 I would like to use the time to speak about the hearing in Karlsruhe at the Constitutional Court. You may have heard that the Karlscomputer Club handed in a statement about the law. Again, I didn't catch which law it is. I'd like to talk about the fact about the state Trojan, to what extent it was involved, what arguments we were using. We appeared in the order hearing. We have a written statement, which you can, of course, find at ccc.de. And of course, near the end, I would like to just get out the crystal ball and wonder what will come out, perhaps in autumn, hopefully by the end of the year. And that's what I would like to talk about. I think the reporting on the day in July wasn't that bad. There was coverage across the country, but it was just a few hours, and the arguments that were exchanged. Well, they are quite interesting. And to get some information about the critical points in this law about the federal criminal police office, Ulf Boomer was supposed to join me, because he was another expert that was heard talking for amnesty and netspolitic.org. But somehow, he seems to have got lost in his tent. So I'll have to do this alone. I will just go on a bit of a different arc, because that state Trojan, of course, has some history that I would like to talk about. Not everyone would know every detail. But I'll try not to extend it too much. But to begin with, I would like to quote the ruling on the state Trojan. This is from 2008, and did not find the attention that it would have deserved. The state Trojan has been in Karlsruhe at the Constitution Court as part of the law on the interior secret service in the state of North Westphalia. And that led to a ruling that created a new fundamental right, which was derived from the rights in the Constitution, the basic right for ensuring the confidentiality and integrity of information technology. And it was the CCC's publicity about the state Trojan that really caused this to enter the debate. The interpretation of that ruling, which is more than six years old now, is something that leaves me somewhat unhappy, because many nuances in that ruling have not entered legal practice at the national or federal state level. It's not just about the state Trojan and which systems can be infiltrated with what means, but it was also discussed what searches of hard disks, what this thing is about that. But it hasn't really entered legal practice and legal writings, so I would like to mention this ruling again. And the hearing now in Karlsruhe, of course, goes beyond that in what it debated, simply because the facts in 2008 were not known as much as they are now concerning the details of the technical implementation of the state Trojan. And of course, two years of Snowden and the debate about IT security and malware and perhaps automatic spreading of malware, the alleged omnipotency of secret services, of course, all played a part in the recent debate. And in the night before that hearing, the data of the hacking team hack went public. And I was desperately looking through the night for hints in those hundreds and gigabytes of data that I collected from each and everywhere about Germany buying malware from hacking team. And I did actually find something and live in Karlsruhe, I was able to mention this. Several federal state police officers and the Federal Criminal Police Office did have at least some business relations, maybe, were shown there malware. So the law about the Federal Criminal Police Office was passed in the previous parliament in 2008. And that was two parliaments ago. And it's the brackets before the law. It's about authorizations before legal proceedings start before someone is pursued for a concrete suspicion. And this is all referring to what's called international terrorism, which in the constitutional complaints, which we complained about, because it has not been defined at all this term, in particular international terrorism. So that is kind of the birth defect of this law. There are certain authorizations for intrusion, state trojan, dragnet surveillance, communication surveillance, internet surveillance, observation, all that. If you allow all this, it would be nice to have a good definition of what that kind of international terrorism should be. So the complainants were complaining about that. There are two complaints that were discussed. The first one that we have now stated with their file reference, Gerhard Baumann-Buckhardt, has two well-known liberal politicians. They've submitted many constitutional complaints, both former ministers and then a member of the former Green Parliamentary Party in the Bundestag. Now, of course, twice exchanged. Volfgang Wienand and Claudia Roth were there. And they were raising some different aspects, but very fundamentally criticizing this law and had written it down. These complaints, in part, can be found online. At least the arguments can be. I'm not going to enter into individual legal deliberations. These are always debated at a very high level in cards, so there's not a lot of explanations that you get. Of course, these are mostly legal experts arguing with each other that really know their stuff. I will talk about technical details, particularly as they depend on each other in a certain way. I can't reference everything. This took several hours. I couldn't stay until the end because I had to get on the train back to Berlin. I missed the last hour because there was such a wealth of problems, legal complicated problems that were debated. And not all of them could actually be processed. But I will show. I will continue on my arc before I start with the actual hearing because, of course, the state Trojan, which I won't talk about in detail, but I would at least like to say what it's basically about, it is state-sponsored malware that either spies on telecommunication or is supposed to allow access to a computer's hard disk. So the way it goes normally is you analyze the target system, you put together that software. Normally you have a contractor for that. You try and enter the software into the system either remotely or in the cases that we investigated as CCC later by gaining physical access to the computer. For example, an airport control where the computer was shortly taken out of sight of the owner and the software was inserted. So you have a control component. And fifth, I mentioned removal, but, of course, we wouldn't