Verbraucherschutztag-Vortrag

Address to the German Data Protection Conference.

On 03 Jun 2013, F.A.Z. feuilleton publisher Frank Schirrmacher gave a talk titled “Information as a fetish: Consumer protection in the new information economy” at Germany’s national Data Protection Conference. Some of his thoughts:

“Data protection in the information economy will become a job that is very politically important. It will have… to develop into an instrument that secures freedom.”

“It’s become normal for us, we journalists and you [data protection officers] too, some of you, to talk about spying. About spying on people in every possible way in the internet. About tracking, about data hunters and data kraken. It’s no accident that we use all this vocabulary from intelligence services and spy agencies. In this sense, data protection must be intelligent counter-intelligence. It must disclose the operational and systemic rationality of the algorithms, so people can understand at all what texts are being written elsewhere about their lives and what conclusions can be drawn from those texts. … We must thus end a kind of illiteracy about these matters.”

He said today’s situation isn’t Orwellian because Orwell described an open suppression system. It’s more Brave New World: “In Orwell they burned books; in Brave New World books just aren’t read.”

“Data protection in our world’s future will have the actual task of becoming personality protection. The inviolability of the person, which all of us believe in as a basic principle, presents completely new challenges in a digital age. To quote again from Eric Schmidt’s book, and he is entirely right about this, when he writes, ‘Identity,’ in other words personality, ‘will be the most important raw material for burghers of the future, and identity will primarily exist online.'”

“Consumers don’t just buy a product. …They are actually becoming products. …They are read when they buy things, they are read when they move around, they are even read when they are reading, paying, even thinking as we now know. …In the age of ‘big data’ everything has the potential to be a market, including politics and social life. When even the most private acts, as is possible today, make people into market participants, such as reading an ebook, then conversely it’s clear that even the most private space can become the object of market research, and increasingly at a stage before the consumer is aware of it.”

He said we can’t go back to analog. We can’t switch the tracking off either. Even if we manage to not be recorded by our own devices, other people’s devices are recording us. Also, some companies keep lists of everyone who chooses to opt out.

The question of anonymity is in many cases already over because of the patterns that can be spotted now (last year): so many behaviors can be a fingerprint or a voice print. Consumers must learn what patterns of theirs are being read.

Proposals:

  • “The question of how to handle data I think must be anchored in our society as firmly as the status of a physician’s confidentiality and responsibility. We know that a huge number of people are being educated for big data, who will evaluate these data for companies. On the whole, we need in our society an awareness that these data are a judgment about personality. Whether a consumer will get a loan, has a future at his job, etc.”
  • “We need what the Americans call ‘external algorithmicians.’ Meaning, we can’t all understand what’s going on there. So, as was the case for nuclear power for example, scientists will have to verify, from the other side so to speak, what’s working and what isn’t working. Or Stiftung Warentest, the consumer testing magazines, who use their fantastic technical expertise in counter-intelligence, so to speak. That’s what I mean by counter-intelligence: countercheck how a system is functioning. And we need this for algorithms too. We will need people who are capable, if it’s possible at all, of decoding these algorithms and then telling people, okay. If you just spent ten days messing around on Facebook, you can assume that this and this are now known about you.”
  • “Finally, at the European level: We are all seeking a vision for Europe. We can see that in the information economy, together with globalization, two supersystems are arising. Of course the U.S.A. on the one hand, and the second one is Asia, especially China. Europe is looking so hard for its own task, vision and identity. We have a different history, after all. Admirers of Silicon Valley should always be told that it was subsidized by the state for decades. Into the 1980’s. Silicon Valley did not arise from entrepreneurship alone. In that sense, one should ask whether we want to continue to make ourselves dependent on systems that exclusively come from the U.S.A., or whether we in Europe might not also want to use government subventions… whether we might not want, as some other countries are doing, to build up our own search engine, our own social networks, which would have the advantage that they could be new designs.”

 

(Fair BROW chh ah shoo uts tah chh   FORE trah chh.)

G10-Kommission

A Bundestag committee whose four members, not mandatorily Bundestag members, are appointed by the Bundestag’s intelligence-agencies-monitoring parlamentarisches Kontrollgremium. The G10 committee monitors compliance with the German constitution’s requirement for individuals’ rights to letter secrecy [Briefgeheimnis], postal secrecy [Postgeheimnis] and telecommunications secrecy [Fernmeldegeheimnis].

The G10 committee supposedly must approve each surveillance or search of German citizens’ phones or computers by Germany’s intelligence agencies, which can only be possible if such surveillance is done on a very small scale. In July 2013, Spiegel-Online wrote that only 156 surveillance actions were approved by the G10 committee in 2011. And that the foreign intelligence service BND is permitted to ask for broadly-defined surveillance that is not however allowed to exceed 20% of the information out there and usually supposedly hovers at only 5%.

(Gay TSAYN comb eess y own.)

SFÜ

Strategische Fernmeldeüberwachung, “strategic telecommunications monitoring,” what Germany’s foreign intelligence service is calling its dragnet surveillance of international telecommunications transmissions. Süddeutsche Zeitung noted that Germany’s “G10 law” prevents the BND from accessing more than 20% of communications data traveling outside Germany’s borders, but even the BND does not verify the BND’s compliance with that limit.

Schlichtungsstelle für Suchmaschinen

Mediation board for search engines.

Since the European Court of Justice’s recent decision that Google (and all search engines) must delete on request links to pages that E.U. burghers feel violate their personality rights, thousands of deletion requests have been sent to the company.

Germany’s coalition government announced they want a board to be created to help search engines process these requests so the search engines are not the sole deciders. They said they want clear rules about how these requests are evaluated. Clear credible rules for how the “forget” requests are handled are also necessary: in the U.S.’s data protectionless jungle, companies frequently respond to consumers’ requests to forget or correct information with demands for more information, all of which is certainly not deleted. Who will be allowed access to the forget requests? Who can make copies of them, and how secure are the copies?

Germany’s data protection officers have demanded they have a significant role in the evaluation of the link deletion requests.

Update on 30 May 2014: Germany’s data protection officers have criticized that the “forget” request page Google has provided requires a scan of the requestor’s passport or other photo identification. Hamburg state data protection officer Johannes Caspar, who deals with Google questions, said that the automatic saving of personal ID’s by non-public entities was illegal and must be changed immediately. Google promptly changed the wording on the online submission form to “Please attach a legible copy of a document that identifies you.”

(SHLIH chh toongs SHTELL ah   fir   ZOO chh mosh ee nen.)

Big-Brother-Awards 2014

The Verein Digitalcourage has announced its 2014 Big Brother awards for the best violations of consumer data protection in the past year. The association posted English translations of each award announcement online, which is awesome.

Politics category
“The German BigBrotherAward in the Politics Category goes to the Federal Chancellery (Bundeskanzleramt) for their involvement in the NSA surveillance scandal and for their lack of defensive and protective action. One of the Chancellery’s roles is top-level supervision over the foreign agency, Federal Intelligence Service (Bundesnachrichtendienst, BND) and over the three federal secret services’ cooperations between each other and with other agencies in Germany and abroad. German secret services work closely with the US intelligence agency NSA, whose actions have violated international and human rights law, and with other secret services. The Federal Intelligence Service and their interior counterpart, the Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz), have participated with NSA surveillance measures, spying programmes and infrastructures. German governments, past and present, have failed to defend against crimes and violations of civil rights linked to mass eavesdropping and digital espionage. They have recklessly neglected to protect German citizens and companies subjected to industrial espionage from further hostile attacks.”

Transportation
“The Big Brother Award 2014 in the category Economy goes to MeinFernbus GmbH (approx.: My Long-Distance Bus, Ltd.) for obliging passengers to always show an official ID along with the travel ticket they booked online. This makes anonymous bus journeys impossible. MeinFernbus GmbH does not give any legal or other reasons why producing an ID should be necessary. There is the option to try buying a ticket in cash when boarding, but this entails the risk that the bus is fully booked and one cannot travel. Additionally, buying tickets on board is more expensive than booking them in advance via the Internet.”

Technology
“The BigBrotherAward in the ‘Technology’ category goes to the ‘Spies in our Cars’, which look over our shoulders wherever we drive, collecting data, and sometimes even uploading it to the ‘cloud’. It is difficult to name a culprit: car manufacturers cite legal requirements on the one hand, and on the other hand they point to third-party providers that offer services such as localisation and navigation to the driver. This BigBrotherAward also looks to the future: the planned European distress call system ‘e-Call’ will have to prove in practice that it really has been implemented in a way that respects privacy.”

