(bb) The encroachment intensity of regulated access is further determined by its secrecy. The secrecy of state encroachment measures is the exception in a state based
on the rule of law, and it requires special justification (see Federal Constitutional
Court, Order of 13 June 2007 – 1 BvR 1550/03 et al. –, Neue Juristische Wochenschrift 2007, p. 2464 (2469-2470)). If the persons concerned learn of a state measure
burdening them prior to its execution, they can defend their interests from the outset.
They can, firstly, take legal steps to prevent it, for instance by seeking recourse to a
court. Secondly, they have the possibility with open data collection to exert a de facto
influence on the course taken by the investigation via their conduct. The exclusion of
this opportunity to exert an influence increases the gravity of the encroachment on
fundamental rights (see on legal possibilities of aversion BVerfGE 113, 348
(383-384); 115, 320 (353)).
238
(cc) The weight of the encroachment is characterised, finally, by dangers arising as
a result of access for the integrity of the access computer and for legal interests of the
person concerned, or also of third parties.
239
The experts heard in the oral hearing have stated that it could not be ruled out that
access itself could even cause damage to the computer. For instance, interactions
with the operating system could lead to data loss (see also Hansen/Pfitzmann,
Deutsche Richterzeitung 2007, p. 225 (228)). It should also be considered that there
is no mere reading access as a result of infiltration. Both the accessing agency and
third parties which might misuse the access program can delete, alter or create new
data stocks by accident or by deliberate manipulation because of the infiltration of the
access computer. This may harm the person concerned in many ways which may or
may not be connected to the investigations.
240
Depending on the infiltration technology deployed, infiltration may also cause further
damage which must be considered in examining the appropriateness of a state measure. If the person concerned is for instance supplied with infiltration software in the
shape of an allegedly useful program, it cannot be ruled out that he or she might pass
on this program to third parties whose systems could also be damaged as a result. If
previously unknown security loopholes in the operating system are used for infiltration, this might cause a conflict of goals between the public interest in successful access and in the greatest possible security of information technology systems. As a result, the danger exists that the investigation authority might for instance omit
suggesting to other agencies measures to close such security loopholes, or might
even actively endeavour to ensure that the loopholes remain undiscovered. The goal
conflict might hence impair the trust of the population in state endeavours to ensure
the greatest possible security of information technology.
241
(2) In view of its intensity, the encroachment on fundamental rights lying in secret
access to an information technology system in the context of a preventive goal only
satisfies the principle of appropriateness if certain facts indicate a danger posed to a
predominantly important legal interest in the individual case, even if it cannot yet be
242
41/60