have found the binaries of the state Trojan. So removal seems to be optional. But it is actually envisaged. In authorities, Lingo, this is called remote forensic software, which is strange because it's not just about forensics because certain rules guidelines about forensic techniques, if you ask to secure evidence, are not really kept. So this is not really a forensic investigation at all in an IT sense. There is a distinction that in my thinking is artificial, but it has been found in all the papers since 2008 that you get from the authorities. And that is the distinction between the so-called concentrated state Trojan, the sources, telecommunications surveillance. That kind of Trojan is to monitor just communications and then the so-called online searching. This is the most stupid term that you could think about because nothing is being searched online there, which allows full access. Online searching has much higher legal and technical hurdles to overcome. The source telecommunications monitoring is normally compared with telecommunications surveillance. To counter that argument was important to us. Even in 2008, the CCC was there as an expert in that complaint. And of course, this time we stressed this as well that very shortly though, how our technical argument went, I would like to say. But it goes through this draft law as well. There's always this distinction. Would you like to use the state Trojan just for telecommunications surveillance or for searching all of the hard disks, the whole computer? And I have a quote from 2007. There was this long catalog of questions that the Interior and Justice Ministers had to answer where they always stressed that it could never be expected that the RFS, which is authority speak for state Trojan, could never be expected that it could be discovered. That, of course, was then falsified. And that was the elephant in the room at Karlsruhe because clearly with that detailed analysis that we were able to make, certain things could no longer be denied. Certain arguments that we had heard in 2008 were not repeated now. The analysis became part of the files and the evidence. Some technical facts simply couldn't be denied anymore. I brought the picture here, which I'm not going to talk about in detail, what this Digitask Trojan could do. Just to summarize, according to our analysis, which you can read about, you can, of course, find it at ccc.de and which was also handed in as part of the argument. So this is not source telecommunications surveillance. It was full search. Components could be loaded. And this was latent floors in the way this was implemented. Mistakes in this ocean, there was unencrypted communication. The data communications happened by command and control center in the US. So other jurisdictions were involved. The exploitability by third parties was surely given. We built our own command and control server. And the authorities, we had a certain kind of pre-warning, which we gave to the authorities before we published our material, together with the Frankfurter Ago Minerzontax Zeitung. We gave them certain warning, and they were not able to take out this command and control server during that time. So surely there were a lot of technical floors, technical inability. And there was a remote control functionality to load further components and execute any kind of malware that you could load or remove. So the debate immediately was about the manipulation of data, the concealing of data, deleting of data. All that would have been technically possible. So from our side, this was a reverse engineering project. So of course, we can't really say from the binary analysis what was actually done, because we didn't have the source code or a monitoring of the operation of that software. But we had that technical opportunity, particularly according to the ruling from 2008, saying that what happened was not according to the law. And that had been recognized. The 2008 ruling clearly says that not just legal, but also technical restrictions have to be there. And it turned out, well, there were some larger questions as well that, in general, concerned software security because of the flaws in the way the software was written, but also secure logging in a criminal procedure against a suspect. And we're talking, in particular, about one case, pharmaceutical export import company. The whole company was supposed to be involved in organized crime and pursued. And in the subsequent case, you would like to know how securely you've found the evidence, how much you can prove that you really have the right evidence. And this was touched on in Karlsruhe, but because of the wealth of material that was discussed, that wasn't at the center of the debate. But that is a problematic thing as well. If you would like to defend yourself with your lawyer, you have to have a certain amount of certainty that data wasn't placed or deleted or modified on the system. So you have the securing of evidence here, the provability of evidence. That wasn't such a big issue in 2008 because this was not about the federal procuring of police office law, but it was about the law of the interior secret service of the state of North and Westphalia. And in that kind of context, the provability of evidence was not as central because that's not as relevant for a criminal process, at least for the defense. So there were some political responses which I would like to touch on briefly because they played a role in the hearing. For one thing, the concrete case that we didn't want to publish, actually, but where the person concerned went to the public himself, that person that was working in that pharmaceutical import export company, this was a Bavarian case. And the Bavarian Federal State Criminal Police Office admitted to the use of the state church. And so the Bavarian Data Protection Commissioner was asked to check the cases that were the procedures that were going on. And this has been done and the response, the analysis has been published. It's quite interesting to read. There were certain flaws in the way the procedures could be inspected in retrospect. Data was just not available for insight. Still, it was quite interesting, particularly if you read the analysis, if you know the analysis of the state version by the CCC. And that, of course, entered the proceedings because just the Bavarian and the Federal Data Protection Commissioner