For years, Germany’s various administrations has been among the most surveillance-happy on the globe, both on the German federal level as well as regarding the “Länder” or “states” constituting the federation.

Here’s a neat little snippet that surfaced recently due to the good efforts of the Piratenpartei, by its constitution a political party though they’re more concerned with fighting the spook kraken and its onslaught on citizens’ privacy as ever-more right wing politicians are bulldozing their way through constitutional and human rights.

Wikileaks reports on official communication between the Bavarian Ministry of Justice and the Prosecutors’s Offices and the Presidents of the Supreme State Courts of Munich, Nuremberg and Bamberg concerning coverage of costs of a prospective Skype interception in the course of investigating an unnamed suspect’s telecommunication. The correspondence is based on a quote received by one DigiTask GmbH, which, according to our research, would be this German corporation located in the northern German city of Haiger: DigiTask GmbH - Ihr Systemhaus mit Kompetenz

According to the cited quote, this prospective surveillance would involve implementation of a trojan on the suspect’s system (tagged Skype Capture Unit) to capture and funnel all Skype communication data via an anonymous proxy recording server (two required according to the quote but not specifically quoted for - these would obviously be outsourced third party setups) allowing for real time interception.

To quote Daniel Schmitt of Wikileaks whose scoop this story is:

In a nutshell: malware is installed onto a target machine, to intercept Skype Voice and Chat. Another feature introduced is a recording proxy, that is not part of the offer, yet would allow for anonymous proxying of recorded information to a target recording station. Access to the recording station is possible via a multimedia streaming client, supposedly offering real-time interception.

Another part of the offer is an interception method for SSL based communication, working on the same principle of establishing a man-in-the-middle attack on the key material on the client machine. According to the offer, this method works for Internet Explorer and Firefox web browsers. Digitask also recommends using overseas proxy servers, to cover the tracks of all activities.

The German document (in pdf format) can be downloaded here: Bavarian Skype Interception

A commented English transcript (fairly accurate albeit far from perfect) for non-German readers can be reviewed online here: Bavarian Trojan for Non-Germans

Obviously, the costs (and the issue of who’s to pick up the tab for this snoop job) being the primary focus of this communication, we get to learn some interesting facts from DigiTask’s quote:

1. Skype Capture Unit license per interception job: €3,500 per month
2. One-off installation/deinstallation fee: €2,500
3. SSL decoding task per interception job: €2,500 per month
4. Rental of two anonymous proxy servers: costs not specified

Some remarks on Daniel Schmitt’s comments:

While most of his conclusions seem to be quite accurate, it is not entirely clear to us from the correspondence original wording that there actually may be other companies involved beyond DigiTask. Granted that it would come as a fairly substantial surprise if there weren’t any, seeing that the Federal Republic of Germany is constituted by no less than 15 Länder or states, all of which have their own ministries of Justice, of the Interior, their Supreme State Courts etc. and, of course, their police apparatus involved in telco surveillance, interception and wire tapping, it should be pointed out that Daniel’s interpretation in this matter inasmuch as it is based on the leaked document in question is nevertheless subject to some reasonable doubt.

Admittedly it takes a trained and experienced legal mind to dig into the fineries of this document and draw the proper sustainable conclusions. E.g. Daniel’s speculation that surveillance and interception measures of this ilk may not be subject to court rulings cannot in our view be plausibly deducted from this correspondence as the ministry specifically points out that DigiTask would actually not be tasked with the interception proper: They would merely be supplying the Bavarian authorities with the technical backend required.

But it’s not our intention to bore our readers with this kind of specialist nitty-gritty here. Suffice it to say that Skype communication, even though it may be 256-bit AES encrypted, is far from safe once the government sets itself to it. As for what this will cost you, the taxpayer, see quote above…

Note: For more information on how to protect your privacy and your business secrets in today’s snoop-happy telecommunication environment, please check out our Privacy Tools section.

Filed under: Nomads' Grapevine, Privacy Tools by editor Date 29 January, 2008