German government IT procurement rules ban foreign surveillance backdoors
Even now, long after Edward Snowden’s revelations about the National Security Agency’s intrusion into millions of private lives, if you listen very carefully you can still hear the sound of cans being opened and the worms inside them making their slithery bid for freedom on the other side of the Atlantic.
Here on this side of the Pond, cans are called tins, but the worms previously cooped up inside the ones here with “GCHQ” on the label are still worms, many of them answering to names like Warrior Pride, Gumfish, Dreamy Smurf, Captivatedaudience and Foggybottom.
Who’d have thought that GCHQ’s malware developers had enough of a sense of humour to refer to one of their little spy programs as “Foggybottom”?
But across the channel from here, where traditionally it’s been said that there is no sense of humour whatsoever (that, of course, would be Germany) the government procurement office there is taking the prospect of citizens being watched via their own laptop webcams – and any other kind of surveillance matters – very seriously indeed.
In fact, they’re tightening up their tendering rules for sensitive public IT contracts. But here’s the catch: it’s only for foreign tenderers, who have to declare any kind of legal or contractual requirement they have to pass certain kinds of information on to third parties.
As if any foreign IT developers would admit to having anything to do with Krieger Stolz (The German version of Warrior Pride), GummiFisch, Traum Schlumph or GefangenPublikum would admit to it – or even if they had access to Nebel Gesäß (literally “Fog buttocks”).
However, if they’re caught out – or even if there’s the faintest whiff of online intrigue – said developers would have to go all out prove their innocence, while the authorities don’t have to provide anything in the way of evidence that any data of any kind has been passed on to anybody.
But what are the chances of being caught out? Since no foreign tenderer is going to admit to having any links with GCHQ or the NSA or any other similar body in their response to an RFI, those chances could be very slim indeed.
Interestingly enough, because these rules don’t apply to domestic tenderers, we find ourselves wondering whether it’s just a case of the German government being relaxed about home-grown surveillance software keeping a secret eye on the populace … but not wanting any other foreign agency to get a look in.
Oh, and in case anybody’s listening: “Wir lieben dich große Bruder”.
Of course we do.