handed in reports. So the second reaction was that the Interior Politics Committee of the Parliament asked for a report which was then classified as secret, but found its way into the public. You find that on ccc.de as well. So in the files, if you are an expert, you get a huge pile of paper, lots of paper. And it was in there, but in the version that it was published on ccc.de because the secret stamp wasn't there anymore, it could enter the files. So that, of course, is interesting, too. Peter Schaar, the Federal Data Protection Commissioner, published a certain thesis about the practice in which the state version was used, which we as analyzers could not know. The transcription of a phone sex talk by a culprit, recording this is actually illegal, but it was even transcribed as well. But there were certain things that we could only suspect, but then found confirmed in the report. So that report, of course, ended that hearing as well. And then there were certain promises. You remember that short episode in Berlin politics where Friedrich was our Interior Minister from the Bavarian Conservatives, if you remember. And there was a lot of talk about verification. Who looked at the source code? Who can look at the source code? Not just according with respect to the authorities, but also to the judges that would have to deal with these things. And the question, which I extracted from an interview shortly after the publication in October 2011, whether anyone was actually able to verify that state written that was bought in from Digitask. And of course, the Interior Minister said yes, surely. But in fact, until 2011, there was a license agreement with the Federal Criminal Police Office for the state written by Digitask, which actually excluded, legally excluded access to the source code. So the information that Friedrich gave was actually wrong. On the other hand, that Trojan had no way of deleting certain content that touches the core of privacy while keeping logging. So that core area question is important. The core area of private life is the legal term for someone's intimate sphere, which is distinct from the privacy of the private sphere. So this is talks with very close friends or relatives about the core areas of life. Like it's a typically legal East term, but I find it quite fitting if you think about it. This core area is protected in a way that it's connected to human dignity at Article I of the German Constitution cannot be violated. So the question of deleting this data was important. I'll come back to that core area later because the two central points were debated quite intensely here. I can't really, in that epic breadth that it was covered in the hearing, I can't really repeat that because the essence and the implications to the future of infiltration of our computers and all information technology systems not just about computers, but all systems that will be relevant. I want to stress that all of the measures that were later known had been conducted after judges had ordered them. But that shows that the political argument of the judges' privilege doesn't always work even because of the factual possibility of checking these. There were some other, I'll speak about the hearing later really, there were some political promises and I have to speak about these so you know which weren't delivered. And it was promised that you have to give some certain things to the press and they promised that present solutions, software solutions would be evaluated throughout Germany and that there would be a standardized description of their possibilities and there would be a process of quality assurance with an expert team. But nobody is talking about this today, it sort of got lost. This standardized description of capabilities takes about 10 pages in the pertinent documents and the second important promise was that they would begin developing the software themselves, especially for the source telecommunications surveillance and in the Centre for Informational IT Competence in the German Secret Service. I should remind you that the ruling in 2008 was before the Federal Government Police Office Law and when it was published there was this new debate about IT security in Malware as part of the Snowden Revolution so lots of changes happened and there was a certain change in the way spying software was viewed. It's not just about the publication of the state trojan by the CCC, there have been others from Citizen Web or this has become something like a transport among activists so this all entered the debate in a certain way. Of course you have to keep in mind that first of all these are legal experts debating into which you can try and include certain technical details to influence decisions perhaps or make them enter decisions. Contrary to what was promised, it was in fact that the Gitasch Trojan was put into the files and the authorities then bought the state trojan by Finfisher and the Gamma Eleman company. So we have this dialogue between Netspolitik.org and the Federal Government Police Office but also we've got the data from the hacking team hack so the Federal Government Police Office stretched out its fingers asking other companies for their work on Srinage software. So in hearing some, at least two from the German authority on informational security, IT security, stressed that self-development, their own development was mainly what it was about. On the other hand we knew that meetings had taken place with these companies, money was being paid. So they kept stressing that the Government Police Office was now into developing software themselves. I would like to mention another paragraph in the law about the Federal Government Police Office 20K. This is the one that allows searching information, IT systems in the 2008 ruling. There are issues that have been copied into the new law to follow the ruling there. So there is a broad definition of Srinage software and the kind of devices that it can be applied to. So these are terms that are not from the authorities but from the ruling because judges then understood that they were not just talking about PCs. So they put all kinds of IT systems into their new fundamental right which was quite far-sighted in my view. We keep talking about computers but we have to remember that all kinds of devices that are like computers are relevant. Now this distinction, I've talked about it