I guess that's a justified case for Schadenfreude ...
But on a more serious note, the battle for transparency and accountability (and ultimately democratic resilience) relies a lot on the hard work by many, many NGOs (many of those listed towards the end of the article, such as the wonderful Citizen Lab from U of Toronto).
I find it scary that such important monitorial tasks are left to underfunded volunteers which may go away at any second. Well, the same applies to journalists to a certain degree ... In both cases, we need to care more about sustainable funding of these institutions.
> the public prosecutor's office wanted to secure the assets potentially obtained from an unlawful act by means of an asset freeze in order to be able to confiscate them if necessary. The group of companies escaped seizure through insolvency
This is a strange arrangement that I guess most countries follow. Companies are legal entities, that can be sued and so on. But a company cannot go to jail (board members or stock owners don't typically go to jail either). These legal entities can also seize to exist (like in this example), and then there is nobody left to be held accountable... It seems like most countries treat companies better than humans.
But ceasing to exist and dying are similar yet also different concepts.
A company can cease to exist on a whim, yet be reborn the next minute under a different name, with the same "genes", the same "information", because the actual living, breathing people behind it, just move on.
Big difference between board members and stockholders. Board members are liable to some extent stockholders almost never are, unless the business was specifically founded to facilitate crime. That's where the term Ultimate Beneficiary comes into play.
> Big difference between board members and stockholders.
Completely agree, but in small/medium size companies (no public stock etc), these are often the same people. In many cases it's completely obvious who (which humans) that have done something wrong, but since we still accept that the legal entity under which they operated no longer exists; you're stuck.
A problem where I live (Norway) has been that people register companies to build apartment buildings, then immediately dissolve the company once the apartments are sold. The people who buy those flats better pray that there is nothing wrong with them, as there is basically nowhere to turn if there is.
In such cases, where it is totally clear that the people in charge of that business acted in bad faith I'm all for going after them in person. A good building company either insures against such risks or they create a warranty fund. An even worse example would be a builder going bankrupt during the building. This is one of the reasons I've never bought a new house, it either exists and you can sell it to me or you can try to sell it to someone else first but I'm not going to assume that kind of risk.
> acted in bad faith I'm all for going after them in person
I agree, but this should be standard procedure. Hiding behind these peculiar "legal entities" that cannot possibly be held accountable anyway, makes no sense.
> This is one of the reasons I've never bought a new house
Same here, although the house I did buy was 160 years old; which also comes with its own set of problems :-)
> although the house I did buy was 160 years old; which also comes with its own set of problems
Hehe, been there done that. In fact, doing that, right now I'm fixing a window frame that had 'a small spot of rot', by the time it was done half the frame had been removed, incredible how bad wood can be under nicely looking paint. Insect paradise underneath there.
is similar to "a small spot of rust" I guess, there is no such thing :-)
Fascinating to see how these old tree constructions are made. I still find it hard to comprehend that a few bricks and some timber logs are all that separates me from living directly on the dirt like a cave man..
That's one of my dreams still, to build a post-and-beam house from scratch. But I'm getting older and it may well be that such ambitious projects are now out of reach for me.
Sound like fun, and you shouldn't let age stop you from doing that. Instead you should adjust your dream to building a smaller post-and-beam house. It's not back breaking work if it's a small house; our inner cave men wants to work with timber for some reason.
That's not strictly speaking true. If the human was aware of what was wrong with it prior to the sale and did not inform you then you can typically file a claim against them in court ('hidden defect'). You still have to prove that you did what a normal buyer would do in terms of research but malice on the part of the seller is something that is actionable.
Here in the UK, most new builds come with 10 years of buildings insurance. That's good, because I've heard horror stories about the quality of new builds.
I imagine the insurance premiums are quite high, to guard against such 'fly by night' operations.
>It appears like they're just going through a "rebranding"
IIRC the new company name, Vilic(i)us, describes the position of a "slave overseer" of Roman times. Unfortunately, I cannot find the wikipedia entry for it anymore (possible clean-up job of the new company?).
Because this company was the developer of the "Staatstrojaner" malware government agencies used to hack into computer systems to investigate crimes. I think the original use case was just terrorism but I'm pretty sure it's been used against other crimes as well.
As to why the German public tolerate it: because there wasn't sufficient pushback and the government doesn't care about a few protests as most people will eventually forget about it and move on.