Business
“The BigBrotherAward 2014 in the ‘Business’ Category goes to CSC Corp. (Computer Sciences Corporation). The company is currently working on commissions by 10 Federal German Ministries on security-related projects, such as the electronic identity card, the De-Mail project for exchanging legal electronic documents, and the nation-wide firearms registry. At the same time, the parent company functions as the external IT department of US secret services, and it has organised rendition flights to torture prisons for the CIA.”

Consumer protection
“The South Korean electronics manufacturer LG receives the Big Brother Award in the Consumer Protection category because the ‘smart’ TV sets they sell transmitted detailed information about what people were watching to the firm’s HQ in South Korea, via the Internet. With the help of such information, so-called metadata, one can find out the most intimate details about individual people. The LG devices thus invaded the private lives of unsuspecting people.”

The world of work
And the winner is: the utility RWE, for using surveillance software to measure the performance of its subcontractors’ call center employees. “This software can, without the employees’ knowledge, do complete, continuous recording of phone calls and onscreen actions.” [Spiegel.de]

Neowordisms prize: “Metadata”

Blame category honorable mentions
Honorable mentions in the blame category go to: Debeka; Contipark; the Wiesbaden spa’s parking garage operator/s [?]; church tax [on? to? into?] flat-rate withholding tax [?]; WhatsApp; Talents4Good; and recordings of phone conversations and the public perception thereof.

Julia and Winston Award (the Positive Prize)
“For the first time, we introduce a positive award this year. The ‘Julia and Winston Award’ was named after the ‘rebellious’ main characters in George Orwell’s dystopian novel ‘1984’, from which the ‘Big Brother’ is also taken. The award is to honour persons who have taken an extraordinary stand against surveillance and data collection mania. The award comes with an endowment of one million – not one million Euro, though.

“The award speech for the first Julia and Winston award is held by Heribert Prantl, senior editor and head of the interior politics section of Süddeutsche Zeitung.”

Heribert Prantl’s speech:

“The winner of the first Julia and Winston Award is Edward Snowden.

“In Berlin, the German parliament (Bundestag) has established a committee of inquiry to investigate the NSA scandal. It is strange that the majority of the committee do not want to invite the person who uncovered this scandal. The committe’s CDU/CSU¹ members talk about Snowden as if he had an infectious disease. And there is hardly any objection from SPD members. That is gross ingratitude.

“The man has already said all he has to say, the argument goes; so there is no need to question him again. That is premature consideration of evidence, which is forbidden in all areas of law and in the German parliament as well. Snowden offers critical evidence, as everyone knows. The real reason why nobody wants to invite him is this: Chancellor Angela Merkel fears a peeved and harsh reaction from her hosts during her US visit in May. That is more than just fainthearted. The Chancellor has sworn in her oath of office to protect the German people from harm. Protecting from harm – that entails taking action against the harm inflicted by the NSA. Instead, the German government acts as if that Snowden, not the US, was the injuring party.

“Edward Snowden is an enlightener. He uncovered the global US inquisition and had to take refuge from the Grand Inquisitor. Personally, he has gained no benefits from his whistleblowing, only disadvantages. The only benefit is for the integrity of the rule of law in Western democracies – well, it could be a benefit if those democracies used the scandal as an incentive to reign in their secret services.

“So Snowden is not just an enlightener, he is also a motivator. He deserves better than a shaky and temporary asylum in Russia. The Americans are pursuing him as if he was the reincarnated Bin Laden. But he is just a single refugee, a textbook case of a refugee. So how should, how must Germany act towards Edward Snowden? Most of all, with gratitude! Snowden deserves protection and support. He is a classic case of a refugee.

“We should, indeed we must give Edward Snowden a stable permit of residence in Germany. We should and must offer him safe passage. All this is legally possible. Instead, the politicians of our ‘grand coalition’ act as if the United States’ power were a legislative force. Germany needs enlightenment about the comprehensive US eavesdropping. Enlightenment is the way out of self-inflicted immaturity.

“Snowden’s actions may be punishable in the US, due to violations of US law; but what is truly criminal are the circumstances and the machinations that he is denouncing. Snowden has acted against US secrecy regulations. Does that make him a traitor? No. The people who call him a traitor have betrayed basic rights themselves. Snowden has given emergency aid to the democratic state under the rule of law.

“His actions deserve recognition from the judiciary and the state, in Germany as well as the United States. He has kickstarted a debate that will hopefully lead to the democratic state protecting itself from the threat constituted by the NSA attacks. He may not really need a German medal; that would not sustain him. But he needs protection and support.

“‘Unhappy the land that has no heroes!’ says Galileo’s scholar Andrea Sarti in Bertolt Brecht’s play. So America can consider itself lucky to have someone like Snowden. But Galilei’s response to Sarti is this: ‘No. Unhappy the land that needs a hero’. That is true as well.

“Snowden is a symbol for courageous resistance by an individual against a powerful state system. He is a tiny David that stood up against a super Goliath. Snowden has resisted, and he continues to do so until today.

“Resistance is a word that people associate with rebellion against a dictatorial regime. But resistance is also a necessity in a democracy, even under the rule of law. Resistance only has a different name in a democracy: it is called dissent, civil courage, standing upright – or simply, Edward Snowden.

“If dissent is penalised: dissidents hazard the consequences. They do so to instigate change, to eliminate deficits and injustice. Arthur Kaufmann, the late Philosopher of Law, once called resistance in a democracy ‘the small resistance’. This small resistance had to be offered ‘to make the large resistance unnecessary’. But sometimes this so-called small resistance is in fact a very large one. That is the case with Edward Snowden. His resistance fully involves the physical and psychological existence.

“Thank you, Edward Snowden.”

“¹ The CDU and CSU (Christian Democratic Union and Christian Social Union) are Germany’s major conservative parties. They are ‘sister’ parties, with the CSU operating in the Federal State of Bavaria and the CDU in the other 15 Federal States.”

(Beak   BRUZZ ah   ah vorts   tsvoat ow! zanned FIAT seine.)

“Wer Grundrechte einschränkt, ist beweispflichtig.”

“Anyone limiting fundamental rights must provide proof.”

From former federal data protection officer Peter Schaar’s blog post just before the European Court of Justice announced its groundbreaking, wonderful and “remarkably clear” decision on 08 Apr 2014 overturning mandatory dragnet data surveillance because it violates fundamental human rights [Grundrechte].

“Anyone limiting fundamental rights must provide proof. They must provide evidence that the limitations to personal freedom are necessary in the predominant interest of the general public—that’s what our constitution requires. This principle also applies in the European Union, at the latest since 2009 when the E.U. Charter of Fundamental Rights became enforceable law of the Member States with the Treaty of Lisbon. This guideline’s origins go back before Lisbon. In December 2013, the attorney general at the European Court of Justice said in his vote that he was of the opinion that the guideline violated the protection of the private sphere guaranteed in Article 8 of the Charter of Fundamental Rights.

“The authors and proponents of the mandatory retention of communications traffic data [Vorratsdatenspeicherung] have not yet provided proof of the necessity and efficacy, to this day. But surely it would have been easy for them to provide the evidence, after eight years—if their arguments were accurate ones. It ought to have been easy to show that law enforcement had been harmed by the German Constitutional Court’s finding in 2010 that the Vorratsdatenspeicherung law was unconstitutional. Did conviction rates fall in Germany? Is Germany worse off than its neighbors who implemented Vorratsdatenspeicherung? No. Furthermore, neither the governments of the Member States nor the European Commission were able to provide conclusive proof in any other way for the necessity of Vorratsdatenspeicherung.”

(Vair   GROONED rechh tah   eye n shrenked,   issed   bev ICE flichh tichh.)

NSA-Untersuchungsausschuss

N.S.A. investigative committee of the Bundestag, which began meeting on 03 Apr 2014.

The committee’s chair is Clemens Binninger (C.D.U.), a former policeman.

It is tasking itself with investigating the involvement of German police and intelligence agencies—domestic, foreign and military—in the massive spying on people and companies that is now known to have been done by the U.S. and U.K. governments and their contractors.