already, it's no clearer than it was between source telecommunications surveillance and online searching. So the actual step, the actual violation of the fundamental right we think is the actual infiltration of the system, not what happens then. But legally, of course, there is this distinction which mostly the authorities like to stress. They like to say, oh, this is just telecommunications surveillance, nothing else, which, of course, is not the case. I, for example, have this example of the application shots that can be part of telecommunications surveillance from a state torturing and that contains information about the running system that are not about telecommunication. And that, of course, is a problem which technically is very hard to solve because there is no real semantics in this S.P.N.R. software, there's no real distinction what kind of meaning of data we're talking about. This function has simply been programmed into, there is no way of telling which is running where on the computer and which data you're recording. And this analogy to paper that I've got in this slide here is not really from me. So this source telecommunications surveillance, which can be not just Skype and other telephony, but anything compared to a letter on paper, this would be the equivalent of reading that paper as it is written on the desk before a dissent. So that would mean that all previous versions are being read as well. If I delete things in the email that I write, or if I don't send it at all, if you register what someone's typing, you don't know what is being communicated and actually sent. So these are difficult questions, technically, and it's often stressed that they are trying to find technical solutions for that, but in my point of view, this is not really possible. If you have a browser window where the screencast you recorded, it's impossible to decide whether what's being typed is ever going to enter communication or not, because that is only happening if someone decides whether to send the email or not. Okay, I'm going to talk about hearing a bit. As I said, it went for several hours. I would like to mention two things, this wonderful image here, the data protection commissioner, Andrea Fossof, sorry, and our interior minister, Thomas de Maizier, who is mostly conspicuous by her absence. She wasn't there at the hearing. What's also conspicuous is that the interior minister did show up. I've seen many hearings in Kurz Hall where the concerned ministers were not present and it went as far as the representative of the government, Christoph Mullis, the authorized representative simply skipped his introductory statement which had been prepared and the interior minister held a political speech rather than a legal argument as an introductory statement. So our previous experience, I'm not a lawyer, but I have been in Kurz Hall several times attending those hearings and ministers were not there and this was clearly a political, that too is a political statement but this was interesting for the press if the minister is actually there and holds a speech in which he many said that without the federal criminal police office law, the ISIS terror would be present in Germany by now and there were about 340 threats in Germany that are being pursued, no more than that. And he also said that less than five source telecommunications surveillance cases were taking place, so this was used very sparingly but that didn't convince the legal people because this is not about the practice, it's about the admissibility what is actually admitted in the law, permitted. So I've got the outline here of the debate, I brought it here just for you to see how these things go, so you have familiar and then you have introductory statements and then look at Hirsch and Dirk J. Hilgren's the two complainants with their arguments which were somewhat different and then there were these hours, there were these hours of constitutional evaluation, constitutional legal evaluation so they were talking about technical authorization, what are the pre-conditions, what are the technical conditions, what about the practice, both administratively and technologically and then an important point was protecting the core area of life, technically, practically and in the law, how is this being implemented? And this is different for the different paragraphs of the law, particularly 20, there were different letters for the different sections for the different means that are allowed and there are certain differences in the pre-conditions and then people with professional secrets like doctors, lawyers, many lawyers present of course that again was a section separated out and part of several constitution complaints beforehand that privileged those that carry professional secrecy and the third part that was a bit shorter is notification obligations, spying, eavesdropping on homes, track and surveillance, what about legal recourse? Would have been interesting to get a statement from the data protection commissioner who was not present, what about auditing, what about logging and deleting and then the last one was about transmitting the data within the country about changing the purpose of transfer and then part about transfer to the foreign countries because you know that authorities cooperate but this was dealt with much shorter and the Trojan was mainly present in items one and two or relevant in those. Just very briefly, I would like to outline our arguments. I was fortunate in the fact that I was able just to mention these orally. And all the experts cannot always be certain that they'll be allowed to submit their arguments. That's partly due to the amount of question but also due to how the hearings were led. It's not always very structured. There's first preliminary meeting and the hordes of governmental representatives and they stressed that they wanted a dialogue and you know it's more of a dialogue. I was quite lucky because our micro-rebuterings came fairly early and because the interest in the technical factors is fairly large. The referee for the... Had written a lot about the legal question and the technical questions had a certain interest to them and I was lucky to stress them. I just want to give you an excerpt and the difficulties between the castrated and the online surveillance is that from a technical perspective we have to say that it's a purely technical restriction that