Archive

Posts Tagged ‘Germany’

EU National Data Protection Authorities

December 14, 2011 1 comment

Today, E-Crime Expert presents the contact details of all the (EU) National Data Protection Authorities in order to help citizens/users know where to address and complaint in case their fundamental right to the protection of personal data it is breached. This right is granted by the Charter of Fundamental Rights of European Union. Also, the Directive 95/46 sets forth the National Data Protection Authorities to protect the right to privacy and personal data of the data subjects.

Briefly, the main roles of National DPA are:

-Investigations

-Interventions

-Hear claims and engage in legal proceedings

-Advisory

-Awareness.

Here are listed the up-to-date contact details of all EU National EU DPAs:

Austria

Österreichische Datenschutzkommission
Hohenstaufengasse 3
1010 Wien
Tel.
+43 1 531 15 25 25; Fax +43 1 531 15 26 90
e-mail:
dsk@dsk.gv.at

Belgium

Commission de la protection de la vie privée
Rue Haute 139
1000 Bruxelles
Tel. +32 2 213 8540; Fax +32 2 213 8545
e-mail:
commission@privacy.fgov.be

Bulgaria

Commission for Personal Data Protection
Mrs Veneta Shopova
15 Acad. Ivan Evstratiev Geshov Blvd.
Sofia 1431
Tel. +3592 915 3531; Fax +3592 915 3525
e-mail:
kzld@government.bg, kzld@cpdp.bg

Cyprus

Commissioner for Personal Data Protection
Mrs Panayiota Polychronidou
1 Iasonos Street,
1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia
Tel. +357 22 818 456; Fax +357 22 304 565
e-mail:
commissioner@dataprotection.gov.cy

Czech Republic

The Office for Personal Data Protection
Urad pro ochranu osobnich udaju
Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111; Fax +420 234 665 444
e-mail:
posta@uoou.cz

Denmark

Datatilsynet
Borgergade 28, 5
1300 Copenhagen K
Tel. +45 33 1932 00; Fax +45 33 19 32 18
e-mail:
dt@datatilsynet.dk

Estonia

Estonian Data Protection Inspectorate
(Andmekaitse Inspektsioon)
Director General: Mr Viljar Peep (Ph.D)
Väike-Ameerika 19
10129 Tallinn
Tel.
+372 6274 135; Fax +372 6274 137
e-mail: viljar.peep@aki.ee

Finland

Office of the Data Protection
Ombudsman
P.O. Box 315
FIN-00181 Helsinki
Tel.
+358 10 3666 700; Fax +358 10 3666 735
e-mail:
tietosuoja@om.fi

France

Commission Nationale de l’Informatique et des Libertés
8 rue Vivienne, CS 30223
F-75002 Paris, Cedex 02
Tel.
+33 1 53 73 22 22; Fax +33 1 53 73 22 00

Germany

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30
53117 Bonn
Tel.
+49 228 997799 0 or +49 228 81995 0
Fax +49 228 997799 550 or +49 228 81995 550
e-mail: poststelle@bfdi.bund.de

Greece

Hellenic Data Protection Authority
Kifisias Av. 1-3, PC 11523
Ampelokipi Athens
Tel. +30 210 6475 600; Fax +30 210 6475 628
e-mail: contact@dpa.gr

Hungary

Data Protection Commissioner of Hungary
Parliamentary Commissioner for Data Protection and Freedom of Information: Dr András Jóri
Nádor u. 22.
1051 Budapest
Tel. +36 1 475 7186; Fax +36 1 269 3541
e-mail: adatved@obh.hu

Ireland

Data Protection Commissioner
Canal House
Station Road
Portarlington
Co. Laois
Lo-Call: 1890 25 22 31
Tel. +353 57 868 4800; Fax +353 57 868 4757
e-mail: info@dataprotection.ie

Italy

Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121
00186 Roma
Tel.
+39 06 69677 1; Fax +39 06 69677 785
e-mail: garante@garanteprivacy.it

Latvia

Data State Inspectorate
Director: Ms Signe Plumina
Blaumana str. 11/13-15
1011 Riga
Tel. +371 6722 3131; Fax +371 6722 3556
e-mail: info@dvi.gov.lv

