Germany opposes Apple's CSAM tech, but then admits to purchasing Pegasus spyware

As many of you may probably know, Apple was planning on releasing a scanning technology to battle against child abuse, a hashing system to scan iCloud photos for abuse material, which was met with controversy and privacy concerns and subsequently postponed. Germany was one of the main critics of the new system, but now AppleInsider reports that the country has announced it uses the condemned Pegasus spyware.

Germany is using the Pegasus spyware; but earlier, it was against Apple's CSAM tech

Reportedly, Germany's Federal Criminal Police Office (BKA) has purchased access to NSO Group's Pegasus spyware back in 2019, apparently after it failed to create a similar iOS and Android surveillance tool against criminal activity. The agreement with NSO was revealed by the federal government in a closed-door session with the German parliament.

However, when the Pegasus spyware was used after its purchase in 2019 is unclear. BKA Vice President Martina Link stated the tool was acquired in late 2020 followed by deployment against terrorism and suspects of organized crimes, effective since March.

Germany officials have decided to use Pagasus despite the concerns regarding the legality of deploying such software, which can give almost unconstrained access to iPhones and Android phones. The Pegasus spyware tool uses zero-day vulnerabilities to gain access to smartphones, and it can do so even with the latest iPhones. It can be used to record conversations, gather location data, access chat transcripts.

Germany has strict laws that postulate authorities can infiltrate suspects' cellphone and computers only under special circumstances, and similar rules control surveillance operations. Officials from Germany's Federal Criminal Police office have only activated certain functions of the Pegasus software and have respected the country's privacy laws. However, it is unclear what restrictions on the spyware have been put in place and whether they were effective. There's also no information about how often Pegasus was used and against whom.

Reportedly, Germany has first tried to purchase Pegasus in 2017, but the plan didn't succeed due to concerns over the software's functions. However, after the German Federal Criminal Police's attempts of developing such software failed, NSO was approached again.

Back in July of this year, a report from 17 media organizations showed how Pegasus software was exploited by authoritarian governments and used to spy on human rights activists, journalists, and business leaders. Not too long after the report was revealed, Apple condemned these Pegasus cyberattacks against journalists and human rights activists and is expected to deploy patches the ensure iPhones remain safe.

Understandably, even though Apple has vouched to deploy patches, new vulnerabilities can always be found.

Earlier, Manuel Hoferlin was unhappy with Apple's CSAM tech

Apple announced a technology that uses hashed algorithms to scan photos uploaded to the iCloud for child sex abuse materials last month, a decision that sparked controversy among cryptographers with privacy concerns. Then, near the end of this month, Germany's parliament raised such concerns as well in a letter to Tim Cook, written by Germany Bundestag's Digital Agenda committee chairman, Manuel Hoferlin.

The letter discussed Apple's new CSAM technology and how implementing such a solution meant going on a 'dangerous path' and undermining 'safe and confidential communication'.

Despite Apple clearly explaining that photos stored locally on the iPhone won't be scanned by the new system, concerns were still raised that the software may be abused by authoritative governments to spy on iPhone users.

Earlier this month, Apple announced it will be postponing the deployment of its CSAM scanning system and will take additional time to consult experts on the matter. Apple has stated the decision to postpone the anti-child-abuse scanning system is due to the overall backlash the company received in response to the initial announcement.