doesn't make a lot of sense from a technical point of view. The risks, we talked about the risks that are connected to this and the debate on the purchase of these exploits. I mean should the state sponsor the black market? We think that by allowing this black market to exist we're opening new holes in IT security. We also talked about the core area. So how can we tell an SPNR software that this is where privacy begins? It's not always easy to translate this because the idea of letting software know what a human person is talking about is a sort of science fiction and there's this belief that software knows what people are talking about and talking about this was important to us in Anton. And then of course there was a question of the source code who is looking at it, who can use the binaries later. How can we prevent this? Is the solution of having a common certification for everything, then there's the question of service providers because the hacking team hack was a good example that showed some processes that happen in this market where these exploits are sold that is mainly financed by public money which showed these in turn have security problems not only delivering shorty quality but also having security holes. And we try to bring this into the hearing because the question of which surveillance we want to allow is this not. We're not talking about suspects, we're talking about preventive measures where no concrete suspicion exists, just certain threats perhaps. So when have you actually fully investigated or elucidated them? And that third guideline from the old ruling from 2008 is something I'd like to remind us of because surely our computers, mobile phones, our external brains contain lots of private stuff but also intimate stuff in that legal sense, data, movies, communication, which was as early as 2008 in that first ruling. So very clearly in that third guideline, a law that allows intrusions like that has to have provisions to protect the core area of the private life and that did not happen at all and at least not particularly not in a consistent way. So to look into the crystal ball for a while, I think that core area of protection will be a very critical point in the ruling and I'm sure that the Federal Criminal Police Office Law will be partly ruled unconstitutional. The arguments in the hearing from the Interior Ministry and the representatives of the government were pretty much taken apart and it's seem clear I've been particularly because certain technical measures did not really, in any way, regulate access to that core or non-access to the core area of private life so that will surely make the whole law fail on that account but of course the ruling will not, on the other hand, put the state Trojan into the bin completely, which of course is what I would like to hope for but in my view, the question how they can put into a law how this infiltration can protect human dignity in this way, that will be a central item. So I'll skip the way it's derived but they have to kind of predict how in a technical surveillance measure content from that private, that core area could be involved and that contained, and that was an interesting question in the hearing because how about optimized recording? So could that perhaps protect the core area because, but then the complainants very pretty much went up in arms against that because that would of course also affect that core area. So it has to be said this material must not be recorded in the first place whatever the charge, the possible charge could be. So because that area is something that we, that we grant every person, every human being and these are people that are not under concrete suspicion. So this will be an interesting item and it also is about deleting of notes and transcripts by civil servants. And I'd like to talk about the near future that in Karlsruhe wasn't debated at such intensity. For one thing, what will be the kind of IT systems that they might want to infiltrate? That of course is an open question which was debated in 2008 already but in those years a lot of things, a lot of technological developments have happened and what area of life will not be digitized in the near future. That is a very interesting question that in Karlsruhe even at the census ruling in the 1980s was considered. So the question of human machine symbiosis, would an infiltration be something like physical harm? Would that equate to physical harm? Because we are talking about, I don't know, hearing aids that could be monitored attacking someone not just in terms of their dignity but also in their physical health. So concrete in concrete, that will not play a major role but the debate about this is one that we should not try away from in the future. So this in more or less is my summary. Of course I am aware that many aspects that were talked about of illegal nature is something that I haven't talked about. Of course there have been reports but there has not been a detailed protocol. So there's no way of to really read about the many details that were talked about but in autumn and winter when we have the ruling we can read the details, the written ruling and we can make sure that the public will know about this and this is a ruling that will come and the consequences will be interpreted and we have to make sure that there's going to be a public debate and the interpretation will not just be put down into the files and we can't allow them to say okay we've done things wrong and everyone will say the complainants as well as the government will say they are happy with the ruling surely. So we'll have to make sure that we are part of those that interpret the ruling, read the ruling and create publicity and not allow the state interpretation to become normality. If the military now starts about not just if police authorities enter this market as well there's going to be no way of reining this in there's going to be companies like Gamma and Hacking Team that will be spreading and my call on all of you and everyone that are part of public discourse make sure that you notice when the ruling comes and make sure that the state ocean is not going to become a part of everyday life and I would like to stress again and no one will be surprised by me saying this in particular after this hearing I am more than ever of the conviction that state infiltration of IT systems cannot be legally