Earlier this month, we reported that Germany’s Chaos Computer Club made public that the Trojan Bundestrojaner, also known as ‘0zapftis’ and ‘R2D2,’ legally used by the authorities to tap into Skype calls could also remotely access infected computers as well as siphon personal data and create a backdoor where hackers can plant content on one’s computer.

CCC’s investigation caused public uproar and now brought evidence that the authorities overstepped their boundaries and used their powers to not only monitor calls but to function in other ways.

According to CCC’s findings, the Trojan was not properly encrypted and that any hacker could infiltrate infected computers.  “To avoid revealing the location of the command and control server, all data is redirected through a rented dedicated server in a data center in the USA. The control of this malware is only partially within the borders of its jurisdiction. The instrument could therefore violate the fundamental principle of national sovereignty. Considering the incompetent encryption and the missing digital signatures on the command channel, this poses an unacceptable and incalculable risk. It also poses the question how a citizen is supposed to get their right of legal redress in the case the wiretapping data get lost outside Germany, or the command channel is misused.”

German officials are now looking into the situation as most of them prioritize privacy.  When the anomaly was brought to light, Federal Interior Minister Hans-Peter Friedrich immediately ordered that the use of the spyware be temporarily suspended pending investigation.  Justice Minister Sabine Leutheusser-Schnarrenberger called for an inquiry about the use of the spyware and she is considering new laws to uphold the public’s privacy be protected.

Marco Buschmann, a Free Democrat member of parliament, questioned why the use of the said spyware was even made legal, “The authorities have to operate within the framework of the law and our constitution,” Buschmann told GlobalPost. “And the problem is that software was found that theoretically could do more than the constitution allowed.”

Because of this scandal, any evidence obtained in a suspect’s computer will become invalid as the defendants could easily say that they have no knowledge of the file’s existence and the authorities could have planted the evidence.