Lithuania

State Data Protection
Inspectorate Director: Mr Algirdas Kunčinas
Žygimantų str. 11-6a
011042 Vilnius
Tel. + 370 5 279 14 45; Fax +370 5 261 94 94
e-mail: ada@ada.lt

Luxembourg

Commission nationale pour la protection des données
41 avenue de la Gare
1611 Luxembourg
Tel.
+352 2610 60 1; Fax +352 2610 60 29
e-mail: info@cnpd.lu

Malta

Office of the Data Protection Commissioner
Data Protection Commissioner: Mr Joseph Ebejer
2, Airways House
High Street, Sliema SLM 1549
Tel. +356 2328 7100; Fax +356 2328 7198
e-mail: commissioner.dataprotection@gov.mt

The Netherlands

College bescherming persoonsgegevens
Dutch Data Protection Authority
Juliana van Stolberglaan 4-10
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel. +31 70 888 8500; Fax +31 70 888 8501
e-mail: info@cbpweb.nl

Poland

The Bureau of the Inspector General for the Protection of Personal Data
Inspector General for Personal Data Protection: Mr Wojciech Rafał Wiewiórowski
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 860 70 81; Fax +48 22 860 70 90
e-mail: sekretariat@giodo.gov.pl

Portugal

Comissão Nacional de Protecção de Dados
R. de São.
Bento, 148-3°
1200-821 Lisboa
Tel. +351 21 392 84 00; Fax +351 21 397 68 32
e-mail: geral@cnpd.pt

Romania

The National Supervisory Authority for Personal Data Processing
President: Mrs Georgeta BASARABESCU
Str. Olari nr. 32
Sector 2, BUCUREŞTI
Cod poştal 024057
Tel. +40 21 252 5599; Fax +40 21 252 5757
e-mail: anspdcp@dataprotection.ro

Slovakia

Office for Personal Data Protection of the SR
President: Mr Gyula Veszelei
Odborárske námestie č. 3
817 60, Bratislava
Tel. + 421 2 5023 9418; Fax + 421 2 5023 9441
e-mail: statny.dozor@pdp.gov.sk or gyula.veszelei@pdp.gov.sk

Slovenia

Information Commissioner
Ms Natasa Pirc Musar
Vošnjakova 1
1000 Ljubljana
Tel.
+386 1 230 9730; Fax +386 1 230 9778
e-mail:
gp.ip@ip-rs.si

Spain

Agencia de Protección de Datos
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91399 6200; Fax +34 91455 5699
e-mail:
internacional@agpd.es

Sweden

Datainspektionen
Drottninggatan 29
5th Floor
Box 8114
104 20 Stockholm
Tel. +46 8 657 6100; Fax +46 8 652 8652
e-mail:
datainspektionen@datainspektionen.se

United Kingdom

The Office of the Information Commissioner Executive Department
Mr Christopher Graham
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 1 625 54 57 00

Stay posted as the next blog  post will bring you the individual EU National Data Protection legal act that transpose the Directive 95/46 into National Law.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Do you have any complaint? Did you know where to address in case of DP breach?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Case law: leak of personal data (information)

December 5, 2011 Leave a comment

This month E-Crime Expert is presenting relevant Case law and rulings regarding data protection rights, law applicability and enforcement.

The purpose of this new series is to show actually how the relevant law should be applied in order to properly balance the right to free access of public information, free flow of information and the right to Privacy and Personal Data protection.

The series will balance both the applicability of Data Protection law in the private and public sector, focusing mostly on the Directive 95/46/EC (private sector) and Regulation 45/2001/EC (rights to data protection of individuals working with/for EU Institutions and bodies).

T-259/03, Nikolaou v. Commission, 12.9.2007

Action for non-contractual liability based on acts and omissions of OLAF. OLAF had disclosed certain information about its investigation concerning the applicant: a leak of information to a journalist; its annual report with information about the investigation; and its press statement. Applicant had requested access to the file and the final case report.

Burden of proof for establishing non-contractual liability: Normal rule: The burden of proof is on the applicant to establish: i) Illegal action of an institution; ii) Damages; iii) Proof that damages were caused by the illegal action of the institution. However, burden of proof shifts to the institution when a fact giving rise to damages could have resulted from various causes, and the institution has not introduced any element of proof as to which was the true cause, even though it was best placed to do so. Court concluded OLAF staff member leaked information (including PD) to a journalist, which were published, and OLAF’s press release confirmed the veracity of facts (including PD) that had been mentioned in several press articles. PD definition: The information published in the press release was PD, since the DS was easily identifiable, under the circumstances. The fact that the applicant was not named did not protect her anonymity. Processing definition: 1. Leak (unauthorised transmission of PD to a journalist by someone inside OLAF) and 2. publication of press release each constitute processing of PD.

