The German police can now hack into computers and phones, without the target having to have committed a crime. Even though a Berlin court has just ruled evidence from similar hacks originating outside of Germany to be inadmissible in criminal proceedings in the country.

Today, on The Private Citizen, we are talking about the Crypto Wars again – the never ending topic. Politicians and the security apparatus never stop trying to prevent us from keeping our thoughts and conversations private.

Please Note: The podcast will be on hiatus for three weeks from 8 July. I’m planning to get back to regular Wednesday releases by 28 July.

This podcast was recorded with a live audience on my Twitch channel. Details on the time of future recordings can usually be found on my personal website. Recordings of these streams get saved to a YouTube playlist for easy watching on demand after the fact.

Update on Twitch and NetzDG

Twitch has answered my email regarding their NetzDG announcement. They referred me to the German version of this web page, which doesn’t answer a single one of the questions I’ve asked.

I’ve told them this and asked for further comment.

The New Law on the Protection of the Constitution

The German parliament has adopted the spyware law I explained in episode 70 of the show. Quoting from Matthias Monroy’s blog:

On 10 June, the Bundestag massively expanded the use of state trojan horse programmes. According to the bill, the domestic intelligence service will now also be allowed to penetrate foreign computer systems with the help of spy software. The bill „to modernise the legal basis of the Federal Police“ was also passed by the CDU/CSU and SPD against the votes of the opposition. This would have allowed the Federal Police to infiltrate computers and mobile phones, just like the Office for the Protection of the Constitution, without the persons concerned having to have committed a crime. A week ago, the upper house (Bundesrat) overturned this new law for various reasons, so the next federal government will have to deal with it again. The renewed Constitutional Protection Act, on the other hand, remains valid.

Until now, only the police authorities and the customs investigation service were allowed to use trojan horse programmes for criminal prosecution. The Code of Criminal Procedure (StPO) allows their use in § 100b as a so-called online search, the prerequisite being a prior court order. The authorities can then access the entire computer of the target person, search the file system and copy documents, photos or videos. In the case of state police forces, this intervention must be permitted in the respective state police laws. In some Länder this is already the case, others are currently renewing their police laws accordingly. The Federal Criminal Police Office (BKA) also conducts online searches; according to the BKA law, this may also be done in cases of terrorism for so-called danger prevention.

Allegedly, online searches are only actually carried out in very few cases. More common, however, is the use of so-called source telecommunication surveillance (“Quellen-TKÜ”), which is regulated in criminal law in § 100a StPO. It is only intended to monitor ongoing communication on the user’s device, i.e. to take screenshots of chat histories or to enable the interception of audio and video telephony. With the source tapping, in principle the same trojan programmes are used as are used for online searches. Therefore, the permission according to § 100a StPO is misleading, because it otherwise regulates the well-known interception of communication on the wire. The use of a state trojan, on the other hand, is a „clandestine digital burglary of an IT system“, as the Chaos Computer Club described it five years ago in a statement on the BKA law.

The Federal Supreme Court had already formulated it in exactly the same way in 2006. First, the 3rd Senate ruled that the online search of an accused person without his knowledge was considered to be covered by section 102 of the Code of Criminal Procedure. The section regulates house and flat searches. The 1st Senate subsequently overturned the assessment, since an open search is carried out in the presence of the person concerned or witnesses, but an online search is carried out without their knowledge.

This kind of makes you think it’s deeply calculating by the state to “incentivise” its citizens to put their medical data, immunity history, all their communications, location data, financial data, taxes, insurance and ID documents all on one smartphone. Which can then be hacked by the state, conveniently all in one place. Remember The Great Privacy Reset? Still think it’s a conspiracy theory?

Speaking of conspiracy theories, suddenly this “crazy theory” from some “Trump supporters” that the SARS-CoV-2 pandemic was caused by a lab accident in Wuhan that was subsequently covered up isn’t that crazy anymore. It’s on the BBC and being seriously discussed in Nature. While I did not want to speculate back then, I believe I talked about this theory as plausible more than a year ago.

Berlin Court Rules EncroChat Hack Data Inadmissible

In some good news, a local court in Berlin has forbidden police investigators from using data gleaned via the EncroChat hack in criminal proceedings. I’ve talked about the EncroChat hack in episode 32.

Messages intercepted by French police during a sophisticated hacking operation into the encrypted phone network EncroChat cannot be used in evidence, a German court has found. The Berlin Regional Court ruled that data obtained in a joint operation by the French and the Dutch to harvest millions of text messages from EncroChat users was in breach of German law.

The Berlin public prosecutor said in an announcement on Twitter that it would appeal against the decision. The prosecutor said the decision in Berlin was in contrast to all previous decisions by higher regional courts in Germany, which have accepted EncroChat evidence. If the Berlin court’s decision is upheld, the trials of hundreds of suspects in Germany accused of drug trafficking could be thrown into doubt.

The decision, on 1 July 2021, came as courts in the UK, France and the Netherlands face similar legal challenges over the admissibility of evidence from the EncroChat phone network, which UK police claim was almost entirely used by organised crime groups.

Defence lawyer Oliver Wallasch told Computer Weekly that the case was “of the upmost importance” in upholding the privacy rights of German citizens. He said the Berlin decision “shows that substantial human rights and procedural safeguards are in place, even though police and prosecution would like to focus only on getting potential criminals behind bars”.

The court released a defendant accused of 16 counts of drug trafficking after finding that the only evidence against him consisted of messages intercepted by the French police from an EncroChat encrypted phone. The court said the use of data from EncroChat users on German territory, without any concrete grounds for suspicion against the individuals affected, was in breach of German law.