Seems to me like the government should internally own their malware rather than tolerate a company that presumably sells to other governments or private entities. Mine was a rhetorical question of course.
You mean like a state owned enterprise? That would go against decades of free market ideology. Even if we had somehow ended up with a state owned malware development organization it would probably have been privatized by now.
Are you joking? Many states do this. E.g. in the UK they had a massive hiring binge for cyber a few years ago. They will also buy from third parties. That's not ideology (the free market can't really be deemed an ideology), that's just not succumbing to an (actual) ideology that says the state must own everything.
> the free market can't really be deemed an ideology
The free market isn't an ideology much like money isn't an ideology. Putting the free market in charge of certain aspects of society however is very much an ideological decision, though. Ideology doesn't stop being ideology just because you agree with it (although there are certainly plenty of political candidates throughout history who claim to not adhere to any ideologies). For example anarchists are somewhat open to market economies while state communists usually advocate for central planning and libertarians are strongly in favor of free market maximalism, believing that for a free market to work at its best it needs to be free of all regulations (tho usually still maintaing some rule of law to prevent a real world equivalent of EVE Online's corporate warfare).
I'm not saying privatization is good or bad, I'm just saying that the underlying ideology of the past decades in Germany has been that we should privatize as much as possible and where privatization is not possible we should at least reproduce a free market system as closely as possible (e.g. we have multiple competing public healthcare providers despite having strict regulations that mean they all provide very similar levels of care).
> Many states do this.
We do have people in government agencies "doing cyber". We just don't have a government owned software development department developing malware for government agencies to use, just like we don't have a government owned weapons manufacturing department developing weapons for the police and military.
We do have the government owning shares (even majority shares) in private (or rather publicly traded) companies though. But often these are in privatized branches of the government (e.g. Deutsche Bahn) or companies that are naturally monopolistic. Buying out a private software development company would go against the spirit of the free market as it would eliminate competition.
We have private companies designing and building weapons. There are laws regarding who it can be sold to or where it can be exported.
I believe malware is in the same category.
At least in the US, there are caps on how much you can pay an internal employee that generally do not pay for a top-tier researcher who’d develop malware like this. Instead you would pay some contractor a much higher rate that they could pass some portion of to their own researchers.
Sometimes (frequently) you want an arms-length/plausibly-deniable relationship so that government can do edgy/illegal stuff but duck the blowback if it all goes pear-shaped or gets exposed to the sanitising light of day. See also extraordinary rendition.
This is somehow such a difficult thing for people to grasp. "Yes the government gained the power to reach into our bank accounts, but it was for a good reason. I'm sure neither this nor any future government will ever abuse that power or mislay information they now have access to."
> I think the original use case was just terrorism but I'm pretty sure it's been used against other crimes as well.
This kind of stuff is always justified with "terrorism, pedophilia and organized crime", but once its in place it's usually overwhelmingly applied to much pettier crimes.
It's usually CSAM or child sexual abuse in general, not pedophilia, but yes.
For example Internet censorship (I believe in the form of IP bans but I'm not sure how they're meant to be implemented exactly) was originally justified with the necessity of blocking CSAM in jurisdictions that are out of reach of Germany and the EU but recently there were moves to ban the pornsite XHamster because it provided an insufficient age check to visitors (although with similar sites it's usually nothing more than a popup to the effect of "Are you old enough to view porn? Y/N"), which while still boiling down to "think of the children" isn't exactly the kind of thing von der Leyen originally described when shooting down criticism of the proposed law.
Instead of writing a malware exploiting a bug to simulate an attack to defend against the exploit, you could have just fixed the damn thing in the first place.
Do we actually have any cases of governments using malware for good?
Guns aren't a great comparison because the use can (and usually is) wholly defensive or acts as a deterrent -- i.e if you are known to be armed then you'd be left alone.
Malware on the other hand is almost exclusively offensive and governments around the world almost exclusively use it for nefarious reasons (i.e NSO Group's clientele and published usages).
Ukraine hasn't acquired NSO Group's software (based on your article) and ultimately it's a seriously corrupt country -- the most corrupt in Europe -- and globally ranks below El Salvador, Brazil, Turkey and even Cuba. Just because it's currently facing an invasion doesn't mean the malware won't be used for nefarious purposes: i.e Ukrainian elites targeting other Ukrainians or the sitting Ukrainian government targeting opposition political parties. During conflicts we often see governments and elites from those countries trying to siphon as much as they can.