Lawfulness:

Leak constitutes unlawful processing in violation of Article 5 of Reg. 45/2001 because it was not authorized by the DS, not necessary under the other sub-paragraphs and it did not result from a decision by OLAF. Even though OLAF has a margin of discretion on transmissions, here it was not exercised because leak is unauthorised transmission. OLAF is best placed to prove how the leak occurred and that the Director of OLAF did not violate his obligations under Article 8(3) of Reg. 1073/99.

In the absence of such proof, OLAF (Commission) must be held responsible. No concrete showing of an internal system of control to prevent leaks or information in question had been treated in a manner that would guarantee its confidentiality.

Publication of press release was not lawful under Article 5(a) and (b) because public did not need to know the information published in the press release at the time of its publication, before the competent authorities had decided whether to undertake judicial, disciplinary or financial follow-up.

Damages for violation of DP rules: violation of Reg. 45/2001 qualifies as an illegal act of an institution conferring rights on an individual. Objective of Reg. is to confer such rights on DSs.

A leak of PD is necessarily a grave and manifest violation. Director has margin of appreciation on prevention, but made no showing.

OLAF gravely and manifestly exceeded the limits of its discretion in the application of Article 5(a) and (e), which was sufficient to engage the responsibility of the Community.

Credits and acknowledgment go to Laraine Laudati, OLAF DPO.

This was the last case law analyzes from this series.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

What do you think about the findings? Do you think that the applicant was right? 

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Case law: the time limit of right to access

December 2, 2011 Leave a comment

This month E-Crime Expert is presenting relevant Case law and rulings regarding data protection rights, law applicability and enforcement.

The purpose of this new series is to show actually how the relevant law should be applied in order to properly balance the right to free access of public information, free flow of information and the right to Privacy and Personal Data protection.

The series will balance both the applicability of Data Protection law in the private and public sector, focusing mostly on the Directive 95/46/EC (private sector) and Regulation 45/2001/EC (rights to data protection of individuals working with/for EU Institutions and bodies).

C-553/07, College van burgemeester en wethouders van Rotterdam v. Rijkeboer, 7.5.2009

Reference for preliminary ruling. Dutch law on PD held by local authorities provides that on request, Board of Aldermen must notify a DS within 4 weeks whether his PD have been disclosed to a purchaser or 3rd party during the preceding year. Data held by authority include basic data (name, dob, personal id no., ssn, local authority or registration, etc.) and data on transfers. Mr. R requested to be informed of all instances where data relating to him were transferred in preceding 2 years, content and recipients.

Question referred: whether, pursuant to Article 12(a) (right of access) of Directive 95/46, a DS’s right of access to information on the recipients of PD regarding him and on the content of the data communicated may be limited to a period of one year preceding the request.

Time limit on right of access: Right of access is necessary to enable DS to exercise other rights (rectification, blocking, erasure, and notify recipients of same; object to processing or request damages). The right must of necessity relate to the past, otherwise DS would not be in a position effectively to exercise his right to have data presumed unlawful or incorrect rectified, erased or blocked or to bring legal proceedings and obtain compensation for damages. MSs have some freedom of action in implementing the Directive, but it is not unlimited. Setting of time limit on right of access must allow DS to exercise his rights. It is for MSs to fix a time limit for storage of information on the recipients and the content of data disclosed, and to provide access to that information which constitutes a fair balance between the interest of the DS in exercising his rights and the burden on the controller to store that information. In present case, limiting storage of information on recipients and content to one year, while the basic data is stored much longer, does not constitute a fair balance, unless it can be shown that longer storage would constitute an excessive burden.

Credits and acknowledgment go to Laraine Laudati, OLAF DPO.

Stay tuned for the case law.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

What do you think about the findings? Do you think that the applicant was right? 

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Case law: Commission v. Germany (independent DPA)

November 30, 2011 Leave a comment

This month E-Crime Expert is presenting relevant Case law and rulings regarding data protection rights, law applicability and enforcement.