Even if the interception operation was legal under French law, the use of the data in German criminal proceedings was not justified, said Regional Court judge Behrend Reinhard. “The Regional Court considers that the surveillance of 30,000 EncroChat users to be incompatible with the principle of proportionality in the strict sense. This means that the measures were unlawful,” Reinhard wrote in a 22-page judgment. The court found that the French had not provided information on how they had intercepted data from the EncroChat handsets, and that French authorities were unwilling to provide further information

Grounds for suspicion did not exist when the EIO was ordered and implemented, according to the judgment. Under EU law, member states are required to notify the German authorities before intercepting telecommunications of people on German territory. This includes providing all the necessary information, including a description of the interception operation to assess whether the interception would be authorised under German law, and whether the material can be used in legal proceedings. Judge Reinhard said: “According to the information that has become known so far, it is to be assumed that there was no such request by the French state and no review by the competent Germany authority in this case. There was no concrete suspicion that criminal offences had been carried out by the users of EncroChat phones targeted, the court found.”

Meanwhile: German police arrest hundreds in EncroChat crime crackdown

German police have arrested more than 750 people and seized a large haul of weapons and drugs after infiltrating a communications service used by criminals, authorities said on Tuesday. The Federal Criminal Office BKA said the arrests were made possible by police cracking the encryption used by the EncroChat service, which offered a secure mobile phone instant messaging service that was used by criminals.

Pointedly, this Reuters story neglects to mention the judgement in Berlin.

Producer Feedback

In response to episode 76, Seán and Síle Citizen say:

PornHub isn’t only for pornography.

For those who do not want to click on a PornHub link, the video in question is “Linux Time Saving Tip: use Bash Aliases for Commands!

Speaking of porn, producer Evgeny Kuznetsov wrote in again and says:

Re protecting children from “harmful information”, be it porn or anything else: having become a father recently, I have been giving this topic a lot of thought and came to a conclusion that it’s all a bad idea to start with.

We can’t shield a child from all the hurtful, false, and bogus information for 18 years and then suddenly expect them to be able to tell good information from bad and make their own choices when they become an adult, can we? We – and I mean parents first and foremost – have to show our children all kinds of things and teach them to make their own choices, so that they can be adults when they grow up.

If, on the other hand, we don’t want adults but instead want obedient servants that follow orders and let authorities decide everything for them, then yes, we need to be only showing children what we think is suitable for them and let the idea of “there are people that decide what’s good for me and these people are always right” sink in properly while they’re kids.

Evgeny also gives an update on the vaccine situation in Russia:

About the AstraZeneca vaccine not being recognized: I already told you how you need a QR code that links to a record of your vaccination to go to a restaurant. Of course, those records can only be of vaccination with vaccines approved for use in Russia (the 3.5 Russian vaccines we have). Pfizer is not recognized, AZ is not recognized, neither are Johnson & Johnson’s and Chinese ones. For all intents and purposes, you are either vaccinated with a Russian vaccine, or not vaccinated at all.

This has a funny consequence: There’s more and more talk among general public that the whole deal with COVID-19 and the vaccination is a hoax, because the actions of the authorities are obviously not about protecting the population with vaccinations as soon as possible, but that they likely have other motivations.

If you have any thoughts on the things discussed in this or previous episodes, please feel free to contact me. In addition to the information listed there, we also have an experimental Matrix room for feedback. Try it out if you have an account on a Matrix server. Any Matrix server will do.

Toss a Coin to Your Podcaster

I am a freelance journalist and writer, volunteering my free time because I love digging into stories and because I love podcasting. If you want to help keep The Private Citizen on the air, consider becoming one of my Patreon supporters.

You can also support the show by sending money to via PayPal, if you prefer.

This is entirely optional. This show operates under the value-for-value model, meaning I want you to give back only what you feel this show is worth to you. If that comes down to nothing, that’s OK with me. But if you help out, it’s more likely that I’ll be able to keep doing this indefinitely.

Thanks and Credits

I like to credit everyone who’s helped with any aspect of this production and thus became a part of the show. This is why I am thankful to the following people, who have supported this episode through Patreon and PayPal and thus keep this show on the air:

Georges, Steve Hoos, Butterbeans, Jonathan M. Hethey, Michael Mullan-Jensen, Dave, 1i11g, Jackie Plage, Michael Small, Vlad, Philip Klostermann, Jaroslav Lichtblau, ikn, Kai Siers, Bennett Piater, Fadi Mansour, Joe Poser, Dirk Dede, Larry Glock, David Potter, Matt Jelliman, m0dese7en, Mika, Martin, Sandman616, MrAmish, avis, Dave Umrysh, Rhodane the Insane, Rizele, drivezero, RikyM, Barry Williams, Jonathan Edwards, Captain Egghead, Cam, D, RJ Tracey, ezequiel_017, Rick Bragg, Robert Forster, Superuser and noreply.

Many thanks to my Twitch subscribers: mike_thedane, galteran, sandman616, redeemerf, flash_gordo, m0dese7en_is_unavailable, buttrbeans, indiegameiacs, acherontas_vii, baconthepork, centurioapertus and ezequiel_017.

I am also thankful to Bytemark, who are providing the hosting for this episode’s audio file.

Podcast Music

The show’s theme song is Acoustic Routes by Raúl Cabezalí. It is licensed via Jamendo Music. Other music and some sound effects are licensed via Epidemic Sound. This episode’s ending song is Long Road Truckin' by River Run Dry.