admissible. Thank you for your attention. Thank you Constanze. We've now got about 15 minutes left for questions and answers but before that there's a short announcement from security and we would like the driver of the vehicle BJF236 to call Honkaaza at 110 on the deck. Constanze, pretend that she was that driver but she probably isn't. So that driver is blocking about 400 other vehicles. So if you still want to ask questions then please do I know I always talk very quickly but if there are any questions left please ask them either now but I'm always here. If you have any questions go to the microphones and we'll start. I have a question about the number of people I have a question about the notifications after the measures. Is it not true that this doesn't even happen today with normal telecom surveillance? Yeah, even for the state trojan there is a notification obligation. This is also it also refers to telecommunications surveillance and other eavesdropping but in all laws and this law as well there are exemptions. This can be suspended for certain legal reasons mostly concerning investigations that still are ongoing against other people perhaps. So there are always three or four reasons to exempt. Concretely about the state trojan I don't know a single case that where notification took place but I don't of course the number of cases overall it's not very high of users. A question you talked about the federal ministry of the interior had traveled to Kartsburg in hordes and you talked about the unusual process that the minister of the interior arrived himself but not the privacy of the data protection minister. Do they all have to come individually or were these people from the constitutional part of the ministry of the interior or from the authorities as well? I don't know if this is of a general interest but I can take two minutes to explain. First of all in the last few years I've noticed that if technical surveillance is concerned we of course deal with other things as well. There's always a wish by the judges to invite people from the practice and that's happened with the federal criminal police office there were people there that actually dealt with the use of the surveillance because judges would like to hear how these things go in practice. Personally I have to say I'm more and more annoyed about this because it takes up a lot of room it has nothing to do with the legal deliberations of course they always assure you that they are very careful about these things but these are not legal questions at all the law can say something completely different and it all has a very calming effect but the judges would like to hear about this practice and then there was the federal office for information security a whole bunch of people that dealt with this the speaker of the interior ministry for example the fact that the minister spoke himself is more important for public relations work because that attracts the press well the reporting about this is enhanced if the minister personally defends this although he personally was not in office at the time but he basically gave a political speech it was quite a clever one of course as the law was made there were no what I didn't catch that he didn't talk about legal arguments at all but basically oh ISIS didn't exist at the time so this was the fact that he entered this fear of this fear argument concerning ISIS and stuff on the other hand I have to say of course you have the right and left sides in Kaisal you have the judges on one side and the defense of freedom on the one side and the police sympathizes on the other and that of course involves a lot of people too and then there were data protection commissioners from federal states the complainants and in part also next to those that are handed in the complaints in person there were those that the lawyers so that's the other side so there's about 20 minutes to introduce everyone in the beginning but there are some on the interior ministry side that do not get introduced from the lower ranks right you should go if you're in Kaisal go to one of these events it's interesting for techies as well you can get a place there in the audience any further questions come to the microphones please left or the right you talked about the fact that there aren't that many cases of the use of this state is there a dedicated statistic on this like with normal eavesdropping after the October 2011 revelations there were parliamentary questions after we revealed the state torches from different federal states and from the federal authorities to the federal police customs police so they were adding up with the state authorities which had been using torches but there is no official statistic because police matters are federal state matters in particular secret service but the federal authorities that I mentioned did mention numbers and thus that was just one case of an online search since 2009 and less about four I think you can count on the fingers of one hand source telecommunications surveillance and it was stressed that the digitized quotient was not no longer be used but what the hearing was talking about only concerns federal authorities we don't really know what happens at the federal state level we think because there were struggles or debates in certain states and judges deal with these things differently now so things may change we tallied everything together and had over 80 since 2009 really since 2010 because the queries in parliament had different dates depending on the timeframes in the parliamentary questions in the different parliaments not up to 2015 either but about 2013 after that the topic kind of vanished again so three and a half years roughly I don't know any more details if anyone knows more I'm always open for more information and we're still accepting binaries as well I have a funny story well maybe not alright alright we had their time was currently short of weeks for handing in our expertise normally would take more than 10 months so that was really stressful so a week before we were actually writing things up and these were the hot days we actually received a hard disk with the binaries of a state malware and we were very excited and we're going to go there and bring this trojan with us but it turned out differently but we do accept binaries it seems as though there are no further questions so give a huge thanks to Constance