The purpose of this new series is to show actually how the relevant law should be applied in order to properly balance the right to free access of public information, free flow of information and the right to Privacy and Personal Data protection.

The series will balance both the applicability of Data Protection law in the private and public sector, focusing mostly on the Directive 95/46/EC (private sector) and Regulation 45/2001/EC (rights to data protection of individuals working with/for EU Institutions and bodies).

C-518/07, Commission v. Germany, 9.3.2010

Infringement action against Germany which transposed 2nd para. of Article 28(1) of Directive 95/46 (requirement for an independent DPA) by making the authorities responsible for monitoring PD processing outside the public sector in the different Lander subject to State oversight.

Requirement of complete independence of DPA: Independence normally means a status which ensures that the body concerned can act completely freely, without taking any instructions or being put under any pressure. There is nothing to indicate that the requirement of independence concerns exclusively the relationship between the supervisory authorities and the bodies subject to that supervision. The adjective “complete” implies a decision-making power independent of any direct or indirect external influence on the supervisory authority. The guarantee of independence of DPAs is intended to ensure the effectiveness and reliability of the supervision of compliance with DP provisions, to strengthen the protection of individuals and bodies affected by their decisions. DPAs must act impartially and must remain free from any external influence, including that of the State or Lander, and not of the influence only of the

supervised bodies. Independence precludes not only any influence exercised by supervised bodies, but also any directions or other external influence which could call into question performance of those authorities of their task consisting of establishing a fair balance between the protection of the right to private life and the free movement of PD.

State scrutiny in principle allows the government of the respective Land to influence the decision of the supervisory authority or cancel and replace those decisions. This is not consistent with principle of independence.

Credits and acknowledgment go to Laraine Laudati, OLAF DPO.

Stay tuned for the case law.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

What do you think about the findings? Do you think that the applicant was right? 

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Case law: data processing

November 28, 2011 Leave a comment

This month E-Crime Expert is presenting relevant Case law and rulings regarding data protection rights, law applicability and enforcement.

The purpose of this new series is to show actually how the relevant law should be applied in order to properly balance the right to free access of public information, free flow of information and the right to Privacy and Personal Data protection.

The series will balance both the applicability of Data Protection law in the private and public sector, focusing mostly on the Directive 95/46/EC (private sector) and Regulation 45/2001/EC (rights to data protection of individuals working with/for EU Institutions and bodies).

C-73/07, Tietosuojavaltuutettu [Finnish DP ombudsman] v. Satakunnan

Markkinaporssi Oy and Satamedia Oy, 16.12.2008

Reference for preliminary ruling. Defendant 1 (a) collected public PD (name of persons whose income exceeds threshold, amount of earned and unearned income, wealth tax levied) from Finnish tax authorities and (b) published extracts in regional newspaper each year. Newspaper says PD can be removed on request without charge. Defendant 1 also (c) transferred the data on CD ROM to Defendant 2 (owned by same shareholders) which (d) disseminated them by text messaging system. Contracted with mobile telephony company to send text messages allowing users to receive information published in the newspaper; PD removed on request. Questions referred: (1) whether collection, publication, transfer of CD ROM and text messages constitutes processing of PD; (2) whether it is processing for solely journalistic purposes within Article 9 of Directive 95/46; (3) whether Article 17 and principles of Directive 95/46 preclude publication of data collected for journalistic purposes and its onward transfer for commercial purposes; (4) whether PD that has already been published in the media is

outside scope of Directive 95/46.

Processing: All 4 types of activities constitute processing.

Scope: Only two exceptions to scope, set forth in Article 3(2). First indent: security and criminal law=activities of the state. Second indent: processing by a natural person in course of a purely personal or household activity, concerns activities in course of private or family life of individuals. Activities (c) and (d) are activities of private companies, not within the scope of Article 3(2). A general derogation from application of directive in respect of published information would largely deprive directive of its effect. Thus activities (a) and (b) also not within scope of Article 3(2).