Just to drive the point: at the same time that they first requested the software (2014) the country was the biggest arms dealer for the Syrian civil war[0]. A large part of the arms they received after what happened in Crimea ended up making its way to countries like Syria[1] and it's likely a driving reason behind why the country was so ill-equipped with the current conflict. There is little doubt that the physical arms will eventually be sold off after this conflict is over, and with malware that can be copied quite easily it's likely it will be sold the moment it's acquired to any bidder that puts their hand up.
Ukraines military has changed drastically since the war that started in 2014. They have made many changes, moving away from the old Soviet style system and to a more western system for the military along with upping military pay and training. I also don't think that Ukraines military is overly 'ill-equipped' but its more that its fighting an army much bigger then itself, and one so incompetent that its going through ATGM's and MANPAD's so fast that its literally impossible to keep up.
The thing is that "terror" is an extremely vaguely defined concept, in the US there are at least 8 different, and recognized, definitions for it [0]
Nor are there usually any efficient checks&balances in place to make sure these tools are actually only used for their originally declared purpose.
That's why the mass-surveillance creep, since the Patriot Act, has been very real and for the most part completely unchecked, FISA court just rubber-stamping anything that comes their way.
In that context I'd rather see resources put towards fixing vulnerabilities, instead of leaving them open so they can be exploited by intelligence and police agencies. This approach would also prevent much more "evil" than hoping how the "good Big Brother" will not abuse his power and instead solely use the same vulnerabilities to stop the "evil" guys.
Also, when you use a gun against someone, be it to threat or injure, you can’t do it without making the person aware that you used this weapon against them.
I think nukes are a better analogy than guns. There's legitimate reasons why you might want your government to develop and own them, but there's no good reason that it should be legal for private companies or individuals to sell or buy them.
Sure, but not necessarily the same states (I honestly don't care if Bhutan gets access to my emails - I have no beef with them, and I am unlikely to ever be in their sphere of influence), and not necessarily with no real oversight that something like Finfisher brings.
>On a related note: I trust Google with my data more happily than I trust the German state, for only one of those two has a history of building concentration camps.
Do you also own stuff made in China? Like the device you posted this comment from? Because that government is actively running concentration camps right now. Where's the uproar against that? Germany has paid several times of for their mistakes.
That's not true. That is, you know that Google is using your data themselves for psychological exploitation in marketing, and also passing it on / making it accessible to US intelligence agencies. So, what you're actually saying is that you don't care about the misuse of your data.
> On a related note: I trust Google with my data more happily than I trust the German state, for only one of those two has a history of building concentration camps.
To be fair, the German state has existed quite a lot longer than Google, so they've also had more time to build them - I think it's too early to rule out Google in that race.
I'm astonished that there are so many people here that are willing to defend government use of malware.
Malware is software deliberately designed to cause devices to malfunction. Since when is it legitimate for any government to deliberately break the property of a private citizen who hasn't been convicted of any offence, without at least a court order?
? Allied states have provided intelligence support and tools to each other for centuries without needing companies to do that for them. The internet didn't change that, greed and regulatory capture did.
1) Because most people are blissfully unaware of these companies
2) Because a large portion of people who are not in 1) support it, because they believe it is used to spy on the bad guys™ and never consider that these tools have already been abused in the past and will be abused in the future.
They will continue under a new name and description.
The success to this day is not remarkable.
That software has not stopped criminals like Olaf Scholz and his buddies, nor has it protect a mayor of a city that was killed in his own house.
So, its useless and unethical to think to automate prosecution.
Too many false-positives and a bad success rate is not and can not be the goal to break basic rights.
The real criminals are not the weed dealers next door and not the dumb neo-fascists, they gather everyday in the parlaments with their shady double income, their wrongdoings and promises broken every day.
For what that software has brough revenue, the victims of the flood this summer, would enjoy golden handrails and faucets in their newly built homes.
Anyone remember when democracy actually meant that the representatives of the people were chosen among the ordinary people themselves? While now we elect members of the elite to act as our representatives and we're shocked when we find out they actually represent the elite, instead of us, and are entangled in very complex and shady forms of corruption, bribery, tax evasion, insider trading and cronyism?
Who could have expected that? /s It's like sheep electing flock leaders among a pack of wolves. When will we stop doing that?
