BEST OF GALA DER NEUEN LEICHTIGKEIT
copyleft 2011 by “Europa: Neue Leichtigkeit“, Lix & 28C3 (FEM)
(English translation of the original german version)
Lately the Chaos Computer Club (CCC) has recently received a newer version of the “Staatstrojaner”. The comparison with the older version, already analysed by the CCC with the actual Sniffer-code from December 2010, revealed new evidence. Despite the claims of the responsible parties, the trojan can still be captured, loaded with any code and also the allegedly “audit trail” can be manipulated. The CCC is calling for a complete waiver of Trojans in pre-trial applications.
On October 8th 2011, the CCC published the documentation and binary data regarding a german “Staatstrojaner”. [0] This was used for the officially called computer infiltrations, trivially called “source-telecommunication surveillance”. Its application in pre-trials and law enforcement meanwhile was admitted by many states.
Despite the CCC has published solid technical evidence, the authorities responsible for internal affairs, as well as the manufacturer DigiTask, denied the existence of any illegal functionalities [1],[2],[10], and pleaded that the analysed Trojan was allegedly an outdated software version.
The excuses vary from “trial” to “prototype”, DigiTask still insisted on October 11th 2011 to its governmental customers, that almost all problems are being solved in newer versions. The manufacturer DigiTask and the authorities view the functionality of code-reloading as a “natural need”, for which the implication of fundamental rights violation is relative in any way. It serves a purpose, and therefore the aim justifies the means.
Therefore, the CCC now presents a more detailed technical documentation of a newer version of the “Staatstrojaner” from the year 2010.[3] The testimony of DigiTask[11] is the basis of a detailed report that serves as a euphemistic attempt to conceal its illegal nature. At the same time, both disassembled versions of the Trojan, commented by the CCC, were made publicly available in order to ensure the traceability of the findings and to facilitate further research by interested parties. [4]
„Even during the last three years, the authorities and their providers were clearly not capable of developing a “Staatstrojaner” ehich would meet the minimum of requirements for juridical evidence, basic law compliance and security against manipulation”, a CCC spokesman summed up about the new findings. “By these concrete and principal reasons, it is logical not to expected that this would succeed in the future.”
The diagnosis of the new CCC report presents a strong contrast to the claims by the Interior Secretary Ole Schröder, who was the one who apparently had drawn the short straw and be the one to justify and answer questions of the parliament. There, he claimed: “The software is designed for each individual case and previously checked, so that it can’t do more than it is allowed to.” [8] Under the previously mentioned conditions, it is evident that the test wasn’t very intense – how could it, without available source code.
[0] The first press release regarding the “Staatstrojaner”
[1] http://netzpolitik.org/wp-upload/174366-Bericht-BKA-Prasident-Ziercke_TOP-24a-24c_53.-InnenA-Sitzug.pdf
[2] http://www.bundestag.de/dokumente/protokolle/plenarprotokolle/17132.pdf
[3] Technical report
[4] commented disassemblance of both versions of the trojan and here both binaries
[5] Videos: http://haha.kaputte.li/0zapftis-2_lowres-final.mov
http://haha.kaputte.li/0zapftis-2_922x578-final.mov (medium resolution)
http://haha.kaputte.li/0zapftis-2_1230x770-final.mov (high resolution)
[6] Frank Braun: „0zapftis – (Un)Zulässigkeit von ,Staatstrojanern‘“. In: Kommunikation & Recht 11/2011, S. 681-686
[7] FAQ zum Staatstrojaner
[8] Plenarprotokoll 17/132 des Deutschen Bundestages, 19. Oktober 2011, S. 15604,
[9] Ulf Buermeyer, Matthias Bäcker: Zur Rechtswidrigkeit der Quellen-Telekommunikationsüberwachung auf Grundlage des § 100a StPO, HRRS
[10] Dem CCC zugespielte Stellungnahme der Firma DigiTask an ihre Behördenkunden
Call for Participation for 28th Chaos Communication Congress
27|28|29|30 December 2011, bcc, Berlin, GermanyThe Event
The Chaos Communication Congress the annual four-day conference organized by the Chaos Computer Club (CCC) in Berlin, Germany. First held in 1984, it has since established itself as “The European Hacker Conference” attracting a diverse audience of thousands of hackers, scientists, artists, and utopists from all around the world.
Lectures
In general, lectures, workshops, and projects dealing with technology, ethics, science, security, art, philosophy, politics, and culture are welcome. However, it is not mandatory for your talk to exactly match the given topics. Anything that is interesting and/or funny will be taken into consideration. We use hacking in a very broad sense of the word, but we won’t say no to excellent submissions on computer security research.
Source: CCC Event Blog
Submissions: Pentabarf
Official 28C3 Website
This week Cory Doctorow gave a great talk about this (*sigh*) boring old issue of Freedom and Human Rights in the age of the knowledge society at the ACM Siggraph Conference in Vancouver.
For further reading:
EFF
Cory’s Blog
Los dos músicos junto a Lix han creado para el 27C3 un espectáculo reinvindicativo alrededor del copyright, los creative commons y la cultura libre, interpretando piezas de música clásica bien conocidas (composiciones de Debussy y Beethoven) combinandas con proyecciones llenas de humor e ironía y trozos de vídeo o música de artistas conocidos. Después de recibir tremendos aplausos, a la pregunta de que tipo de “hardware” han utilizado, responden con gracia que un Steinway y un Stradivarius.
Patricia Sevilla Ciordia (para leer más, clica aqui)
Tomorrow the 27C3 hacker congress is starting at the bcc in Berlin.
Watch out for “The Concert”, which is taking place at 18:30h on the second congress day (28th of december 2010).
27C3 Chaos Communication Congress event 4201
Corey Cerovsek, known worldwide for their classical recital performances and Lix, accomplished artist present something that’s not quite an ordinary concert, to draw attention to the importance of the public domain in centuries of classical music tradition. It’s both more — and less — than what you might expect to see and hear at a classical concert.
To schedule an interview appointment, get in contact with the Impresario.
More info, see 27C3 Fahrplan.
We come in peace
We come in peace, said the conquerers of the New World.
We come in peace, says the government, when it comes to colonise, regulate, and militarise the new digital world.
We come in peace, say the nation-state sized companies that have set out to monetise the net and chain the users to their shiny new devices.
We come in peace, we say as hackers, geeks and nerds, when we set out towards the real world and try to change it, because it has intruded into our natural habitat, the cyberspace. Let us explore each other’s truly peaceful intentions at this year’s Chaos Communication Congress 27C3 to be held from Monday December 27 to Thursday December 30, 2010 in Berlin, Germany.
Soon on events.ccc.de/congress/2010
Today the 24rd Chaos Communication Congress opened it’s doors. You can watch the talks on the following Streams. The recordings will be published after the congress and mirrored on my mirror.
