Austrian government’s hacking law ruled unconstitutional – about:intel

Ricordate la mia proposta di legge sui trojan ?
Penso sia quanto mai opportuna.
E’ stato fatto un sito su github con la mia proposta.
trojansandruleoflaw.org/

Link articolo originale

Archivio di tutti i clip:
clips.quintarelli.it
(Notebook di Evernote).

Austrian government’s hacking law ruled unconstitutional

The Constitutional Court of Austria recently struck down the government’s spyware & licence plate recognition law. Alina Hanel & Thomas Lohninger of Austrian digital rights NGO epicenter.works, which had campaigned against the law for years, explain the ruling’s context and significance.

The Austrian Constitutional Court decided on 11 December 2019 that the surveillance law that permits both the use of spying software to read encrypted messages and the indiscriminate recording of vehicle licence plates violates the fundamental right to respect for private life (Art 8 ECHR), the fundamental right to data protection (§ 1 Austrian data protection law), and the constitutionally granted right that prohibits unreasonable searches (Art 9 Austrian bill of rights — “Staatsgrundgesetz”).

This judgement
comes after the legalisation of government spyware in Austria had been
prevented two times already. In 2016, a draft bill was withdrawn by the justice
minister after heavy criticism from civil society, technical experts, and
academics. On a second attempt in 2017, the legalisation of government spyware
was included in a broader surveillance package. The draft bill had already
reached committee stage in the parliament but was withdrawn after a record
number of consultation responses from individuals and high-profile
institutions, like the Economic Chamber, the Supreme Court of Justice, and the
Data Protection Board. In 2018, the far-right government adopted the
now-contested surveillance package, including government spyware and
indiscriminate licence plate recognition on Austria’s streets. The
constitutionality of this law was subsequently challenged by a third of the
Members of Parliament.

Government Hacking

The court pointed
out that there is a huge
difference between traditional wiretapping and the infiltration of a computer
system in order to read encrypted messages. Information about the personal use
of computer systems provides insight into all areas of life and allows
conclusions to be drawn about the user’s thoughts, preferences, views, and
disposition.

In light of these
particular sensitivities, the court also admonished that the control mechanisms
in place, high though they were by Austrian standards — a surveillance measure needed to be judicially approved
before and controlled by a legal protection officer[1] during its
execution — were insufficient for computer system surveillance measures. The court required
effective independent supervision by an institution that is equipped with the
necessary technical means and human resources, not only at the beginning of the
measure, but also for the duration of the surveillance.

Further, the Constitutional Court made it clear that the measure could only be used in the case of particularly serious crimes. The repealed law also allowed the use of spy software to investigate property offences with a maximum sentence of up to five years, such as burglary.

The court ruling spells the end for governmental ‘Trojan
horse’ software, at least for the time being. Even though the
Constitutional Court did not describe the use of spy software as
unconstitutional in itself, it demanded requirements that currently make it
uninteresting for the Austrian government to use this surveillance measure to
read encrypted messages.

Street Surveillance

The other provision that was successfully challenged in front of the Constitutional Court was the mandatory data retention of car movements on Austria’s streets. The recognition of licence plates, car types, and driver pictures in a centralised database at the interior ministry was struck down as a form of indiscriminate data retention. A similar type of mass-surveillance of telecommunication meta data had been repealed in 2014. Uniquely, the debate in Austria that surrounded this case was focused on the security risks that are inherent with government spyware. Through years of campaigning most people have understood that the vulnerabilities required to infect a target device constitute a risk for everybody with the same operating system or application. We are happy that we could contribute to this awareness having spent the last 3.5 years publicly advocating on this issue (see our campaign against the law and against government spyware).

[1] The legal protection officer is a special Austrian
institution that is supposed to protect the rights of those affected by secret
investigations

Add comment Cancel reply
Comment Name

Alina Hanel
worked with epicenter.works on their campaign against the Austrian surveillance law

read more

Thomas Lohninger
Thomas Lohninger is Executive Director of the digital rights NGO epicenter.works in Vienna, Austria. He is Senior Fellow of the Mozilla Foundation working on Net Neutrality in the European Union. The Center of Internet and Society of the Stanford Law School holds him as a non-residential Fellow. He…

read more

If you like this post, please consider sharing it.

Leave a Comment

Your email address will not be published. Required fields are marked *