After Chiding Apple On Privacy, Germany Says It Uses Pegasus Spyware

“Germany’s Federal Criminal Police Office (BKA) purchased access to NSO Group’s Pegasus spyware in 2019 after internal efforts to create similar iOS and Android surveillance tools failed,” reports AppleInsider. The news comes less than a month after the Digital Agenda committee chairman of Germany’s federal parliament, Manual Hoferlin, declared Apple to be on a “dangerous path” with plans to enact on-device child sexual assault material monitoring. He said the system undermines “secure and confidential communication” and represents the “biggest breach of the dam for the confidentiality of communication that we have seen since the invention of the Internet.” From the report: The federal government revealed the agreement with NSO in a closed-door session with the German parliament’s Interior Committee on Tuesday, reports Die Zeit. When the BKA began to use Pegasus is unclear. While Die Zeit says the tool was purchased in 2019 and is currently used in concert with a less effective state-developed Trojan, a separate report from Suddeutsche Zeitung, via DW.com, cites BKA Vice President Martina Link as confirming an acquisition in late 2020 followed by deployment against terrorism and organized crime suspects in March.

Officials made the decision to adopt Pegasus in spite of concerns regarding the legality of deploying software that can grant near-unfettered access to iPhone and Android handsets. As noted in the report, NSO’s spyware exploits zero-day vulnerabilities to gain access to smartphones, including the latest iPhones, to record conversations, gather location data, access chat transcripts and more. Germany’s laws state that authorities can only infiltrate suspects’ cellphone and computers under special circumstances, while surveillance operations are governed by similarly strict rules.

BKA officials stipulated that only certain functions of Pegasus be activated in an attempt to bring the powerful tool in line with the country’s privacy laws, sources told Die Zeit. It is unclear how the restrictions are implemented and whether they have been effective. Also unknown is how often and against whom Pegasus was deployed. According to Die Zeit, Germany first approached NSO about a potential licensing arrangement in 2017, but the plan was nixed due to concerns about the software’s capabilities. Talks were renewed after the BKA’s attempts to create its own spyware fell short.