Processing for solely journalistic purposes: Article 1 of Directive indicates that objective is that MSs should, while permitting free flow of PD, protect the fundamental rights and freedoms of natural persons and, in particular, their right to privacy, with respect to processing of their PD. That objective can only be pursued by reconciling those fundamental rights with fundamental right to freedom of expression. Article 9’s objective is to reconcile the two rights. MSs required to provide derogations in relation to protection of PD, solely for journalistic purposes or artistic or literary expression, which fall within fundamental right to freedom of expression, insofar as necessary for reconciliation of the 2 rights. To take account of the importance of the right of freedom of expression in every democratic society, it is necessary to interpret notions of freedom, such as journalism, broadly. Derogations must apply only insofar as strictly necessary.

Fact that publication is done for profit making purposes does not preclude publication from being considered as “solely for journalistic purposes.” Medium used is not determinative of whether “solely for journalistic purposes.” Thus activities may be classified as “journalistic” if their sole object is the disclosure to the public of information, opinions or ideas, irrespective of the medium used to transmit them.

Credits and acknowledgment go to Laraine Laudati, OLAF DPO.

Stay tuned for the case law.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

What do you think about the findings? Do you think that the applicant was right? 

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Case law: Huber v. Germany (deletion of personal data)

November 25, 2011 Leave a comment

This month E-Crime Expert is presenting relevant Case law and rulings regarding data protection rights, law applicability and enforcement.

The purpose of this new series is to show actually how the relevant law should be applied in order to properly balance the right to free access of public information, free flow of information and the right to Privacy and Personal Data protection.

The series will balance both the applicability of Data Protection law in the private and public sector, focusing mostly on the Directive 95/46/EC (private sector) and Regulation 45/2001/EC (rights to data protection of individuals working with/for EU Institutions and bodies).

C-524/06, Huber v. Germany, 16.12.2008

Reference for preliminary ruling. Huber, an Austrian national who is resident in Germany, requested the deletion of PD relating to him (name, date and place of birth, nationality, marital status, sex, entries and exits from Germany, residence status, particulars of passports, statements as to domicile, reference numbers) in the German Central Register of Foreign Nationals (AZR). Bundesamt assists public authorities responsible for application of law related to foreign nationals and asylum. Used for statistical purposes and by security and police services and judicial authorities re prosecution an investigation of criminal activities. Germany rejected the request.

Question submitted wrt DP: Is processing of PD of Austrian national in AZR compatible with the requirement of necessity under Article 7(e) of Directive 95/46?

Scope of Directive 95/46: Article 3(2) exclude from scope of Directive 95/46 processing of PD concerning public security, defence, criminal law activities. Thus, in this case, only processing for purpose relating to right of residence and for statistical purposes fall within scope of 95/46.

Necessity requirement: In light of intention that Directive 95/46 is intended to ensure an equivalent level of DP in all MSs, to ensure a high level of protection in the Community, concept of necessity in Article 7(e) cannot have a meaning which varies between MSs.

Thus, it is a concept which has its own independent meaning in Community law, and must be interpreted in manner which fully reflects the objective of Directive 95/46.

Under Community law, right of free movement of a MS national is not unconditional, but may be subject to limitations and conditions imposed by treaty and implementing rules.

Legislation provides that a MS may require certain documents to be provided to determine the conditions of entitlement to right of residence. Thus, it is necessary for a MS to have relevant particulars and documents available to it in order to ascertain whether a right of residence in its territory exists. Use of a register to support authorities responsible for application of legislation on right of residence is, in principle, legitimate.

However, register must not contain any information other than what is necessary for that purpose, and must be kept up to date. Access must be restricted to the responsible authorities. Central register could be necessary if contributes to more effective application of that legislation. National court should decide whether these conditions are satisfied.

Only anonymous information is required for statistical purposes.

Credits and acknowledgment go to Laraine Laudati, OLAF DPO.

Stay tuned for the case law.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

What do you think about the findings? Do you think that the applicant was right? 

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Police Using Spyware on Suspects’ Computers

October 18, 2011 1 comment

Very interesting Article written by Nicholas Kulish on how police was detected by hackers when installing spyware  on suspects’ computers in order to track them, take screenshots, and turn on cameras and microphones for undetected surveillance.

This is the full Article as published by New York Times:

“BERLIN — A group that calls itself the Chaos Computer Club prompted a public outcry here recently when it discovered that German state investigators were using spying software capable of turning a computer’s webcam and microphone into a sophisticated surveillance device.

The club, a German hacking organization, announced last Saturday it had analyzed the hard drives of people who had been investigated and discovered that they were infected with a Trojan horse program that gave the police the ability to log keystrokes, capture screenshots and activate cameras and microphones. The software exceeded the powers prescribed to the police byGermany’s Federal Constitutional Court.

