Legal Advice needed: U.K. company supplying spyware to Egyptian State Security

[teqniq]

This is a direct C&P from my post on the Egypt thread, I'm hoping some of the legal types who frequent Urban may be able to give some insight/advice:

The lastest can of worms to be unearthed from State Security is an apparent purchase of a malware/trojan/spyware suite from a British subsidiary of a German company. Here are the relevant tweets and links:

MarcosPMendonca Angus Weimar
by moftasa@
@moftasa if software company has offices in Germany they'r liable there, criminal&civil suit can b pursued by those with a legit interest!
1 hour ago Favorite Retweet Reply

moftasa Mostafa Hussein
The Munich prosecutor is reviewing a criminal investigation against the company Gamma #finfisher http://is.gd/Z4lTBY (Article in German)
1 hour ago

PugOwned Tara
by moftasa@
@moftasa This may cover it http://en.wikipedia.org/wiki/Computer_Misuse_Act
1 hour ago

moftasa Mostafa Hussein
German article saying that the sale of Trojan software is illegal in Germany http://is.gd/LGrQEI (article in German)
1 hour ago

SazzleUk Sara D
by moftasa@
@moftasa software probably not illegal, malicious use of the information gathered probably is. The Data Protection Act http://twe.ly/6ngb
1 hour ago

MagButter Maged Butter
by moftasa@
@moftasa Developing the Trojan is not illegal, selling the Trojan is not illegal, but using the Trojan is. Mikko Hypponen SecurityResearcher
1 hour ago

moftasa Mostafa Hussein
Does anyone know if it's illegal to for UK companies to sell malware/spyware/trojan software? If so under which law?
1 hour ago

moftasa Mostafa Hussein
German GAMMA group that sell Finfisher software responded by saying it's the 'legally independent' branch in the UK that made the offer.
1 hour ago

moftasa Mostafa Hussein
It's illegal in Germany to sell Trojan software under section 202c of their criminal code. Company that offered spy software to Egypt SS ..

here's an article from F-secure:

FinFisher seems to be an Intrusion and Spying software framework, developed and sold by a German company. It seems to include multiple components, including an "infection proxy" and various intrusion tools.

We don't know if Egypt State Security purchased the tool or not. We don't know if they were using it to spy on their own citizens. We don't know who else could be using it.

The obvious question here is: do we detect FinFisher? And the answer is: we don't know, as we don't have a sample at hand we could use to confirm this.

The obvious follow-up question is: if somebody gets us a known copy of FinFisher, would we knowingly add detection for it? And the answer is: yes we would.....

http://www.f-secure.com/weblog/archives/00002114.html

Tweeps are asking for legal advice about this, particularly concerning U.K. law; now maybe the Data Protection Act covers this but I am no more than an amateur and I know there's a few clever legal types that post on here. If anyone has any idea maybe they could tweet to mostafa directly, but I for one would like to know how the law stands on this.