Also it will now be investigating Germany’s culpability in the U.S.’s drone wars. Since the Süddeutsche Zeitung, Norddeutscher Rundfunk (NDR) and Westdeutscher Rundfunk (WDR) reported that the U.S. is using its Ramstein airbase inside Germany to support drone attacks in Somalia, Yemen and Pakistan, violating international law while killing hundreds of civilians, Germany’s government (C.D.U./C.S.U. + S.P.D.) can no longer pretend they don’t know this is happening.

The committee repeated that they would like Edward Snowden and other informed whistleblowers to give statements and answer questions for these Bundestag inquiries. Journalists repeated that the whole world will be watching this inquiry to see what the committee discovers and which stones they leave unturned.

Update on 09 Apr 2014: Clemens Binninger stepped down as chair of the N.S.A. investigative committee after only six days. He said he was resigning from the position because he felt people from the opposition parties were too interested in hearing from N.S.A. whistleblower Edward Snowden.

Update on 10 Jul 2014: A Spiegel article about Germans’ angry responses to spying by the U.S. mentioned that Clemens Binninger is chairing the Parlamentarisches Kontrollgremium, the secret Bundestag committee supposed to monitor Germany’s intelligence agencies.

(Enn ess ah   oon tah ZOO chh oongs OW! ss shoes.)

Kanzleramtschef, ChefBK, Kanzleramtsminister

“Chief of the chancellory,” Angela Merkel’s chief of staff, whose duties include coordinating and controlling/monitoring Germany’s secret services as the boss of the federal government’s intelligence agencies officer [of the person with the job title Beauftragter der Bundesregierung für die Nachrichtendienste].

Update on 25 Jul 2013: After Bundeskanzleramtschef Ronald Pofalla testified secretly before the Parlamentarisches Kontrollgremium, the parliamentary committee that is pro forma in charge of Germany’s intelligence services, he made a statement to the press saying absolutely everything done so far by Germany’s spy agencies had been legit and in compliance with German law. Also that German data protection law had not been reinterpreted. Supervisory committee members from opposition parties (parties that were in the ruling coalition when the information exchange began between German and U.S. intelligence agencies, as far as we know so far) gave counterstatements to the press indicating they were not satisfied with Mr. Pofalla’s responses to their catalog of questions about the U.S.A.’s Prism program.

Amusingly, artists at one news show edited Mr. Pofalla’s sound bite into their report to begin just he was saying “This statement is clearly false…”

(KANT’s lah omts chef,   CHEF bay kah,   KANT’s lah omts minn iss tah.)

Handschrift des Arztes muss lesbar sein

“Physicians’ handwriting must be legible” in patients’ medical records according to the current version of Germany’s patients’ rights law, passed last year.

Frank Leopold, head of a Verein that advocates for medical patients, told Spiegel.de some other salient aspects of the patients’ rights law [German Civil Code, §630a et seqq.]:

Upon request, patients must be given access to view their full medical records, unless it could harm them or endanger the rights of third parties. If the patient so desires, this access must be granted directly after treatment, “without delay” [unverzüglich]. If physicians use the “harm” reason as grounds to refuse patients access to their full medical records, an appropriate diagnosis must have been made.

Patients have the right to get copies of their medical records, though the patient must pay for the copies.

Everything in a patient’s medical record must be left there. Any corrections and changes must be made so that the original content is still apparent, and must be signed and dated by the physician.

Software that keeps medical records must meet the same requirements. All changes and original content must remain apparent.

Handwriting in medical records must be legible, even physicians’ handwriting.

Mr. Leopold was skeptical about preventing manipulation to electronic records, but said he didn’t know enough about the software to comment.

He said it’s important to talk about this in public fora, because it’s important for patients and physicians to know patients’ current rights, to prevent confusion.

(HONNED shrift   dess   OTTS tess   moose   LAZE bah   z eye n.)

Doktrin der Dritte

“Third-party doctrine.”

An interesting loophole in the few privacy protections U.S. Americans and their customers think they have. Any information you have deliberately shared with a company is no longer protected against “unwarranted search and seizure” by the U.S. government. Does this also apply to information you have inadvertently shared with a company?

(DOCKED rin   dared   RITT ah.)

Bildungsbroker-Blödsinn

Education broker balderdash.

A British charity called the Universities and Colleges Admissions Service (Ucas.com) which “controls admissions to U.K. universities,” charging fees of ~£23 per student to help >700,000 students sign up for university courses in the U.K. each year, has been selling marketers the data of those students and the data of ~15,000 of their parents and the data of younger children aged 13 to 16 who sign up for courses via another program they offer.

The charity has a “commercial arm” that apparently made £12 million in 2013 from selling the students’ information, to customers such as mobile phone companies, a large software company and a beverages company. The charity’s spokesperson told reporters they are “strictly legal,” selling children’s data within the requirements of British law.

The level of civilization this implies is lower than expected.

Achtung: an analyst said the sort of “carefully selected third parties” checkbox Ucas used “is usually preceded by a triple negative question so you don’t know if ticking the box gets you more mail or less.” In the case of Ucas, students didn’t dare opt out of sharing their contact data for fear of not receiving college offers.

(BILL doongz broke ah   BLID zinn.)

Patienteninformation & Patienteneinwilligung

“Patient information form and patient consent form,” often translated into English as “informed consent” which sounds like a single document rather than the German pair of patient information materials + patient’s consent statement [Einwilligungserklärung].

Medical ethics require patients agreeing to participate in pharmaceutical testing to be adequately informed about the drug or device trial and associated risks and benefits, and then to give their written consent to participate in the trial so described. Translators of these forms must take extra pains to render them in clear language because the people reading them might not be in the best of health.

As recovering law student and standup comedian Susan Calman said, “there’s no consent without informed consent!”

General practitioners in the U.K. are concerned, she said, that people there have not been sufficiently informed about the National Health Service’s plans to put physicians’ records and hospitals’ records on a “superserver,” central database, to which more than just health professionals will have access. The patient data will be at least partially anonymized, proponents said. It’s unclear what the rules will be for selling or sharing patients’ data with third parties.

People not worried about data privacy might nevertheless be concerned about any unclarity in David Cameron’s government’s communications about how it will share or not share the U.K.’s digitized medical records because his coalition’s recent privatization projects have been accused of selling at too-low prices. Protection adequacy is also in question now since the Snowden revelations.

Update on 24 Feb 2014: Despite reassurances from the British agency currently in charge of patient medical records in the U.K., the Health and Social Care Information Centre, that “data held in the new giant database would never be used for insurance purposes, stating that any such actions would represent a criminal offence,” the Telegraph.co.uk has discovered that David Cameron’s government already sold the N.H.S. medical records, to an actuarial firm that advises “insurers and actuaries on how to ‘refine’ critical illness cover,” in 2012, for two thousand pounds.

The contract to extract and anonymize patient data from individual physicians’ office records for the new central database has been awarded to a company called Atos. Atos has asked for early release from its previous government contract because of death threats to its employees.

Update on 03 Mar 2014, from the Guardian:

“A prominent Tory MP on the powerful health select committee has questioned how the entire NHS hospital patient database for England was handed over to management consultants who uploaded it to Google servers based outside the UK.”

This database contained H.E.S., hospital episode statistics, and these management consultants called themselves PA Consulting. In addition to Google, anyone tapping communications lines leading to Google, actuaries and consultants, N.H.S. patient records might have already been obtained by or available to “pharmaceutical firms, government departments [including police] and private health providers.”

(Pot YENT en in foh mah tsee own   oont   pot YENT en eye n vill ee goong.)

Verbandsklagerecht der Verbraucherschutzorganisationen

Right for an association to file suit, for consumer protection organizations.

The new justice minister and consumer protection boss, Heiko Maas (S.P.D.), said he is thinking about making it possible for consumer protection organizations to file lawsuits on behalf of consumers in response to data protection violations.

Currently, consumer protection organizations in Germany can only file data protection lawsuits if a company’s terms and conditions contain data protection violations. Mr. Maas wants to have draft legislation “closing this loophole” ready by the end of April 2014.

The Spiegel.de article continued,

Maas and Germany’s data protection officer Andrea Voßhoff [(C.D.U.)] furthermore admonished companies to treat their customers’ privacy with more respect. Customers’ trust is, in the end, the fundamental basis of all business models in the internet, they said. Instead of pages and pages of terms and conditions, what [customers] need is true freedom of choice when it comes to what’s allowed to happen to their own data, said Maas. “If some providers want to stubbornly persist in the digital Flegeljahren [boor, churl, cub, lout years, meaning teenagers], if they disesteem/disregard/disdain/ignore/flout/violate their customers, and if they refuse transparency, then the state will have to intervene regulatorily to protect users.”

(Fair BOND sklah geh rechh t   dare   fair BROW chh ah SHƏTS oregon ee zot see OWN en.)

Doch drohnenfähige Handydaten!

Cell phone data are droneable after all!

Last summer Germany’s foreign intelligence service, the Bundesnachrichtendienst or BND, admitted they’d been sharing phone data with U.S. intelligence agencies for years but said it was okay because cell phone data couldn’t be used to locate people and something about the N.S.A. promised not to use German-supplied phone data to kill anyone. Regarding the first claim, whistleblowers from U.S. drone programs have now explained to reporters how phone data were used for targeting assassinations around the world.

One whistleblower, describing countermeasures persons of interest have taken to keep using phones while evading geolocation and how these countermeasures can deliberately or accidentally increase the drone strikes’ already terrible civilian casualties, called the U.S. drone programs “little more than death by unreliable metadata.”

Details from the article and online discussions included:
“Pods” on U.S. drones (and presumably on urban utility poles because this might be what police have been quietly installing in U.S. cities using Dept. of Homeland Security funds) can spoof cell phones into providing data and can vacuum information off wifi networks from altitudes of four miles. Telecommunications standards in some “countries of interest” make it possible for many users there to share data the U.S. uses to identify targets’ cell phones. Wireless “party lines” quietly shared by pools of low-income civilians increase the chances that countries indulging in drone assassinations will accidentally kill party line participants and their families and neighbors, or be tricked into killing their enemies’ enemies, such as by firing missiles at wedding parties or legislatures after someone hides a cheap phone there.

(Daw chh   drone nen fey igga   HEN dee dotten.)

Deutscher Verkehrsgerichtstag

“German Traffic Court Day,” a misleading calque. This is apparently a fruitful annual meeting of traffic experts, from government and academia, organized by an e.V. association.

This year’s topics included “Data Protection in Cars.” The president of the host association called for regulation of information protection in automobiles, saying modern cars contain up to 80 devices that record data, such as navigation systems and even airbags. He said at the moment it’s not clear whether these collected data belong to the car manufacturers or the drivers.

Cars with airbags, for example, collect information about how fast we’re driving and whether we’re alone. Onboard sensors record whether passengers are wearing a seatbelt. Courts are already hiring I.T. experts to read cars and car toys to determine whether drivers are telling the truth in hit-and-run cases. In leased electric vehicles, companies can remotely shut down the battery if payments are in arrears. A luxury S.U.V. in Cologne managed to trap an alleged car thief inside until police arrived, even though he tried to kick out doors and windows. Customers already using products that reroute them around Germany’s ubiquitous traffic jams by constantly pinging their cars’ locations can have their data unethically used for marketing and other purposes if no legislation controlling this is crafted.

In 2015 all new cars in Germany are scheduled to be equipped with “eCall,” a 911-type emergency services function that will automatically call for help after the car is in an accident but that can also be used to locate any one of these cars at any time. An E.U. press release about eCall said the system doesn’t transmit data about its users because it is usually “sleeping.”

(Doytcha   fair CARES g’RICHHTS tochh.)

Aus die Maus

A cheerful way to say “off,” a status that may have become quantum in home computing.

Off means off, and offline means offline, except in your computers and similar devices since at least as far back as 2008.

(Ow! ss   dee   mouse.)

Fehlbesatzung

Giving the wrong candidate the job.

Leftists party members (~10% of the Bundestag) tried and failed to delay the 19 Dec 2013 vote that confirmed Andrea Voßhoff (C.D.U.) as Germany’s new national data protection officer, replacing Peter Schaar (Green party?). The position is supposed to be party-neutral and is currently bossed by the interior minister (Thomas de Maizière, C.D.U.).

Jan Korte (Leftists) said because Andrea Voßhoff voted to support Vorratsdatenspeicherung, online searches—apparently meaning police searches of people’s tech—and expanding the powers of Germany’s intelligence agencies, she probably was not the best choice to become the country’s top advocate for protecting burghers’ data privacy.

A speaker for the Green party (~9% of the Bundestag) said they too are worried about Ms. Voßhoff as the national data protection officer, but recent revelations about mass electronic spying by e.g. the N.S.A. have shown the whole world how important these rights are. Even an enemy of these rights would now have to support reforms increasing protections of these rights, the Green party member said. Right?

(FAIL bezz ZOTS oong.)

Internet-Ausschuss im Bundestag

Happy holidays! The Bundestag announced plans to create its own standing internet committee [ständiger Internet-Ausschuss], responsible for online issues. Though not entirely neglected, the interface between citizens and computers is not fully covered in Germany either. The Greens traditionally disliked technology, the Pirate party was trying to fix that lacuna but now seems possibly unterwandert by the German military (what was a Defense Department employee doing as party chair, one asks oneself now, post-Snowden). The new coalition has divided up online issues among a Wirrwarr of multiple ministers, some of whom oppose digital consumer protections such as network neutrality or individuals’ data privacy yet are now the designated advocates for them.

The press learned about the new Bundestag committee’s creation from Twitter.

Topics to be handled by the parliamentary committee include the expansion of broadband infrastructure, copyrights, data security.

Update on 13 Feb 2014: The Bundestag created its internet committee! It’s called Digital Agenda (dee ghee TALL   awg EN dah).

(INN tah net   OW! ss shoes   imm   BOON dess tochh.)

College Bescherming Persoonsgegevens

Dutch for “Data Protection Authority,” a government office in Holland.

Google has been invited to testify at a data protection hearing in Holland. Süddeutsche.de ‘s 29 Nov 2013 article said the head of Holland’s data protection office said, “Google is spinning an invisible network out of our personal data without our permission, and there’s laws against that.”

Update on 15 Dec 2013: Google said U.K. privacy complaint plaintiffs should sue the company in California courts. The U.K. plaintiffs wanted to sue the company for secretly tracking their internet browsing “by circumventing privacy settings” in Apple’s Safari web browser on different devices. The Guardian.co.uk said the company’s lawyers were expected to argue in court on Monday, 16 Dec 2013, that a similar privacy complaint had recently been dismissed from a U.S. court “and that no European regulators are currently investigating this issue.”

Spiegel.de said Google has already had to pay two fines for this privacy practice in the U.S.: $22.5 million to the F.T.C. in August 2012 for tricking Safari into accepting cookies on various devices even when the consumer had set tracking to “off” and again $17 million in a Nov 2013 settlement to the attorneys general of ~37 U.S. states for the same issue.

Update on 08 Jan 2014: France’s data protection authority fined Google 150,000 euros, the largest fine C.N.I.L. ever issued, for violating France’s data protection laws. Since 2012, Süddeutsche.de explained, Google has been able to create search-based profiles for users of its search engine, YouTube, Gmail, Google+ and other enterprises and that enable sending targeted ads to consumers. France told Google to inform French users about how the company was handling their data and to obtain their consent before putting cookies on their computers that would track their online behavior. Google did not comply.

Update on 14 Dec 2013: Canada’s antitrust Competition Bureau is investigating Google’s business practices, to see “whether Google is abusing its dominance of the Internet search market to stifle competition and drive up digital advertising prices.”

Apparently authorities in Spain, Italy and France were also examining Google’s business practices, according to the Süddeutsche.de article.

Detekteien

Private detective agencies. A Spiegel.de article dated 2008 said this was an unregulated and unsupervised but burgeoning security industry in Germany, sometimes employing former Stasi cooperators. The authors estimated there were ~1500 private detective companies in Germany in 2008 and about a dozen key world players, including the New York-based Kroll and London-based Control Risks. Many of these companies earned game-changing amounts of money in Iraq after the second U.S. invasion. They could be hired via law firms protected by attorney-client privilege, and subcontract jobs to other firms, obscuring cause-and-effect. A new C.E.O. of Control Risks said they were also hiring journalists to spy on other journalists.

A Detektei called Network Deutschland was “involved” in the German rail company Deutsche Bahn’s data privacy scandal when it was caught spying on its employees in 2009, leading to the retirement of C.E.O. Hartmut Mehdorn. Network Deutschland was also involved in the former-monopoly phone company Deutsche Telekom’s so-called “Telekom data scandal,” which is confusing but included T-mobile’s years of archiving communications data of members of its own supervisory boards, such as the head of the German trade union association Deutsche Gewerkschaftsbund. T-mobile was especially interested in any phone interactions with journalists. Deutsche Telekom was also accused of using private detectives to spy on journalists in other ways.

The 2013 Snowden revelations might provide some insight into the means private detective companies could have used to access these communications and banking data. Online ads and tech articles seem to be indicating that powerful N.S.A.-type tools are now trickling down into the regular economy, being sold to smaller and smaller entities.

N.B.: How early did the notoriously technophilic and well-funded U.S. National Football League know about some of these capabilities?

An English-language Spiegel.de article dated 2008 speculated about the separate huge data hoards controlled by the national rail (Deutsche Bahn), national airline (Lufthansa), post office (Deutsche Post) and phone company (Deutsche Telekom), all companies found to have made questionable investigations and hired detective agencies. The magazine couldn’t show that they had combined their data in 2008 though; they also only connected up e.g. that Deutsche Bahn and Deutsche Telekom hired the same detective agency but Lufthansa and (Telekom?) investigated the same journalist (Tasso Enzweiler from Financial Times Deutschland, which folded in 2012). The Spiegel article wanted to but could not show that the four big corporations also investigated each other, but it reminded us they were well positioned to investigate each other and anyone else in Germany. The Spiegel.de article didn’t want to feed conspiracy theorists but hoped the German government wasn’t asking these companies for access to their sensitive customer data. All four used to be state-owned and the German government still held large stakes in Deutsche Bahn and Deutsche Telekom.

(Day tect EYE en.)

L.K.W.-Maut

Truck toll.

Germany has a relatively new national toll on trucks. On 06 Nov 2013 it became known that interior minister Hans-Peter Friedrich (C.S.U.) had wanted to use data collected during the collection of that toll “to fight crime” but has supposedly been stopped from doing so.

Wikipedia said the toll was introduced in 2005 and is collected automatically by Toll Collect using G.S.M. and G.P.S. and on-board units on registered trucks or by toll tickets sold by off-ramp terminals.

(LOST croft VOG en   m OW! T.)

Null Null Sieben

The 007 license plate of the car that dropped off Chancellor Merkel at the E.U. summit on 24 Oct 2013 in Brussels, where the hot unofficial topic was outrage at revelations about U.S. spying on the German chancellor’s cell phone and in previously-unknown but huge volumes in France. Possibly also Italy, including the Vatican. And now Spain.

“Spying on your friends is not okay.” —Angela Merkel (C.D.U.)

“That would represent an entirely new quality, and cast a new light on all statements made by the N.S.A. in the past few months.” —Ronald Pofalla (C.D.U.), who as Kanzleramtschef, the chancellor’s chief of staff, is responsible for coordinating and monitoring Germany’s intelligence agencies. He had declared the scandal over last summer in response to assurances from the U.S.A.

“We will not allow ourselves to be treated like that by the Americans. The trust has been harmed. I think a few things have to happen now before this trust can be restored.” —Hans-Peter Friedrich (C.S.U.), interior minister

“The Americans are not fully aware of the situation. And then you’re told things like, ‘but everyone spies on everybody.’ And that’s where you have to say loudly and clearly: that is not okay. Friends are not allowed to eavesdrop on friends. And how would people react in America—this is what we’re saying on our visit here, how we’re describing it—if the Bundesnachrichtendienst were to spy on the U.S. president.” —Elmar Brok (C.D.U.), chair of the European Parliament committee for Foreign Affairs, currently visiting Washington D.C. to complain

“The chancellor’s cell phone is important, but the private and business communications of normal burghers is just as important. We will stand up for the protection of the basic rights of German citizens[…]” —Thomas Oppermann (S.P.D.), chair of the Bundestag’s Parlamentarisches Kontrollgremium intelligence committee that is tasked with but not always successful at monitoring and controlling Germany’s intelligence agencies. Mr. Oppermann may be hoping to become the new Justice Minister, replacing Sabine Leutheusser-Schnarrenberger (F.D.P.).

“What sort of terrorists are they trying to find in the chancellor’s cell phone? This is a really absurd indication that the reasons they’ve told us so far absolutely cannot be true.” —Christian Ströbele (Green Party), member of the Parlamentarisches Kontrollgremium intelligence committee

“It’s good that the clarification of the facts appears to be starting, now, and that at least a healthy distrust vis-à-vis the American intelligence services also appears to be arising, now.”  —Steffen Bockhahn (Leftists), member of the Parlamentarisches Kontrollgremium

“The German government now mistrusts all claims and assurances made by the U.S. government in the entire N.S.A. affair. Now that we know they bugged the chancellor’s cell phone, the U.S. government can no longer sustain its claim from last summer that it did not injure Germany’s interests. It did, and representatives of all parties agree on this, utterly deceive Germany.” —Ulrich Deppendorf, ARD studio head and news editor-in-chief

“I think we should be honest that we have the capacity to obtain information that we didn’t have before. What we need now is the appropriate legislation that ensures we are not seeking or not using the capacity that we have.” —Fredrik Reinfeldt (centrist Moderate Party), Prime Minister of Sweden. (Approximate quote; his original English was drowned out by the German translation.)

“So we have to think about what we need. What data protection agreements do we need, what transparency do we need. We stand between the United States of America and Europe, before shared challenges […]” —Angela Merkel (C.D.U.)

“When I walk into a negotiation and must fear that the other side, a friendly democracy, already knows from espionage what I want to say in that negotiation, that’s no longer eye-to-eye.” —Martin Schulz (S.P.D.), president of the European Parliament

007, might be funny if the matter weren’t so serious. […] But this isn’t just about the chancellor’s cell phone. The much bigger concern is industrial espionage, which could cost European companies billions.” –ARD correspondent Rolf-Dieter Krause

In a wonderful interview given in German on the evening of Oct. 24, E.U. commissioner Viviane Reding said she’d heard that England’s government did not want European data protection but Poland, Italy and France had joined together to fight for it. Also: “Both of us, both the Americans and the Europeans, need this Transatlantic Trade Agreement. But to be able to negotiate an agreement, you need trust. I think this trust is no longer quite as present. That’s why the first thing that must be done is to restore that trust. And then, so that Europe can speak with a single voice, for that you need strong data protection that is Europe-wide. And that has to be the basis from which we can then move into negotiations with the Americans.”

“The whole time, Frau Merkel acted as if the affair was unimportant, as if it wouldn’t impact anyone in a big way. But then when it affects her, she gets upset? When all German burghers were affected, when it was about protecting burghers’ basic rights, she didn’t do anything then.” —Anton Hofreiter (new Green party co-chair)

“It is strange: umpteen million communications from Germans alone are recorded every month by British and U.S. intelligence agencies. With these extraordinary claims from the documents supplied by the ex-N.S.A. man Edward Snowden the snooping story exploded into public view last summer, but left the German government, and one must say most Germans as well, rather strangely unmoved. Then last night a single cell phone was added to the mix—OK, it was the chancellor’s—and suddenly all hell broke loose.” —Claus Kleber, moderator at ZDF heute journal

The new Bundestag scheduled an extraordinary meeting or special session [Sondersitzung] to discuss the N.S.A. spying affair in mid-November. All political parties also agree a parliamentary inquiry [Untersuchungsausschuss] is “unavoidable.” Many parties would like to invite Edward Snowden to testify before the committee, after which he can apply for asylum in Germany.

Update on 28 Oct 2013: On Thursday, Brazil and Germany will introduce a draft United Nations resolution against N.S.A. spying. FAZ.net reported that a large majority was predicted to approve it, and that though United Nations General Assembly resolutions tend to be nonbinding, unlike Security Council resolutions, the fact that Brazil and Germany are behind this and that so many of the 193 member states support it give it extra significance. Brazilian reporter Sonia Bridi from TV Globo said Brazilian President Dilma Rousseff’s government wants the world to make international regulations for internet access and international telecommunications such that no individual state can ever again have access to the world’s key communications hubs or nodes.

Update on 26 Nov 2013: The United Nations Human Rights Committee approved Germany and Brazil’s U.N. resolution against data spying. It will be sent on to the U.N. General Assembly, where the nonbinding resolution is considered certain to pass in December 2013.

“Today, for the first time, a resolution in the United Nations expressly specified that human rights have to be protected online just as much as they must be protected offline.” –Peter Wittig, permanent representative to the U.N. for Germany since 2009

(Newel   newel   ZEEB en.)

