Why it matters: According to reports out of Germany, the German Federal Criminal Police Office (BKA) purchased spyware from Israel-based developer NSO. The software in question is the controversial spyware known as Pegasus. Pegasus has been used by other governments to spy on journalists and other non-criminal individuals.
German news outlet Deutsche Welle (DW) notes that the federal government held a closed-door session with the parliamentary Interior Committee of the Bundestag. In the meeting, it confirmed that the BKA bought Pegasus software from NSO Group in 2019. The agency made the purchase in “the utmost secrecy” against the advice of lawyers and privacy advocates who argued the software could do much more than German privacy laws allow.
Sources said that the version of Pegasus the BKA bought had “certain functions blocked to prevent abuse.” However, what parts of the software were specifically disabled and how is unclear.
Pegasus is capable of circumventing security protocols in both iOS and Android operating systems. Citizen Lab confirmed as late as this year that Pegasus can easily escape security measures in iOS 14. It uses various techniques to capture everything from phone calls and text messages to emails, stored media, and contact information.
Nun ist es raus: #BKA nutzt Spyware #Pegasus #NSO. Liest man meine Schriftliche Frage aus 5/19 erneut, heißt das womöglich, dass alle genannten Behörden die Spionagesoftware nutzen, obwohl diese offenkundig grundrechtswidrig ist. @zeitonline @holger_stark 1/2 pic.twitter.com/fuE0n2BXYi
— Martina Renner (@MartinaRenner) September 7, 2021
Pegasus can also enable the microphone and video functions to spy in real-time. Operators can use it to record conversations, access settings, read location data, and even circumvent the encryption on text messages.
BKA Vice President Martina Link told the German parliamentary committee that while the BKA purchased the software, it has only used it to surveil organized crime and terrorism operations. Presumably, the BKA restricted this surveillance to what is allowed by German law. However, the agency was less than transparent about its operation of the software, revealing no specifics about the data it had obtained and the methods used.
NSO claims it has only sold the spyware to government entities, but privacy advocates say that is no assurance that the software will not be abused. Indeed, DW reported last July that various news outlets had uncovered a list of more than 50,000 phone numbers of potential Pegasus targets. Among them were human rights activists, journalists, multiple heads of state, government ministers, and senior diplomats.
Members of parliament are demanding “full clarification” from the BKA about who “specifically bears responsibility for the purchase and use of the spy software,” referring to the revelation as a “nightmare for the rule of law.” Likewise, German journalists are up in arms, demanding to know if they have been spied on and if their contacts have been compromised.
“[We want to know] whether journalists were spied on without their knowledge, whether their sources are still safe,” said German Journalists’ Association Chairman Frank Überall, calling the BKA’s actions “incomprehensible.”