Privacy organizations raided in “clear overreach” of power.
Financial backers of three non-profit privacy groups may have had their personal information compromised, after a raid by police in Germany led to what many are calling a data breach and gross intrusion by law enforcement.
On June 20, Bavarian authorities seized the mobile phones, laptops, and digital storage devices belonging to board members of Zwiebelfreunde – an association that supports digital anonymity projects, such as improving the tor network with Torservers.net.
Zweibelfreunde also manages donations to a US-based email provider, Riseup, which had recently fallen under police radar as its services were being used by the authors of a contentious far-left blog.
Police were looking to identify those behind Krawalltouristen, the blog in question, following their reported call for violence during last week’s Alternative for Germany (AfD) party conference – an annual meeting of a right-wing political party and the country’s largest opposition.
It is not known whether police requested this information from Riseup, the blog’s mail provider, but authorities in Bavaria alternatively managed to obtain a warrant for documents related to the group’s bank account – records held with Zwiebelfreunde.
“We have nothing to do with Riseup’s infrastructure,” Zwiebelfreunde said in a blog post. “During the raids, the police forces clearly gave the impression that they knew we had nothing to do with either Riseup or the ‘ruckus tourist’ blog. None of us had even heard of that blog before!”
According to Zwiebelfreunde, infrastructure related to Riseup operations, and other groups like Torservers and CryptoParty, were not affected by the raid, nor did any PGP, SSH, or OTR keys become exposed.
“Apart from encrypted media, they had the legal right to seize documents related to our Riseup bank account starting from January 2018. They also went and got those from our bank, the GLS Gemeinschaftsbank,” Zwiebelfreunde said.
Printed documents linked to various, if not all, projects the association had undertaken since its 2011 inception were also seized, made up of “highly sensitive personal data of donors, identities of activists that received reimbursements or payments, and a list of our members,” according to Zwiebelfreunde.
Financial supporters of privacy-enabling tools provided by the likes of Tor, Riseup, and the operating system Tails, are expected to have been affected.
“If you donated to Riseup via our European IBAN mechanism then there is a good chance the German police now have a record of your bank account number, name, amount you donated, and the date of the donation,” Riseup wrote in a statement published earlier this week.
German police did not respond to The Daily Swig regarding whether this evidence was within their legal remit to collect, leaving some to question if the raid was simply a tactic to learn more about individuals connected to any number of social movements operating within a country currently divided by its immigration policy.
The Chaos Computer Club (CCC), a renowned hacker group, also claims to have had their OpenLab premises searched in the same police operation. Three arrests, most notably, were made at the space after police mistook notes on a whiteboard for bomb making instructions.
The individuals, which included Zwiebelfreunde board member Moritz Bartl, were later released without charge.
Writing in a blog post, CCC said that the suspicion of explosives was “incompetent, malicious, or both” of the police, and that a dangerous precedent was being set with investigations built around casting such wide, possibly illegal, nets.
“With such contrived reasoning, almost anyone could be searched if the anonymous website had been operated by people with a Gmail address,” CCC said.
“As a consequence of this clearly nonsensical attempt at logic, those involved in this as witnesses and their families have had to endure abjectly disproportional intrusions into their homes.”
Earlier this year, police in Bavaria were given a range of new powers to expand their scope of surveillance, with authorities now permitted to read a suspect’s email when “imminent danger” is present.
Zwiebelfreunde is planning to take the matter to court under grounds that the original warrant was a “clear overreach” of power, police having additionally gone beyond what they were legally able to seize.