Follow

In Germany researcher Lilith Wittmann found vulnerabilities in a campaignig app used by the CDU the largest conservative party. She reported them to the developers of the app.

Now she has received a letter by law enforcement informing her on an ongoing investigation in which she is named as defendant. The CDU has filed a criminal complaint. They think Lilith has hacked their app. This is the state of digitalisation in Germany. 🤦🤦‍♂️🤦‍♀️

ccc.de/de/updates/2021/ccc-mel

@datenteiler Digitalization is nothing new, it goes back to ancient Egypt. at least.
With digitalization came legalism - person as a digit, or number to be fined, jailed, whipped, or killed.
In opposition is the original information system, the analog, that nature made and the digital world will attempt to mimic with quantum computing.
Why luddite is the only future for humanity.

@datenteiler Conservatives/politicians clueless about technology and maliciously litigious to boot you say? Why I never!

@datenteiler Shooting the messenger. Not exactly the smartest move during a federal campaign. Then again, I'm not exactly surprised they acted that way. It's the CDU, after all 😏

@datenteiler apparently, the app is based on a framework and the same company also made more or less identical apps with identical security issues for the CSU and the Volkspartei in Austria.

lilithwittmann.medium.com/wenn

Looks like this is from May, but the CDU is pursuing this now. That's not really getting any better.

@datenteiler They already started to backpedal. According to Stefan Hennewig the Bundesgeschäftsführer (parliamentary director?) of the CDU on twitter there was an unknown third party using the same vulnerabilities to gain access to personal data from the app and publish it online. They claim that involving Lilith Wittmann in that investigation was just an unfortunate misunderstanding.

Lamest excuse I heard in a long time.

@sebastian @datenteiler

At least they backpedal - in the US they occasionally involve DMCA

@datenteiler Okay pretend they did not act maliciously, but instead are just astonishingly incompetent, like they claim.

There still a good chance that next person following responsible disclosure will also be dragged into a criminal investigation, because the CDU will incompetently give their name to police without mentioning that they're the good hacker. It doesn't matter if it is malicious intent or incompetence.

The message here is: Look at our stuff to closely and you'll get in trouble.

@sebastian @datenteiler also: It happened before that such cases triggered a freakin house search and this damage can't be simply undone.

Lucky this time I guess.

@bekopharm @datenteiler That's an additional problem on top.

Also the CDU can't just take everything back. It's a Strafanzeige (criminal complaint) so it will be up the Staatsanwaltschaft (prosecution) to decide if they want to pursue it further.

So this thing isn't over yet.

@rudolf yes. That's what most people do when clueless and don't know what else to do.

*laughs nervous

@sebastian @datenteiler

@datenteiler
same here in NL effing digital illiterates are in charge of tech projects and digital human rights and safety. it's a disgrace to say it mildly

@datenteiler I'm not sure anyone should believe their lack of competence. They allowed recently that similarly ignorantly developped software makes use of vulnerabilities to investigate whoever authorities and spies resp. their principals think is criminal. That's beyond innocence in my view.

@datenteiler And, BTW, did we entitle them to make law against human rights and maybe basic law? I don't think the mandate of an election in a representative democracy is to allow repression.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.