Spyware in the name of the law

21 10 2007

14-year-old Timberline High School student Josh Glazebrook near Olympia, Washington, was sentenced to 90 days in juvenile detention in July 2007 after having admitted making bomb threats to the school and other charges. In order to obtain the evidence, the FBI filed a court order on June 12, 2007, for planting a so-called CIPAV (Computer and Internet Protocol Address Verifier) on the suspect’s PC. Spyware, once planted on the hard drive, the software reports back to the FBI with the Internet Protocol address and other information found on the PC and, notably, an ongoing log of the user’s outbound connections.

The information supplied electronically enabled the authorites to identfy and convict the suspect a month later. The American journalist Declan McCullagh has extensively documented the case in the news.com blog, and made available the court order (see also the full Affidavit here as PDF).

It might have been these kind of sensational revelations that pursuaded the Austrian gouvernment this week to permit online spying of private PCs, though Interior Minister Günther Platter (Conservatives) and Justice Minster Maria Berger (Socialdemocrats) were quick to inform the public that offficial spyware will only be allowed in cases of suspected serevere criminal offences or terrorism. Each request will be examined carefully and can only be approved “by an order of a Public Prosecutor sanctioned by court”, Berger said. In other words, Josh Glazebrook would have never been identified by Austrian law. Nevertheless, the legal framework is to be expected in place by autumn 2008.

The Austrian gouvernment hopes that introducing ‘online spying’ is the right answer to the seriousness of terrorist threats in order to protect civil society. “We have direct access to the [individual’s, sic] hard drive”, Platter said and that would enable a close examination into the history of the potential suspect. Critics, like Peter Pilz (Greens), on the other hand, sharply critisise the political initiative, which even prempts a EU wide strategy, and calls the proposed measure as “unlawful and in breach of the Austrian constitution”. He accuses the Interior Minister in particular, who pushed hard for spyware measures, of incompetence and ruthlessness. Austria spearheads these initiatives within the European Union, though in Germany Chancellor Angela Merkel has called for similar measure to be implemented despite th fact that the German High Court ruled in February this year, that online investigation by means of spyware is unlawful (see story in German in Der Spiegel Online).

At ARGE Daten, an Austrian watchdog for the security of personal data, Chairman Hans Zeger points out that the effect of such an investigative tool is more or less pointless. In an interview with Der Standard, he said that sucessful online investigation hinges essentially on how well a Firewall is configured, “and I am asuming that professional and organised crime syndicates hasve the money to plant preventative measures.”

If one follow these arguments, there can only be only conclusion: Individuals, like the juvenile Josh Glazebrook in the USA, could be caught by the spyware plans of the Austrian gouvernment, however, the political framework – as currently proposed – will not allow the application of an Online Serach Warrant for cases cited above. Well-organised criminal organisations, on the other hand, usually have sufficient protection. Presseclub Concordia, the world’s oldest professional association of journalists and writers in Austria, warns of the dangers for the freedom of the media, if newspapers are subjected to spyware investigations. Where does it leave civil society? A good Firewall protection is required in the future!




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: