Austrian government adopts federal Trojan for messenger surveillance

Contents

“The monitoring of encrypted messages is to be carried out by installing a program in the computer system to be monitored, which exclusively extracts sent, transmitted or received messages either before encryption or after decryption.” This officialese describes the official plan of the Austrian federal government to buy malware and use it to monitor citizens who are not suspected of any criminal offense – if other investigative measures appear futile.

The governing parties ÖVP, SPÖ and NEOS agreed on the corresponding amendment to the Espionage Act SNG (State Protection and Intelligence Service Act), the Security Police Act, the Telecommunications Act 2021 and other standards on Wednesday. A flood of negative comments on the plans were received in the preceding public review process. Not only encrypted messages are to be spied on, but also unencrypted messages and information, i.e., otherwise stored data.

According to official documents, the government is pursuing two objectives: Firstly, “prevention of certain particularly serious attacks that threaten the constitution”, which are punishable by ten years or more in prison, or when necessary for counterintelligence purposes. And secondly, the surveillance of encrypted messages. It is not necessary to suspect that a criminal offense has been committed. It

Nevertheless, third parties are also obliged to participate secretly in the surveillance. When the People's Republic of China introduced such obligations for private parties, it was met with criticism in Western countries. In the case of Austria, private companies will have to spend around 2.5 million euros per year to support the surveillance measures, the government estimates – as network operators and operators of messenger services will only be reimbursed for 80 percent of their costs.

Authorization procedure

The Ministry of the Interior expects to receive around 30 requests per year to spy on unencrypted messages and 5 to 15 requests to monitor encrypted messages. Only if encrypted messages are actually spied on 30 times in a calendar year does the Minister of the Interior have to inform the permanent subcommittee of the National Council's Internal Affairs Committee. (The National Council is the directly elected chamber of the Austrian parliament, note).

The new methods for spying on messages and information must be approved by the Federal Administrative Court on a case-by-case basis. A legal protection officer based in the Ministry of the Interior itself is also involved in the procedure. This officer is initially given three working days to comment on an application. A panel of three judges from the Federal Administrative Court is then involved. In urgent cases, a single judge can also grant approval, for which a round-the-clock judicial journal service is introduced.

The administrative court may only authorize the compromise of confessional secrecy, editorial secrecy or attorney-client privilege if this appears proportionate. Medical confidentiality is only protected in this way in the mental health sector, i.e., for psychiatrists, psychologists, psychotherapists, probation officers, registered mediators and recognized institutions for psychosocial counselling and care.