The public condemnation was swift and strong, renewing a national debate into how far the government can intrude into digital privacy. The Frankfurter Allgemeine Zeitung, a major newspaper, called the revelation a “worst-case scenario for data security.” Germany’s justice minister, Sabine Leutheusser-Schnarrenberger, demanded an inquiry into the matter, saying that citizens “must be protected from snooping with strict state control mechanisms.”

Peter Schaar, the federal commissioner for data protection, called for Parliament to enact legislation to put an end to the “gray area” between lawful and unlawful searches and surveillance on computers.

“In my opinion, this kind of infiltration through software is a deeper intrusion and a greater risk than simply listening in on a phone line,” Mr. Schaar said in an interview. “The Bundestag has to decide to what extent something like this is allowed and to what extent it is restricted,” Mr. Schaar said, referring to the German Parliament.

Germans are particularly sensitive to questions of privacy and data collection as a result of their experiences under the Nazi dictatorship, where personal details could be a matter of life and death. As a result, the country has some of the strongest data protection laws in the world, elevating an individual’s right to privacy above any perceived public right to know.

“Now Germans are beginning to recognize that this is a core problem of all people,” said Bernd Schlömer, the vice chairman of Germany’s Pirate Party, a new party that recently won 8.9 percent of the vote in Berlin’s state elections and emphasizes Internet freedom and online privacy issues. He compared the awakening toward the significance of online privacy to the growing awareness of environmental problems in the 1960s and ’70s.

In 2007, Germany’s Interior Ministry announced that it had developed software that could scan the hard drives of terrorism suspects. The Federal Constitutional Court responded the next year with a ruling that limited such incursions and guaranteed “confidentiality and integrity in information technology systems.”

Federal investigators said that they were not using this software, but several states, including Lower Saxony and Baden-Württemberg admitted that they had employed it.

“In essence it is about how we fight crime in a digital age,” said Dieter Wiefelspütz, an expert on domestic security with the left-leaning Social Democrats. Far-reaching computer surveillance “shouldn’t be used for car thieves but instead for the most serious crimes. That has to be considered in the laws,” he said.

Officials in Bavaria have said they had used the spying software to monitor suspects’ e-mails and phone calls over the Internet and have captured tens of thousands of screenshots in cases involving theft, fraud and illegal performance-enhancing drugs.

Officials have denied employing the software’s capability of seizing control of computers’ cameras and microphones, technology that evokes action films.

The debate in Germany is evidence of the degree to which technology has permeated everyday lives, where friendships are made and nurtured on social-networking sites, and photographs and diaries are stored on hard drives. Privacy advocates argue that the difference between what authorities can glean from a telephone conversation and what can be discovered on a computer is as broad as the distance between what one says out loud and what one is thinking to oneself.

“Our private data are our stored thoughts,” Mr. Schlömer said.

Security experts say the German debate over police surveillance of computers and the demands for legislation restricting the practice will increasingly be necessary across the globe as the kinds of communication captured through wiretaps shift more and more to encrypted programs like Skype.

But the software discovered by the hacker group, dubbed “State Trojan” or “R2D2,” after a line of code including the Star Wars robot’s name, can do more than eavesdrop on phone calls. It was the ability to remotely control computers that led to charges from leading politicians that the state had crossed into Orwellian territory.

“People have some idea of the risks they face online from criminals,” said Mikko H. Hypponen, the chief research officer at F-Secure Corporation, an Internet security firm based in Helsinki, Finland. “I don’t think they really know exactly the same methods are used against them by governments, that Germany, France, the United States could be doing this.”

Analysts, as well as the hackers who discovered the software, said the programming was amateurish. “We were surprised by how bad the quality of the code was,” said Frank Rieger, a spokesman for the Chaos Computer Club. A team of about 10 people analyzed the software for the group before they announced the results.

The hackers said that the program also left the computers open to further malicious attacks, the equivalent of the police’s leaving the back door of a house open after searching it.

Still, the program falls short of what the most sophisticated hackers, organized criminals and other thieves of credit card and banking information have at their disposal”.

Note: Copyrights and credits for the full article go to: New York Times and Nicholas Kulish.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

%d bloggers like this: