Why is it important: According to reports from Germany, the German Federal Criminal Police Office (BKA) purchased the spyware from the Israeli developer NSO. It’s about the controversial spyware known as Pegasus. Pegasus has been used by foreign governments to spy on journalists and other non-criminals.
The German news agency Deutsche Welle (DW) notes that the federal government has held a closed meeting with the parliamentary committee for the interior of the Bundestag. At the meeting it confirmed that BKA bought Pegasus software from NSO Group in 2019. The agency made the purchase “in the strictest confidence” against the advice of lawyers and privacy advocates, who argued that the software could do much more than German privacy laws allow.
Sources said the version of Pegasus purchased by BKA had “certain features locked to prevent abuse.” However, it is unclear which parts of the software were specifically disabled and how.
Pegasus is capable of bypassing security protocols in both iOS and Android operating systems. Citizen Lab confirmed back this year that Pegasus can easily evade security measures in iOS 14. It uses a variety of techniques to capture everything from phone calls and text messages to email, stored media and contact information.
Nun ist es raus: #BKA Nutzt Spyware #Pegasus #NSO… Liest man meine Schriftliche Frage aus 5/19 erneut, heißt das womöglich, dass all genannten Behörden die Spionagesoftware nutzen, obwohl diese offenkundig grundrechtswidrig ist.@zeitonline@holger_stark1/2 pic.twitter.com/fuE0n2BXYi
– Martina Renner (@MartinaRenner) September 7, 2021
Pegasus can also include microphone and video functions for real-time surveillance. Operators can use it to record conversations, access settings, read location data, and even bypass text message encryption.
BKA Vice President Martina Link told the German parliamentary committee that although the BKA acquired the software, it only used it to monitor organized crime and terrorist operations. Presumably, the BKA limited this surveillance to what is permitted under German law. However, the agency was less transparent about its work with the software, not disclosing any details about the data it received and the methods it used.
The NSO claims to only sell spyware to government agencies, but privacy advocates say this is not a guarantee that the software will not be abused. Indeed, DW reported last July that various news outlets disclosed list of over 50,000 phone numbers of potential Pegasus targets. Among them were human rights defenders, journalists, several heads of state, government ministers and senior diplomats.
Members of Parliament are demanding a “full clarification” from the BKA as to who is “specifically responsible for buying and using spyware,” calling the exposure a “rule of law nightmare.” Likewise, German journalists took up arms, demanding to know if they had been spied on and if their contacts had been compromised.
“[We want to know] Whether the journalists were spied on without their knowledge, whether their sources remained safe, ”said the chairman of the Association of German Journalists, Frank Uberall, calling the actions of the BKA“ incomprehensible ”.