> … advocated the initiation of a mandatory blockage of child pornography on the Internet through service providers via a block list maintained by the Federal Criminal Police Office of Germany (BKA), thus creating the necessary infrastructure for extensive censorship of websites deemed illegal by the BKA.
Oh look, $method didn't stop $crimes where it is not relevant. Not surprising.
> The real criminals are not the weed dealers next door and not the dumb neo-fascists, they gather everyday in the parlaments with their shady double income, their wrongdoings and promises broken every day.
Weed dealers given the current legislation are commiting a crime. One of the biggest gifts to the lack of prosecution of higher politicians are the infighting between smaller "liberal" parties. And their general naivity
Are the people that are opposed to this happy when adversaries have hacked Germany?
You're free to protest at the nearest Extinction Even protest and pretend the "green's" anti-nuclear push has nothing to do with the latest events
btw "criminals like him (O.S.)"? sounds like either an AfD apologist or Linke supporter.
> You might read, that I am cynical regarding politics in my country
Anyone who trades with slavers lost his credibility. Everyone trading with warlords as well.
Either the Greens are a party of values (I don't have to share those) or they are a party of opportunists.
There are shades of grey. I attest to that. But being a pacifist and a humanist I can't accept dealing with either one (Putin as a war mongering statesman or the Qatar government embracing slavery as a Form of doing business).
When the Greens agreed for Germany to take part in an unconstitutional war in former Yugoslavia I was aghast. Nowadays I see it more differentiated. There was no way to ensure an UN peace mission. And we could either stand by an watch genocide or act.
There are other options now than to throw money at slavers imho. That's why I am being cynical.
> To my knowledge dealing with drugs is still illegal in Germany. So I hope the police would do something against weed dealers and consumers.
That does not follow - there are many things that are illegal put are not expected to be proactively investigated or stopped by the police except when carrying out a court order.
It is suspected that he is involved with the Cum-Ex scandal, but to what extent remains unknown.
He made very questionable (non-)statements in that regard though.
I didn't know about this company before, but a cursory search suggests they were only based in Germany, not used by the German government. Title is misleading, especially as it is not the original title of the article, and Germany has in fact prosecuted them.
That said, good riddance. We desperately need accountability for malware coming from state actors.
You are right about this claim, but the only thing I could find to substantiate it is a 2013 article in which leaked documents suggests German federal police wanted to use it [1]. It is still incorrect to suggest this is a German state spyware, although of course you are right about the ambiguity here.
I will be interested to see how this interacts with the Ampel Koalition's desire to add more restrictions on state-sponsored hacking (search term, "Staatstrojaner" [1]). The current government coalition contract includes "increasing controls" and "higher thresholds" for their use (my translation), which would signal a shift in German federal policy _at least slightly_ away from state-sponsored hacking, which was very favored by the previous government.
It's probably also worth mentioning that these Staatstrojaner haven't really demonstrated effectiveness. It's an extremely common refrain on the Netzpolitik scene here that we would all be much, much better served if the government were compelled to responsibly disclose the bugs used in these tools to the companies producing the software, instead of trying to keep them quiet in order to weaponize them. But I suspect this argument is basically preaching to the choir at HN. For German speakers, I would highly recommend following both Netzpolitik and Lage der Nation; the former is self-explanatory but the latter also frequently talks about digital policy in Germany.
Edit: a clarifying point here, as far as I understand, FinFisher is *not* a state-owned company (that would be big news!), but rather a normal GmbH (like an LLC) that develops and sells Staatstrojaner. As such I think the line in the title ("German State Malware Company") strikes me as inaccurate in both English and a hypothetical German->English translation.
Side note, I know metacommentary isn't typically considered entirely kosher on HN, but some threads I'm seeing pretty high up in the discussion here are really not meeting the quality standards I would expect from HN. Calling the current German chancellor Scholz a "criminal" with "buddies", and a follow-up thread that can be summed up as "I think the EU is so corrupt that it only looks after its own politicians" -- all of this with absolutely no evidence -- is so frustratingly hyperbolic and reductionist that it has me (in all seriousness) wondering what level of exposure HN has to state-level disinformation actors.
Probably a simple "flip". Companies in Germany do that often when they want to move overseas. The reason is that the Finanzamt (IRS) will tax any assets you move abroad. That can be a large problem for companies that e.g. get US funding. I know of a case where a financially successful German startup got funded by YC and needed to reincorporate in the US. If they had done it via the official route the Finanzamt would have used the YC valuation as a basis for calculating the taxes and the company would've needed to pay a seven-figure amount. They circumvented this by bankrupting the company and buying out the assets instead, which was then tax-free. I strongly suspect this is a similar move by FinFisher.
Exactly. People assume bankruptcy of a company is like a human dying but it’s not at all - the exact company and people involved can continue to exist through a bankruptcy just with new owners.
105 comments
[ 0.18 ms ] story [ 182 ms ] threadBut on a more serious note, the battle for transparency and accountability (and ultimately democratic resilience) relies a lot on the hard work by many, many NGOs (many of those listed towards the end of the article, such as the wonderful Citizen Lab from U of Toronto).
I find it scary that such important monitorial tasks are left to underfunded volunteers which may go away at any second. Well, the same applies to journalists to a certain degree ... In both cases, we need to care more about sustainable funding of these institutions.
https://mobile.twitter.com/Pingu/status/1469314222349852675
Quote from the OP article:
> the public prosecutor's office wanted to secure the assets potentially obtained from an unlawful act by means of an asset freeze in order to be able to confiscate them if necessary. The group of companies escaped seizure through insolvency
So you know what's going on.
Again, all of this came to light because of the hard and persistent work of a whole bunch of NGOs (GFF, netzpolitik, CCC and so on).
[1] https://netzpolitik.org/2022/nach-pfaendung-staatstrojaner-h...
This is a strange arrangement that I guess most countries follow. Companies are legal entities, that can be sued and so on. But a company cannot go to jail (board members or stock owners don't typically go to jail either). These legal entities can also seize to exist (like in this example), and then there is nobody left to be held accountable... It seems like most countries treat companies better than humans.
A company can cease to exist on a whim, yet be reborn the next minute under a different name, with the same "genes", the same "information", because the actual living, breathing people behind it, just move on.
With companies it just ends there and then
Exactly, you cannot just change name and buy a mustache like these companies basically can.
Completely agree, but in small/medium size companies (no public stock etc), these are often the same people. In many cases it's completely obvious who (which humans) that have done something wrong, but since we still accept that the legal entity under which they operated no longer exists; you're stuck.
A problem where I live (Norway) has been that people register companies to build apartment buildings, then immediately dissolve the company once the apartments are sold. The people who buy those flats better pray that there is nothing wrong with them, as there is basically nowhere to turn if there is.
I agree, but this should be standard procedure. Hiding behind these peculiar "legal entities" that cannot possibly be held accountable anyway, makes no sense.
> This is one of the reasons I've never bought a new house
Same here, although the house I did buy was 160 years old; which also comes with its own set of problems :-)
Hehe, been there done that. In fact, doing that, right now I'm fixing a window frame that had 'a small spot of rot', by the time it was done half the frame had been removed, incredible how bad wood can be under nicely looking paint. Insect paradise underneath there.
is similar to "a small spot of rust" I guess, there is no such thing :-)
Fascinating to see how these old tree constructions are made. I still find it hard to comprehend that a few bricks and some timber logs are all that separates me from living directly on the dirt like a cave man..
Sound like fun, and you shouldn't let age stop you from doing that. Instead you should adjust your dream to building a smaller post-and-beam house. It's not back breaking work if it's a small house; our inner cave men wants to work with timber for some reason.
This is also the case if you buy from a human.
This used to be the case here in Norway until 2021 as well, but now it's illegal to slap the old "sold-as-it-is" clause at the end of the contract.
You can still sell horrible stuff of course, but you have to say that it's horrible, in the listing :-)
I imagine the insurance premiums are quite high, to guard against such 'fly by night' operations.
IIRC the new company name, Vilic(i)us, describes the position of a "slave overseer" of Roman times. Unfortunately, I cannot find the wikipedia entry for it anymore (possible clean-up job of the new company?).
Edit:
Found it... https://en.wikipedia.org/wiki/Vilicus
As to why the German public tolerate it: because there wasn't sufficient pushback and the government doesn't care about a few protests as most people will eventually forget about it and move on.
