Update April 2019: We released an extensive set of files from the investigation in combination with a German talk covering the material. See German press coverage near the end of this page.

Update August 23rd: The court has confirmed that the searches and seizures were illegal. (Allegedly, no documents or equipment was analysed/evaluated and all copies were deleted.)

Die angegriffenen Durchsuchungs- und Beschlagnahmebeschlüsse und Beschlagnahmebestätigungsbeschlüsse des Amtsgerichts München waren rechtswidrig. Soweit sie noch Bestand hatten, waren sie deshalb aufzuheben. Im Übrigen war ihre Rechtswidrigkeit festzustellen. Den Anträgen auf Herausgabe der beschlagnahmten Gegenstände war insoweit ebenfalls stattzugeben. Die Maßnahmen können nicht mehr als von der Strafprozessordnung gedeckt angesehen werden.

Zu Recht führen die Ermittlungsbehörden Verfahren gegen die Verantwortlichen der Aufrufe auf den zitierten Internetseiten. Die Annahme der Ermittlungsbehörden, dass sich bei der Durchsuchung bei den Betroffenen bzw. auf den beschlagnahmten Datenträgern Beweismittel für diese Verfahren finden lassen, ist aber bei den bekannten Umständen nicht gerechtfertigt. Es besteht keine ausreichende Wahrscheinlichkeit für das Auffinden relevanter Daten. Es gibt keine Anhaltspunkte, dass die Betroffenen, deren Verein Zwiebelfreunde e.V. oder die Gruppierung “Riseup Networks” auch nur zum Umfeld der unbekannten Täter gehören. Es ist zudem auch nicht unmittelbar ersichtlich, dass sich bei ihnen Informationen zum Täterumfeld oder zu den Tätern finden lassen. Einziger Verbindungspunkt ist der Umstand, dass die unbekannten Täter bei “Riseup Networks” ein E-Mail-Konto eingerichtet hatten. “Riseup Networks” bietet allerdings (bestimmungsgemäß) anonymisierte Internetdienste an. Die Einrichtung des Kontos kann (auf Empfehlung) anonym erfolgen. Der E-Mail-Verkehr über das eingerichtete Konto erfolgt verschlüsselt. Deswegen besteht nur eine sehr geringe Wahrscheinlichkeit, über “Riseup Networks” und dessen Datenbestand Informationen zu den Tätern und Taten zu erhalten. Ergänzend kommt hier noch hinzu, dass die Betroffenen mit ihrem Verein “Zwiebelfreunde e.V.” nach bisherigem Informationsstand nicht mit “Riseup Networks” gleichgesetzt werden können. Die Verbindung besteht, soweit bisher ersichtlich, nur in der Unterstützung des Netzwerks durch das Sammeln von Spenden.” (Landgericht München I)

Update August 13th: No update. The case is pending in court (at Landgericht München). Prosecution has confirmed that they have ‘sealed’ all items they took from us and that no further analysis will take place until after the court decision.

Update July 10th: Last week Monday, prosecution stated that they will keep our things for further analysis, even after explicitly confirming to journalists that they are aware that our only connection to Riseup is the collection of donations. This includes items belonging to our partners, and other third parties like companies we work for. That same Monday, after the AfD party convening, our lawyers filed for immediate sealing and suspension of analysis until a court decision. Everything else is pending on that, and for now it looks like there are no further legal steps we can take (yet). The two of us who have not been interviewed yet (because they were not present during the raids) have been asked to give further testimony, which they will do during this week, together with our lawyers. This is not over.

On June 20th, police raided five locations across Germany, nicely coordinated at 6:00 in the morning: The private homes of all three board members, Jens, Juris and Moritz, our registered headquarters in Dresden (a lawyer’s office), and the home of a previous board member.

Please check the bottom of this page for links to various press reports about these raids detailing what happened. We will update that section regularly.

The brief summary is that a German left-wing blog “Krawalltouristen” (ruckus tourists) called for protest actions around the right-wing AfD party convening in Augsburg, Germany. Law enforcement argues that this includes calls for violence.

The German police were interested in finding the authors of said blog, and deemed it appropriate to not ask for information or go after the email provider the blog happened to be using, riseup.net, but after the German entity Zwiebelfreunde.

Zwiebelfreunde has a partnership with Riseup Labs, a US non-profit, and manages donations via European wire transfers for the Riseup collective. We spend the money in collaboration with the collective on software development, travel reimbursements, and for Riseup’s Tor infrastructure.

We will update this post as the story evolves. For more details, please see publications by other media.

What data is affected, and how?

First of all, here’s a list of things we have strong reason to believe are not affected, and can still be considered safe:

  • any Torservers related infrastructure: Tor relays, mail servers, web servers
  • any of Riseup’s infrastructure (because we have nothing to do with that)
  • cryptoparty.in or other cryptoparty related infrastructure
  • PGP keys, SSH keys, OTR keys etc

They seized most of our electronical storage equipment (disks, laptops, PCs, GnuPG Smartcards/Yubikeys), but it is safe to assume that they will not be able to break the encryption (or the smartcards). They also took our mobile phones, but even if they were to break into them, no login data or anything else affecting our infrastructure or communications is stored on those phones.

We nevertheless revoked our shared contact PGP key, and will replace more and more keys and passphrases over time. Our new key is 0x74A312092938F2F0, signed by our previous key.

So, what is affected?

Apart from encrypted media, they had the legal right to seize documents related to our Riseup bank account starting from January 2018. They also went and got those from our bank, the GLS Gemeinschaftsbank. However, we have to keep records and receipts of all expenditures for tax reasons. These documents were “safely” kept in a secure fire-proof safe.

Despite our protests, they additionally seized all printed documents relating to our own and partner projects since the inception of the association in 2011.

This includes highly sensitive personal data of donors, identities of activists that received reimbursements or payments, and a list of our members.

If you have ever donated to Torservers, or Tails or Riseup via a European bank transaction, your data is very likely now in the hands of the German police. (IBAN account number, name of account holder, amount and date)

We did everything in our power to avoid a data breach like this, and are now doing everything we can to fight it:

  1. Our lawyers kindly asked for our equipment back. Most of the equipment does not belong to Zwiebelfreunde, and some of it is not even ours. They refused. We are now going to court over this.

  2. The warrant lists specific items. This was not respected.

  3. We argue that even the original warrants and seizures were clear overreach, and that this was used as an excuse to get access to member data and donor data. We have nothing to do with Riseup’s infrastructure. During the raids, the police forces clearly gave the impression that they knew we had nothing to do with either Riseup or the “ruckus tourist” blog. None of us had even heard of that blog before!

We are grateful for the quick and unbureaucratic financial support by Renewable Freedom Foundation, the logistical support of the Chaos Computer Club, and all the kind offers of help by various communities. Thank you!

If you’re not afraid to donate to accounts that are probably being monitored, you can still do so, at https://www.torservers.net/donate.html.

Press Coverage