The Munich Public Prosecutor’s Office announced today that it had filed charges against four executives of the FinFisher conglomerate on May 3. They are accused of having intentionally violated licensing requirements for dual-use goods by selling surveillance software to non-EU countries during their tenure as managing directors of the limited liability companies of the FinFisher Group, thereby rendering themselves liable to prosecution.
On 5 July 2019, Gesellschaft für Freiheitsrechte (Society for Civil Liberties, GFF), Reporter ohne Grenzen (Reporters Without Borders, RSF), the European Center for Constitutional and Human Rights (ECCHR) and netzpolitik.org filed a criminal complaint against several managing directors of the companies FinFisher GmbH, FinFisher Labs GmbH, and Elaman GmbH. The reason for this was that the Munich-based corporate conglomerate allegedly had sold the spy software FinSpy to Turkey without the approval of the German government. The four civil society organizations warmly welcome the indictment.
"This is the second direct success resulting from our criminal complaint," says RSF board spokeswoman Katja Gloger. In spring 2022, the FinFisher conglomerate had to cease its operations. "Today, violations of freedom of the press go hand in hand with the use of surveillance software in many cases. For those affected, each individual case represents a massive encroachment on their personal rights. In authoritarian states, this can have dramatic consequences for journalists and their sources, for activists and opposition figures."
"Until now, companies like FinFisher have been able to export almost without restraint around the world, despite European export regulations," said Miriam Saage-Maaß, Legal Director of ECCHR. "Today’s indictment is long overdue and will hopefully lead to the conviction of the responsible company directors in a timely manner. But even beyond that, the EU and its member states must take much more decisive action against the massive abuse of surveillance technology."
"FinFisher has apparently been illegally selling surveillance software to authoritarian governments for years, contributing to the surveillance and repression of human rights defenders, journalists and opposition figures worldwide," explains Sarah Lincoln, GFF’s lawyer and procedural coordinator. "That those responsible are now finally being prosecuted is a long awaited signal that such violations must not go unpunished."
FinSpy surfaced in the summer of 2017 on a Turkish website disguised as the campaign website for the Turkish opposition movement of then presidential candidate Kemal Kılıçdaroğlu, and likely enabled the surveillance of a large number of political activists and media workers. The program allows Turkey’s domestic intelligence agency, MIT, to locate people, monitor their phone calls and chats, and extract all cell phone and computer data.
The export of such surveillance software to countries outside the EU has required authorization throughout Europe since 2015, and violations are punishable by law. The German government has not issued any export licenses for surveillance software since 2015. Nevertheless, current versions of the FinSpy Trojan keep turning up in countries with repressive regimes, such as Egypt, Myanmar and Turkey.
ECCHR has been working on FinFisher since 2013. At that time, ECCHR, together with RSF, Privacy International, Bahrain Center for Human Rights (BCHR) and Bahrain Watch (BW), filed OECD complaints against Munich-based Trovicor GmbH and the British-German Gamma Group, to which FinFisher belonged.