Bankendaten-Transfer ausgesetzt

Stopped the transfer of banking data.

On 23 Oct 2013 members of the European Parliament parties the Social Democrats, Greens, Leftists and (libertarianesque) Liberals voted 280 to 254 to stop providing bank transfer data to the U.S. under the S.W.I.F.T. agreement until more is done to fix the U.S.’s disrespect for data protection worldwide. Bank transfers have replaced checking in Europe, and the E.U. had originally, reluctantly, agreed to let the U.S. access bank transfer data in order to help fight terrorism.

Only four E.U. countries, including Five Eyes member Britain, and the German C.D.U./C.S.U. M.E.P.’s remained in favor of the status quo (this was before revelations that the U.S. had bugged the cell phone of Chancellor Merkel (C.D.U.)!). France was leading the protest, especially after articles in Le Monde that week about the vast extent of N.S.A. spying in France, slurfing tens of millions of French phone calls in just one 30-day period. The angry M.E.P.’s wanted the U.S. to, among other things, be honest and precise about what its organizations have been doing. An anonymous committee member was quoted in Spiegel.de as saying they know now that the U.S. does not change anything until after you stand up and say no to them.

The European Parliament decision to stop providing S.W.I.F.T. transfers data still must be approved by 2/3 of the 28 member states. The coalition of proponents doesn’t quite have those numbers yet, but lately U.S. intelligence agencies tend to help their opponents by delivering new outrages rather than, say, providing honest and precise information about what they, the myriad private contractor intelligence companies the U.S. hires, and their public and private partners around the world, have been doing.

Some goals, from the press release for the nonbinding solution:

“Parliament stresses that any data-sharing agreement with the US must be based on a consistent legal data protection framework, offering legally-binding standards on purpose limitation, data minimisation, information, access, correction, erasure and redress.”

Update on 27 Nov 2013: E.U. interior commissioner Cecilia Malmström (Swedish Liberal People’s Party, conservative-liberal, liberal with the non-U.S.A meaning of libertarianesque) announced that the commission was negating the E.U. parliament’s decisions to stop sharing E.U. air passenger data and S.W.I.F.T. bank transfer data with the U.S.A. “to fight terrorism” because, she said they said, there was no evidence the U.S. had violated the agreements. And, the E.U. Commission was also not going to change the toothless self-policing “Safe Harbor” data protection agreement: justice commissioner Viviane Reding has given the U.S. a 13-point data protection homework assignment to implement by summer 2014, after which the E.U. will re-examine torpedoing “Safe Harbor.”

(BONK en dot en   TRONZ fair   OW! z’gez ets t.)

Anti-F.I.S.A.-Klausel

Anti-Foreign Intelligence Surveillance Act clause.

E.U. justice commissioner Viviane Reding has had trouble passing her data protection reform. Years of debates, thousands of amendment proposals, successful lobbying by U.S. companies and successful pressure from U.S. governments. But now everyone’s mad.

On 21 Oct 2013 the European Parliament passed data protection reforms. They updated 18-year-old rules that were obsolete and also loose enough to let the lawscape vary from country to country, enabling internet companies such as Facebook to shop for Member States with laxer data protection laws such as Ireland.

The so-called “anti-F.I.S.A. clause,” which regulates sharing of E.U. burgher data with so-called third-party countries, had actually been politely deleted in response to pressure from the U.S. government and lobbying from large U.S. companies, according to a June 2013 Spiegel.de article. Because everyone’s mad, the responsible “Libe” civil liberties committee put the anti-F.I.S.A. clause back into the proposed reform and it has now been passed by the European Parliament.

Spiegel.de summarized the key points:

  • Sanctions for violating European data protection rules have been “drastically” raised, to up to 5% of a company’s annual worldwide gross. Earlier this year Frau Reding had had to accept a compromise of a 2% maximum fine, but no more!
  • “Privacy by design,” which means, Spiegel.de wrote, “Companies must design their [websites] to be as [data-frugal] as possible, with the most data-protection-friendly default settings. They must also give their users the option of using their services anonymously and pseudonymously.”
  • “Explicit consent” by users to processing and sharing of their data. The explicit consent cannot be given in small print such as an end-user license agreement. Standardized easily recognized symbols must be included in the request for consent. Companies will not be allowed to create a user profile of users who forbid them to create one.
  • More guardians. Companies dealing with data from more than 5000 people will have to hire a data protection officer.
  • A European Union data protection council will be created to watch over these rights and abuses. To submit a complaint, burghers will only have to contact their country’s data protection office and will be able to submit complaints in their own language. The national data protection offices will escalate and forward.
  • The Libe committee was unable to get a majority vote in favor of the “right to be forgotten” this time, settling instead on a “deletion right” under which E.U. burghers will be able to force companies to tell them what data they have collected on them and then to delete it. The companies will not be responsible for ensuring that data do not appear anywhere else in the internet however, which is what a “right to be forgotten” would have meant. Spiegel.de said German data protection law is stronger here.

It’s not over yet. The European Parliament must now agree on a final version of the reform with all 28 countries in the E.U. Council and in the E.U. Commission. If the reform is not done and dusted before European Parliament elections in April 2014, it may be delayed for ridiculous lengths of time again.

(Auntie   FIE zah   cl OW! zell.)

“Datenschutz muss so wichtig werden wie Umweltschutz”

“Data protection must become as important as environmental protection,” said Bundespräsident Joachim Gauck in his German Unity Day speech on 03 Oct 2013.

Recalling similarites between how they discovered ways to deal with the difficulties of Germany’s reunification and how the world must discover ways to deal with today’s difficulties, he said, “Everyone involved back then was a learner—and sometimes an errer!—but they were, we were, all creators! October 3 does not just remind us of powerlessness overcome. It is also witness to the will to create freedom in freedom.”

(DOT en shoots   MOOSE   zoh   VICHH tichh   VAIR den   vee   OOM velt shoots.)

“Völlig achtlos kann sich der Verbraucher nicht verhalten.”

“Consumers cannot behave entirely heedlessly,” said a representative of Germany’s federal-level consumer protection agency, reminding Vodafone customers to keep an eye on their bank accounts for any strange activity.

The data of two million German Vodafone customers, including direct-debit banking data, have been stolen. Düsseldorf prosecutors are investigating. Vodafone discovered the theft on 05 Sep 2013 and announced it to the public a week later. They said they thought it was an employee at an external service provider.

The company set up a F.A.Q. website for the issue here.

Spiegel.de reminds us that last year Vodafone learned in December 2012 that its hardware had made its customers’ private data vulnerable, but the company only informed its customers after the Bundesamt für Sicherheit in der Informationstechnik [Federal Office for Safety in Information Technology, BSI] in Hamburg publicly announced a safety warning in August 2013.

(FULL ichh   OCHH t loh ss   con   zichh   dare   fair BROW chh ah   nichh t   fair HALT en.)

 

Schwachstellen in Sicherheitsprodukte einbauen

“Building in vulnerabilities in security products,” one of several methods the N.S.A. and G.C.H.Q. used to unlock encryption methods previously thought secure, according to the Guardian.co.uk, NYTimes.com and ProPublica.org. When the Canadian company BlackBerry updated its encryption in 2009, for example, the N.S.A. cracked it in mere months, according to a Spiegel.de article headlined “Champagne!

These two large agencies and their partners in e.g. the Five Eyes alliance have also been benefiting from encryption cracking via supercomputers, targeted hacking committees, strange U.S. letters and court orders that forbid the ordered from ever mentioning the order, an N.S.A. Computer Solutions Center that “provided security testing” for tech products, subversion of international security standards used by developers but especially persuasion of tech companies, whose names remain most secret.

Tagesschau.de reported on 06 Sep 2013 that the “Bankenverband“—the name indicates an association of banks but the reporter did not define it more specifically—announced that N.S.A. employees and contractors can only view Germans’ online banking but cannot transfer money out of (“plunder”) their accounts. German consumers will not be reassured by this.

Brazil’s TV Globo on 08 Sep 2013 added to the list of snooped targets the international S.W.I.F.T. bank transfer network, the closed computer networks of “airlines, foreign governments, power companies and financial institutions” and the state-owned Brazilian oil company Petrobras, increasing fears of industrial espionage by the U.S.A. and its allies.

