- A new law proposal is suggesting the use of “FinFly ISP”, a well-known and documented trojan planter.
- Something like that would force ISPs in the country to accept monitoring hardware additions on their data centers.
- Users would remain oblivious to the fact, but all of their internet traffic would pass through law enforcement systems.
There’s a new law that is being under review in Germany right now, and it could introduce something that should otherwise be unacceptable in modern democracies. The law proposes the rerouting of all internet data through monitoring systems that are controlled by the law enforcement authorities in the country. More specifically, each of the 19 federal state intelligence agencies will undertake the burden to analyze the data of their respective province, essentially spying on their people.
This rerouting will take place on the ISP level, who will have to accept the installation of government hardware on their data centers. After the data passes through the “man in the middle”, it will then proceed to travel to its intended destination, so the users won’t notice anything. Everything from internet communications to software updates will be proxied, so a slight delay may be introduced as a result. The German state has already found what software they’d use for this task, and it’s the “FinFly ISP” created by “FinFisher”, a company that has been actively collaborating with the German law enforcement authorities for quite a while now.
“FinFly ISP” has been reportedly used in Germany since at least 2011, intercepting communications like user credentials, and even for dropping remote monitoring spyware on the target devices. The brochure of the “FinFly ISP” product that presents the software’s abilities has been exposed in a Wikileaks leak, and lays down the following features:
- Can be installed inside the Internet Service Provider Network
- Handles all common Protocols
- Selected Targets by IP address or Radius Logon Name
- Hides Remote Monitoring Solution in Downloads by Targets
- Injects Remote Monitoring Solution as Software Updates
- Remotely installs Remote Monitoring Solution through Websites visited by the Target
All that said, Germany is trying to push a law that would make it legal to plant spyware on people’s smartphones, laptops, desktops, etc. This law is obviously unconstitutional, and many groups like the “Society for Freedom Rights” are already challenging it. Bitkom, which is a group consisting of the country’s top ISPs has also expressed their concern with the new law proposal, stating that the government is clearly ignoring the enormous risks to the overall network integrity of the providers, and the associated loss of trust they’ll have to deal with as a result. When the law passes next week, the government would have the ability to intercept encrypted communications, which is something they have been seeking to do for a long time now.