German police

Two privacy-focused organizations have accused today German police of carrying out raids at their offices and members' private homes on some pretty shoddy reasoning that makes no sense and hints at the police's abuse of power.

The first of these organizations is Zwiebelfreunde, a non-profit group based in Dresden that runs Tor relay servers and supports privacy and anonymity projects by providing legal and financial help.

One of the ways it helps these projects includes collecting donations from European users into its bank account and then relaying the raised money to overseas projects.

Police search Zwiebelfreunde HQ, members home

Today, members of the Zwiebelfreunde project revealed that German police had raided their Dresden office and the homes of three members located in the cities of Augsburg, Jena, and Berlin.

The raids took place on June 20, and police told Zwiebelfreunde members they were in relation to the RiseUp project, a provider of anonymous XMPP and email services.

Officers told members that they were looking for information on the owner of a RiseUp email address. Officers said the owner of that email address registered a site (named Krawalltouristen - translated as Ruckus Tourist) on which it organized protests against the far-right Alternative for Germany (AfD) party convention in Augsburg, and called for physical violence against the group.

Naturally, police were looking for the man behind those threats.

A pretty glaring flaw in the police's logic

But the Zwiebelfreunde group claims police went about it the wrong way. Instead of going after the RiseUp project, they went after their organization instead.

"We have nothing to do with Riseup’s infrastructure," said the Zwiebelfreunde group today in a blog post. "During the raids, the police forces clearly gave the impression that they knew we had nothing to do with either Riseup or the 'ruckus tourist' blog."

Members of the Chaos Computer Club (CCC), a famous German organization whose members are mostly security researchers and hardware hackers, put the things in perspective as for why the searches were so ludicrous.

The state prosecutor’s office in Munich has apparently been operating on the mistaken assumption that everyone even tangentially connected to Riseup would be able to provide information on any e-mail account registered there, including that of the alleged illegal website.
[...]
The mere presence of an e-mail address at a large free provider on a website has caused law enforcement authorities to deduce that a German association that helps raise funds for this provider must be connected to this website somehow. Although Zwiebelfreunde clearly has nothing to do with the operation of this provider, they were suspected anyway. That these searches and seizures were ordered by the Bavarian police shows either forensic incompetence at a very advanced stage, malicious intent or both.
[...]
With such contrived reasoning, almost anyone could be searched if the anonymous website had been operated by people with a Gmail address. As a consequence of this clearly nonsensical attempt at logic, those involved in this as witnesses and their families have had to endure abjectly disproportional intrusions into their homes.

Police also seized data relating to Tails project

Yet, despite the flaw in logic that even police officers were aware, the home searches continued. According to Zwiebelfreunde, police seized electronic equipment from members, such as smartphones, laptops, PCs, GnuPG Smartcards/Yubikeys, hard drives, etc.

Zwiebelfreunde says police overreached when they seized this equipment as most of it was the property of members and their family, and not the organization.

Furthermore, police also overreached and broke their own search warrant when they confiscated legal and financial documents.

"Apart from encrypted media, they had the legal right to seize documents related to our Riseup bank account starting from January 2018," the group said.

"Despite our protests, they additionally seized all printed documents relating to our own and partner projects since the inception of the association in 2011," Zwiebelfreunde said, revealing that police collected data outside their initial scope.

"If you have ever donated to Torservers, or Tails or Riseup via a European bank transaction, your data is very likely now in the hands of the German police," Zwiebelfreunde members said. This includes IBAN account number, name of the account holder, donation amount and date.

Zwiebelfreunde says it tried to get back the documents and equipment that were collected illegally but German police refused to return the seized items. German police also refused all inquiries for additional comment from German media.

"This is a textbook example of how easy the fundamental rights of completely innocent citizens and their families can be violated as a result of artificially constructed evidence chains, no matter how ridiculous. To be drawn into this as a witness on the basis of such patently unsustainable reasoning is questionable to say the least. The recent introduction of draconian Bavarian laws governing police authority has clearly led to a culture where those responsible no longer feel bound by any sense of proportionality of their actions," says Frank Rieger, speaker for the Chaos Computer Clubs (CCC).

Police take revenge on CCC

But things didn't end here. In a blog post today, the CCC claims that soon after their members provided logistical support for Zwiebelfreunde members, German police decided "on their own accord" to extend the search to CCC premises.

According to the CCC, police searched its OpenLab in Augsburg, where they found hackers and computer experts working on electronic boards, surrounded by equipment and chemical substances needed to create such custom boards.

The CCC explains what happened on that day:

After interpreting the contents of a whiteboard as a bomb making manual, the officers then went on to accuse random people present at the hackerspace of plotting a bombing attack. Three people were arrested on the spot and the hackerspace was subsequently searched without a court order and without any witnesses.

The police seized objects from OpenLab and used force to open locked cabinets holding member data and bank records. It has to be assumed that this information was copied and that the rights of members and supporters of both associations were violated.

German media reported the three CCC members who were arrested were later released on the same day without being charged.

"Just like with the initial suspicion with regard to the board members of Zwiebelfreunde, the subsequent suspicions with regard to explosives are incompetent, malicious or both," the CCC says.

"The suspicion of 'preparation of a explosive attack' is a grave and direct threat to the operation of a hackerspace - family-friendly OpenLab is open to visitors almost every day.

"If the mere possession of basic chemical knowledge is a cause for suspicion then pretty soon teenagers will have to hide their chemistry books from nosy cops.

Image source: Bundespolizei

Related Articles:

Third SIM Swapper Arrested in the US

CCleaner Disregarding Settings and Forcing Update to Latest 5.46 Version

Study of 17,260 Android Apps Doesn't Find Evidence of Secret Spying

CCleaner 5.46 Released With Improved Privacy Options

Android Phones Expose Sensitive Data via Internal System Broadcasts