The Guardian.co.uk article on the targeted placement of back doors into encryption software was very angry about how vulnerable to criminals this makes everyone (called “the consumer and other adversaries” in one Snowden trove document). Weakening software causes people to commit crimes who wouldn’t normally have done so.

(Sh VOCHH shtell en   in   ZICHH ah heights prod OOK teh   EYE n bough en.)

Gemeinsames Terrorabwehrzentrum, G.T.A.Z.

“Joint Terrorism Defense Center.” Apparently the German police and secret services have been working together at this institution since its founding in 2004 under poor Otto Schily. Many Germans are terrified by the idea of police and spies working together.

If the reasonable, brave, intelligent, energetic and left-leaning defense attorney Otto Schily, cofounder of the German Green party in 1980, could as interior minister in an S.P.D. + Green party coalition federal government help set up the “antiterrorism” cooperations that Otto Schily apparently did, then institutions in governments around the world could use a good hard review by politicians who don’t want to see themselves forced into similar stances in the very near future.

A recent review of Germany’s antiterror laws by the interior ministry and the justice ministry, examining in particular who has what authorities and who checks their work, has concluded and published its nonbinding report. Interior minister Hans-Peter Friedrich (C.S.U.) was satisfied with the current laws but justice minister Sabine Leutheusser-Scharrenberger (F.D.P.) is not: she is calling for a new law providing uniform and limiting rules for antiterror centers where police and intelligence services exchange information.

“When we’re talking about intervention authorizations that go deep, precisely the ones that penetrate into the privacy and personality spheres of individual people, then there have to be definitive rule-of-law procedures, mandatory notifications, inspection and controls, transparency.”

(Geh MINE zom ess   TARE or OB vare tsent room.)

Wirtschaftsspionage

“Economic espionage,” industrial espionage. June 2013 reports that Germany was the N.S.A.’s most-spied-on country in the E.U. created German misgivings that financial advantages might be being sought.

The Guardian.co.uk’s “heat map” for the NSA’s “Boundless Informant” surveillance system indicated only countries like Iran, Pakistan, Jordan, Egypt and India were being monitored more than Germany.

This fear was not alleviated by Süddeutsche Zeitung and Norddeutsche Rundfunk reporting on 02 Aug 2013 describing Snowden-trove British General Communications Headquarters docs from 2009. It listed U.K. telecoms that “assisted” G.C.H.Q. (with each company’s code name): Verizon Business (“Dacron”), British Telecommunications (“Remedy”), Vodafone Cable (“Gerontic”), Global Crossing (“Pinnage”), Level 3 (“Little”), Viatel (“Vitreous”) and Interoute (“Streetcar”); some of these telecom companies even developed software to help spy on their customers and were paid for that by G.C.H.Q. “For the good of the British economy” was a reason given in a G.C.H.Q. PowerPoint presentation for why these telecoms were selling their customers’ communications.

Update on 19 Jan 2014: ZDF heute journal reported the listening post atop the U.S. embassy in Berlin was indeed used for economic espionage: they were interested in the Chancellor’s opinions about the euro currency, for example.

In 2003, the company Ferrostaal, headquartered in Essen, was competing with a U.S. company for a contract to deliver radio monitoring equipment to Nigeria. The U.S. embassy in Berlin supplied Ferrostaal’s U.S. competitor with data from Ferrostaal’s secret bid, according to an embassy cable found in the Wikileaks trove. Details ZDF showed in a copy of the cable included the German company’s offered price (24 million euros) and financing (“5.1 to 7.0 percent for possibly 5 years”). The U.S. company won the contract.

(VEE at shofts ess pee own OJ.)

Totalüberwachung: Londoner Verhältnisse

“Total surveillance: London conditions.” The U.K. situation.

What the Bavarian state data protection officer mentioned as undesirable in a newspaper interview earlier this month. Even the act of putting cameras in public places, which England has notoriously taken to new levels, creates a social selection process, he said. He did not want a society that produces only conformists.

(Tote OLL über VOCHH oong:   Lun done ah fur HAIL t niss eh.)

Sicherer-Hafen-Abkommen

“Safe Harbor accord.”

After years of discussion, on 19 Jul 2013 E.U. ministers reached an agreement on reforming their outdated data protection principles at their Lithuania meeting, agreeing inter alia that any companies wishing to do business with one of the E.U.’s 500 million citizens will have to obey the E.U.’s privacy regulations or pay fines of “up to 2% of world income,” said justice commissioner Viviane Reding.

She called into question the E.U. and U.S.A.’s current pre-millennial “Safe Harbor” personal data transfer agreement, which companies join voluntarily and in which they verify their own compliance. About a thousand companies joined the agreement, including companies that shared customers’ personal data with the N.S.A. Commissioner Reding said the U.S.A.’s Patriot Act had annulled the Safe Harbor agreement anyway. “I have already told the parliament that if [the Safe Harbor agreement] is in fact what I think it is, namely a loophole, then we’re done with it.” She is counting on German and French support for the new data protection reforms.

Update on 27 Nov 2013: E.U. interior commissioner Cecilia Malmström (Swedish Liberal People’s Party, conservative-liberal, liberal with the non-U.S.A meaning of libertarianesque) announced the E.U. Commission was not going to change the toothless self-policing “Safe Harbor” data protection agreement for now. E.U. justice commissioner Viviane Reding (Luxemburger Christian Social People’s Party and European People’s Party, center and center-right) has given the U.S. a 13-point data protection homework assignment to implement by summer 2014, after which the Commission will re-examine torpedoing “Safe Harbor.”

(ZICHH ah ah   HAW fen   OB come en.)

Verschlüsselungspflicht für Telekom-Unternehmen

“Mandatory encryption for telecom companies,” one solution proposed by the opposition to Angela Merkel’s coalition in the wake of Edward Snowden’s surveillance revelations. Another solution, discussed by the ruling coalition, was supposedly transferring responsibility for saving searchable copies of all communications from public-sector government agencies to private-sector phone companies.

Update on 02 Sep 2013: NYTimes.com reporting and others’ follow-ups appear to indicate that the company AT&T has been keeping its own copies of phone communications, more than just “metadata,” and people have used it to access 26-year-old phone calls. AT&T employees could be hired to help government agents search their difficult database.

Update dated 4 July 2013: Holland’s Data Protection Authority issued a report on their investigation into mobile network packet inspection by KPN, Tele2, T-Mobile and Vodafone, finding that the companies illegally saved individual customers’ online data, such as websites visited and apps used. The data was furthermore saved in a “detailed” manner.

(Fer SHLÜSS ell oongs flichh t   foor   TAY lay kom oon ter NAY men.)

“Relevant”

Now might mean “everything,” according to Wall Street Journal reporting about how the U.S.A.’s secret F.I.S.A. court quietly reinterpreted the word “relevant” to “empower vast N.S.A. data-gathering.”

(Ray lay VAUNT.)

Null-Nummer

“A nada number,” zilch, zip, zero. Opposition politicians criticized the 24-hour visit of Interior Minister Hans-Peter Friedrich (C.S.U.) to the U.S.A. on July 12 to discuss N.S.A. spying with the Obama administration, saying Mr. Friedrich let himself be fobbed off with nonexplanations and didn’t realize the seriousness of the issues when he apparently decided to choose government rights over burgher rights. An op-ed in the Süddeutsche Zeitung said democracies can’t have freedom unless individuals in the democracies have freedom and privacy at home, and that this is a time that calls for voices and courage.

(NEWEL new mah.)

Online-Zwang

Mandatory internet contact established by products with their mothership company, that can’t be prevented by users.

(ON line TSVONG.)

Parallelität

“Parallelism.” A rep from Angela Merkel’s CDU party said starting Monday, July 8, negotiations with the USA would run in parallel for both a free trade zone encompassing the EU and USA and for a data protection agreement.

(Pah rah lell ee TATE.)

Anzeige gegen unbekannt

Criminal complaint filed against unknown persons, charge filed against “X.” The first hoovered-data German citizen complaint against persons unknown has been filed in the town of Gießen. Meanwhile, the federal prosecutors’ offices in Karlsruhe [Bundesanwaltschaft] are investigating US and UK surveillance of German data. A federal prosecutor spokeswoman confirmed they’re looking into the programs Prism, Tempora and Boundless Informant, inter alia.

(ON ts eye geh   gay gen   OON beh con t.)

EU-Datenschutzreform

“EU data protection reform” of the EU’s current data protection rules which were passed in 1995.