The free market isn't an ideology much like money isn't an ideology. Putting the free market in charge of certain aspects of society however is very much an ideological decision, though. Ideology doesn't stop being ideology just because you agree with it (although there are certainly plenty of political candidates throughout history who claim to not adhere to any ideologies). For example anarchists are somewhat open to market economies while state communists usually advocate for central planning and libertarians are strongly in favor of free market maximalism, believing that for a free market to work at its best it needs to be free of all regulations (tho usually still maintaing some rule of law to prevent a real world equivalent of EVE Online's corporate warfare).
I'm not saying privatization is good or bad, I'm just saying that the underlying ideology of the past decades in Germany has been that we should privatize as much as possible and where privatization is not possible we should at least reproduce a free market system as closely as possible (e.g. we have multiple competing public healthcare providers despite having strict regulations that mean they all provide very similar levels of care).
> Many states do this.
We do have people in government agencies "doing cyber". We just don't have a government owned software development department developing malware for government agencies to use, just like we don't have a government owned weapons manufacturing department developing weapons for the police and military.
We do have the government owning shares (even majority shares) in private (or rather publicly traded) companies though. But often these are in privatized branches of the government (e.g. Deutsche Bahn) or companies that are naturally monopolistic. Buying out a private software development company would go against the spirit of the free market as it would eliminate competition.
As with every dystopic "anti-terror" measurement, this is correct.
This kind of stuff is always justified with "terrorism, pedophilia and organized crime", but once its in place it's usually overwhelmingly applied to much pettier crimes.
For example Internet censorship (I believe in the form of IP bans but I'm not sure how they're meant to be implemented exactly) was originally justified with the necessity of blocking CSAM in jurisdictions that are out of reach of Germany and the EU but recently there were moves to ban the pornsite XHamster because it provided an insufficient age check to visitors (although with similar sites it's usually nothing more than a popup to the effect of "Are you old enough to view porn? Y/N"), which while still boiling down to "think of the children" isn't exactly the kind of thing von der Leyen originally described when shooting down criticism of the proposed law.
Guns aren't a great comparison because the use can (and usually is) wholly defensive or acts as a deterrent -- i.e if you are known to be armed then you'd be left alone.
Malware on the other hand is almost exclusively offensive and governments around the world almost exclusively use it for nefarious reasons (i.e NSO Group's clientele and published usages).
So maybe until now we didn't see a country with cyber in their strategy being invaded by another?
Just to drive the point: at the same time that they first requested the software (2014) the country was the biggest arms dealer for the Syrian civil war[0]. A large part of the arms they received after what happened in Crimea ended up making its way to countries like Syria[1] and it's likely a driving reason behind why the country was so ill-equipped with the current conflict. There is little doubt that the physical arms will eventually be sold off after this conflict is over, and with malware that can be copied quite easily it's likely it will be sold the moment it's acquired to any bidder that puts their hand up.
[0] https://qz.com/211603/how-ukrainian-arms-dealing-connects-to...
[1] https://www.reuters.com/article/us-ukraine-crisis-arms-insig...
As ranked by countries and institutions in countries that rank themselves lower no doubt.
Oh sure, I agree. But that's bad governments not bad lines of code.
Look I see that there is more evil than good done with this stuff, but it's not the stuffs fault.
Nor are there usually any efficient checks&balances in place to make sure these tools are actually only used for their originally declared purpose.
That's why the mass-surveillance creep, since the Patriot Act, has been very real and for the most part completely unchecked, FISA court just rubber-stamping anything that comes their way.
In that context I'd rather see resources put towards fixing vulnerabilities, instead of leaving them open so they can be exploited by intelligence and police agencies. This approach would also prevent much more "evil" than hoping how the "good Big Brother" will not abuse his power and instead solely use the same vulnerabilities to stop the "evil" guys.
[0] https://en.wikipedia.org/wiki/Definition_of_terrorism#United...
Do you also own stuff made in China? Like the device you posted this comment from? Because that government is actively running concentration camps right now. Where's the uproar against that? Germany has paid several times of for their mistakes.
2. I am unlikely to ever get into a situation in which the Chinese state has jurisdiction over me.
That's not true. That is, you know that Google is using your data themselves for psychological exploitation in marketing, and also passing it on / making it accessible to US intelligence agencies. So, what you're actually saying is that you don't care about the misuse of your data.
To be fair, the German state has existed quite a lot longer than Google, so they've also had more time to build them - I think it's too early to rule out Google in that race.
I'm astonished that there are so many people here that are willing to defend government use of malware.
