BGH ruling: Police may not look into the past during chat surveillance

Contents

When messenger services like WhatsApp, Signal, or Telegram are monitored by the police, this should not be a free pass to access a suspect's entire digital past. In a landmark ruling on January 20, the Federal Court of Justice (Bundesgerichtshof, BGH) significantly restricted the investigators' powers in so-called source-based telecommunications interception of chat accounts. The judges in Karlsruhe clarified that the common practice of simply copying existing history during ongoing surveillance violates current law.

Chat surveillance is "source-based TK‰

Previously, the analysis of chat histories was often legally treated as simple telephone surveillance. However, the BGH now precisely classifies the method by which the police gain direct access to a messenger account as source-based telecommunications interception.

This "source-based TK‰ is the state's answer to end-to-end encryption. Previously, the police could simply intercept messages from the provider "on the line." Today, this is pointless for many communication services if the data is transmitted encrypted throughout.

In source-based TK‰, investigators technically target the user's end device, such as a smartphone or laptop. Communication is intercepted either before encryption at the sender's end or after decryption at the recipient's end. Technically, this is frequently done through spyware in the form of state Trojans. In the current case, however, the investigators opted for a covert "connection," where they infiltrated an account as another end device. Even the Karlsruhe judges were not allowed to know the technical details.

BGH: Protection of integrity is crucial

The core of the BGH ruling lies in the temporal separation of powers. The 3rd Criminal Senate argues that, according to the Code of Criminal Procedure (StPO), source-based TK‰ is intended to be a functional equivalent to classic telephone surveillance (File No.: 3 StR 495/25). Based on Section 100a Paragraph 1 Sentence 2 StPO, the law only permits access to data that could have been monitored "even during the ongoing transmission process."

This establishes an explicit prohibition of retroactive surveillance. The BGH emphasizes that the integrity of an IT system is a valuable asset. If investigators gain access, they must technically ensure that they are only capturing current communication. Automatic filtering of the past, simply because the technology allows it, is not compatible with the legal norm.

If the police still want to access old messages, an order for source-based TK‰ is not sufficient. According to the BGH, a covert online search under Section 100b StPO is absolutely necessary for this. The legal difference is significant: while source-based TK‰ monitors ongoing communication, an online search grants access to the entire storage of a target device.

The latter is subject to stricter requirements and is only permissible for a catalog of "particularly serious offenses" such as terrorism or murder. The case in question involved the illegal trade of medicines and doping agents. This only met the hurdles for normal surveillance.

Consequences for the judiciary: Exclusion of evidence

The decision has immediate consequences for the admissibility of evidence. In the proceedings, the Aurich Regional Court had convicted a man, among other things, based on Telegram messages that had been written up to five months before the judicial order. The BGH declared this evidence collection unlawful and ordered its exclusion.

The judges justified this by stating that the disregard of technical security obligations must not go unpunished. If such data were still admitted as evidence, it would incentivize investigative authorities to systematically circumvent the legal limits of online searches. The Aurich Regional Court must therefore reopen the case without the old chat logs.

Gül Pinar, a criminal defense lawyer and vice-chairwoman of the Criminal Law Committee of the German Bar Association (DAV), described the decision to ARD as "very important and relevant." In her view, there was previously no legal basis for reading old messages. With its statement, the BGH strengthens the fundamental IT right, i.e., the protection of the confidentiality and integrity of information technology systems. In recent times, there have been thousands of cases "in which the police have also evaluated old messages."

(vbr)