitor ongoing communication, for example via encrypted messengers such as WhatsApp or Signal.
An online search, on the other hand, allows all communication content stored on a device to be read out.
Both methods, colloquially referred to as "state trojans," require investigators to hack the target device and install surveillance software.
They are therefore linked to comparatively high legal hurdles.
What are state trojans?
Expand areaGovernment Spy Software
Surveillance programs that prosecutors secretly install on suspects' devices are colloquially called state Trojans.
A distinction is made between the goal of only monitoring ongoing communication and that of searching the entire target device.
Expand the Source TK section
According to Section 100a of the Code of Criminal Procedure, German prosecutors are allowed to monitor the ongoing communication of suspects directly at the source (source telecommunications surveillance, in short: source TKÜ) - i.e. on their computer or smartphone, using secretly smuggled software.
This can be necessary if the communication is encrypted, for example via WhatsApp.
Without access to the device of the sender or recipient, it could not be monitored, unlike with classic SMS.
Expand theOnline Search area
Section 100b of the Code of Criminal Procedure regulates online searches.
Here the police can secretly and remotely view all files, programs and messages on a device using special surveillance software.
The intervention is therefore more serious than a source TKÜ.
Expand the area Equipment of the Federal Criminal Police Office (BKA).
The BKA has developed appropriate software for the source TKÜ.
It's called Remote Communication Interception Software (RCIS).
The development cost almost six million euros.
However, the first version could only record Skype calls and only worked on Windows computers.
The second version can do more.
In addition, the agency bought a license for the FinFisher/FinSpy software from the German-British company Elaman/Gamma back in 2013.
According to »Welt«, it has only been allowed to be used since the beginning of the year.
The BKA is still working on an in-house development for the online search.
Open areaEquipment of the State Criminal Police Offices
The State Criminal Police Offices do not have their own Trojans (as of January 2018).
The BKA may provide official assistance.
But at least until May 2018, according to the federal government, this did not happen, at least not in completed proceedings.
Expand areaOffensive capabilities and the question of IT security
In order for the surveillance software to land on the target device and work there unnoticed, it has to exploit security gaps in the hardware, the operating system or individual application programs.
The developers therefore aggressively exploit known but unfixed or newly discovered vulnerabilities instead of reporting them to the manufacturers and thus strengthening the IT security of all users.
But even if judges order such a measure, the police cannot always successfully access the devices.
According to the figures that have now been published, the source TKÜ was ordered 98 times in 2020, but it was actually carried out only 15 times.
What is striking about the figures is that the authorities in Brandenburg reported 73 judicial orders, and thus around three quarters of all orders for the entire year.
However, they were only implemented four times.
When asked by SPIEGEL, the Federal Office could not say whether this was possibly a false statement, which is now being checked.
In the previous year, the published figures had to be corrected downwards.
According to the information, there were only eight online searches in 2020, out of a total of 23 orders.
There are several constitutional complaints against the state Trojans and the law that allows their use.