Malware is software deliberately designed to cause devices to malfunction. Since when is it legitimate for any government to deliberately break the property of a private citizen who hasn't been convicted of any offence, without at least a court order?
2) Because a large portion of people who are not in 1) support it, because they believe it is used to spy on the bad guys™ and never consider that these tools have already been abused in the past and will be abused in the future.
You can add Ursula v.d.L. to that list.
I lost faith in all EU governments to do anything for the people.
okay, there are always exceptions to that rule, like e.g. Emperor Marcus Aurelius
Who could have expected that? /s It's like sheep electing flock leaders among a pack of wolves. When will we stop doing that?
Just the tip of the iceberg
And what made her unpopular initially: https://en.wikipedia.org/wiki/Ursula_von_der_Leyen#Blocking_...
> [...] creating the necessary infrastructure for extensive censorship of websites deemed illegal by the BKA.
For full context.
Oh look, $method didn't stop $crimes where it is not relevant. Not surprising.
> The real criminals are not the weed dealers next door and not the dumb neo-fascists, they gather everyday in the parlaments with their shady double income, their wrongdoings and promises broken every day.
Weed dealers given the current legislation are commiting a crime. One of the biggest gifts to the lack of prosecution of higher politicians are the infighting between smaller "liberal" parties. And their general naivity
Are the people that are opposed to this happy when adversaries have hacked Germany?
You're free to protest at the nearest Extinction Even protest and pretend the "green's" anti-nuclear push has nothing to do with the latest events
btw "criminals like him (O.S.)"? sounds like either an AfD apologist or Linke supporter.
(...)
> the Greens (who are happily trading with Qatar instead of Russia because Qatar is such a great place for human rights).
Very OT, but this is naive rambling, too. They are not "happily" trading with Qatar and even stated that this is the lesser evil right now.
That's why I prefaced with:
> You might read, that I am cynical regarding politics in my country
Anyone who trades with slavers lost his credibility. Everyone trading with warlords as well.
Either the Greens are a party of values (I don't have to share those) or they are a party of opportunists.
There are shades of grey. I attest to that. But being a pacifist and a humanist I can't accept dealing with either one (Putin as a war mongering statesman or the Qatar government embracing slavery as a Form of doing business).
When the Greens agreed for Germany to take part in an unconstitutional war in former Yugoslavia I was aghast. Nowadays I see it more differentiated. There was no way to ensure an UN peace mission. And we could either stand by an watch genocide or act.
There are other options now than to throw money at slavers imho. That's why I am being cynical.
That does not follow - there are many things that are illegal put are not expected to be proactively investigated or stopped by the police except when carrying out a court order.
Seriously?
That said, good riddance. We desperately need accountability for malware coming from state actors.
> German authorities were of course also customers of the company
Though I don't think that's what the title was implying, I think it means German "nationality" rather than German "state-owned".
[1] https://netzpolitik.org/2013/secret-government-document-reve...
It's probably also worth mentioning that these Staatstrojaner haven't really demonstrated effectiveness. It's an extremely common refrain on the Netzpolitik scene here that we would all be much, much better served if the government were compelled to responsibly disclose the bugs used in these tools to the companies producing the software, instead of trying to keep them quiet in order to weaponize them. But I suspect this argument is basically preaching to the choir at HN. For German speakers, I would highly recommend following both Netzpolitik and Lage der Nation; the former is self-explanatory but the latter also frequently talks about digital policy in Germany.
Edit: a clarifying point here, as far as I understand, FinFisher is *not* a state-owned company (that would be big news!), but rather a normal GmbH (like an LLC) that develops and sells Staatstrojaner. As such I think the line in the title ("German State Malware Company") strikes me as inaccurate in both English and a hypothetical German->English translation.
[1] https://netzpolitik.org/2021/koalitionsvertrag-das-plant-die...
----
Side note, I know metacommentary isn't typically considered entirely kosher on HN, but some threads I'm seeing pretty high up in the discussion here are really not meeting the quality standards I would expect from HN. Calling the current German chancellor Scholz a "criminal" with "buddies", and a follow-up thread that can be summed up as "I think the EU is so corrupt that it only looks after its own politicians" -- all of this with absolutely no evidence -- is so frustratingly hyperbolic and reductionist that it has me (in all seriousness) wondering what level of exposure HN has to state-level disinformation actors.
People don't die when they go bankrupt.