EU commissioner for justice, fundamental rights and citizenship Viviane Reding said she’s been fighting for this reform for several years now. A proposal she submitted 18 months ago has been languishing, even though the EU’s highly controversial “Vorratsdatenspeicherung-Richtlinie” [data retention directive] was negotiated in under six months, she said according to an 11 Jun 2013 Spiegel article. Laws restricting consumer rights are thus apparently passed much faster than laws guaranteeing consumer rights, in the USA and in the EU.

Reding’s EU data protection reform proposal would allow EU residents’ data to be shared outside the EU if there were appropriate legal protections in place in the recipient countries or organizations. Apparently EU citizens (and US citizens?) cannot sue in US courts in response to inappropriate sharing of their data, for example, so until that changes EU citizens’ sensitive data could not be shared with US groups. On the other hand, as Reding said in a speech at the Dublin summit on 14 Jun 2013, “In Europe, also in cases involving national security, every individual—irrespective of their nationality—can go to a Court, national or European, if they believe that their right to data protection has been infringed. Effective judicial redress is available for Europeans and non-Europeans alike. This is a basic principle of European law.”

Reding’s original proposal said there had to be a Rechtshilfeabkommen, bilateral legal assistance agreement, between the EU and the recipient country, but that bit was deleted before the Prism scandal broke in response to pressure from Washington DC. A group of European parliament members including Jan Philipp Albrecht (Green Party, Germany) and Josef Weidenholzer (Social Democrat, Austria) are now pushing to have the provision put back into the proposal. There is no mutual legal assistance agreement between the USA and the EU.

While some actors in the USA’s recently public “lawless space of the secret services Moloch around the NSA and FBI with its opaque/unmanageable network of private mercenary companies” [“rechtsfreie{r} Raum des Geheimdienstmolochs um NSA und FBI mit ihrem unüberschaubaren Netz an privaten Söldnerfirmen” (F.A.Z., 14 Jun 2013)] might consider themselves not constrained by updated EU data protection rules, Reding’s proposed economic penalties of up to 2% of their international annual gross on companies that incorrectly share EU residents’ sensitive data might have a better deterrent effect on nonshadowlands companies.

(Eh Oo   DOT en shoots ray form.)

Auge in Auge in Auge in Auge in Auge

“Eye to eye to eye to eye to eye,” the Five Eyes alliance of data-sharing intelligence agencies from the countries of UK, USA, Canada, Australia and New Zealand.

(OW! geh   in   OW! geh   in   OW! geh   in   OW! geh   in   OW! geh)

Rasterfahndung

“Grid search,” “raster manhunt.” Pre-crime data dragnet. Controversial German police method pushed into law in the 1970’s “to deal with the Red Army Faction,” preserved through the 1990’s “because of organized crime,” briefly tried out after the 9/11 attacks and considered by its critics to have failed, in which police are given access to big data troves to search for suspects before a crime is committed. The police create profiles of people they think are likely to commit crimes, identify characteristics for those profiles, identify data markers they think indicate those characteristics, and then use computers to “filter” large data troves for people with those markers. Files are opened for closer investigation of those “caught” in the dragnet and their friends, family, neighbors and other associates.

Several million data sets were shared and examined in this way after 9/11 but no arrests were made. The Bundesverfassungsgericht ultimately decided this was not legitimate and said future data investigations of the magnitude used in vain to find “sleepers” in Germany would have to be in response to a “concrete threat to high-level Rechtsgüter,” which might mean legal goods or legally protected interests. At an anti-neonazi march in Dresden in 2011, police got a court’s permission to collect all mobile phone “connections” data [Verbindungsdaten] in a large zone around the demo for several hours. ~300,000 people’s phone data were collected according to the Süddeutsche Zeitung, some of which were then used for purposes other than originally submitted. Wikipedia says police also used drones and other cameras to record that demo. Videos from that march have been submitted as evidence in the trial of an anti-nazi youth pastor accused of urging people to throw stones at police.

(ROSS tah FOND oong.)

 

Datenschutzsiegel

“Data protection seal of approval.” A 2008 book on data protection in Germany proposed creating independent auditing agencies who would inspect public and private organizations. If the organizations met standards for data protection, transparency, data security, etc., they would be issued the auditors’ “quality seal” which they could use in their marketing materials as a reputation booster. The auditors would be motivated to keep their own reputation high by not being pushovers, presumably. Multiple reliable auditors could watch each other. Set up well and done honestly, these inspections could ultimately enhance efforts at leak control by keeping whistleblowing from being the only way visible to try to fix the most broken organizations. When these inspectors published what criteria they used to calculate their ratings, smaller organizations down to families and individuals could learn tips about improving their own data protection.

Judging by online search results, squabbling about which data protection inspection seals are worthy may have already begun. There appears to be understandable concern that a company that produces consumer credit scores, which many Germans view with suspicion, also dipped its toe in the data protection certification business. Possible other models suggested for such an independent inspection system included the feared TÜV inspections and Biosiegel (“certified organic.” Bio means organic in German. Öko means treehugger.). An early boost was provided when a German state created demand for the certificate by requiring independent data-protection certification for products, programs and services used by state offices.

(DOT en shoots ZEEG ell.)

Volkszählungsurteil

“People-counting judgment,” the census decision made by the German constitutional court in the 1980’s. An online article I found on the history of Germany’s strongest interest in Datenschutz und Datensicherheit (data protection and data security) explained that country’s aversion to census-taking from a historical perspective. The Nazis took an infamous census of “greater German” territories in the 1930’s that collected data used to kill people later, supposedly with the aid of early computing machines. Later generations of Germans, especially the authority-questioning “1968 generation,” were early adopters of fears about the way a fact that is harmless in one context may become dangerous in another, meaning there is no longer such a thing as a harmless datum. It was and is the combination of mandatory registration with the local government of your residence and contact data, which all German residents still have to do, and a proposed resumption of census taking that set off the large protests against a census in Germany. Eventually the German constitutional court issued its decision reaffirming the first sentence of the German Civil Code, the right to human dignity, and saying control and protection of one’s information was protected by that right.

My source said the logic and humanity of the court’s granting of this protection, and seeing that the state obeyed the court’s decision and canceled the census, calmed the fears of the 1968 generation of antifaschist protesters and did a great deal to integrate them into civil society, which they now control.

(Folks TSAY loongs oor tile.)

Das Vectoring

In the first of its two current scandals, Deutsche Telekom wants to use so-called “vectoring” technology to reduce interference between bundled strands in copper-wire DSL internet connections by increasing and decreasing signals to balance out a more efficient overall electric signal transmission. “Vectoring” requires the Kabelverzweiger, the “cable brancher” or “cross connect” gray box by the side of the street, to be connected to a fiber optic line. Powerful computing is required at the phone company end to “precalculate” the “error suppression” for all transmissions on all DSL lines in the bundle simultaneously in real time. Maximum efficiency requires one central administration of all DSL lines, by one company in other words.

Telekom claims its vectoring only works when a single company controls all the lines at the gray box; “no other companies could then install their own technology there,” the F.A.Z. wrote, voicing the worry about fairness to companies in competition with Telekom. Fairness at the consumer end is also an issue, inter alia because vectoring requires modems specially modified for vectoring technology. Manufacturers such as AVM are already shipping only “vectoring-friendly” modems.

Just before the long Christmas break in 2012, Telekom submitted a request to the Networks Agency (Bundesnetzagentur, BNetzA) to modify BNetzA rules to allow its vectoring. After receiving the petition, the Bundesnetzagentur asked companies in the sector to amicably agree on solutions amongst themselves in order to reduce regulatory intervention to a minimum. Deutsche Telekom also tried to calm remonopolization fears by e.g. saying that if competitor companies had connected their own fiber optic lines to gray branching boxes, they could use its vectoring technology too. It also had some new last mile products it wanted to rent out to them.

On 15 May 2013 the Bundesnetzagentur issued a draft approving the partial deregulation—which still must be approved by the EU Commission and the regulatory authorities of the Member States which would have one month to review the proposal after BNetzA’s 24 Apr 2013 hearing—allowing Deutsche Telekom and its competitors to use Telekom’s vectoring while imposing conditions intended to mitigate the old monopoly’s sole control of branching boxes, though the items in this list indicate apparently not to mitigate possible data privacy repercussions caused by the central computational process managing the balancing out of every DSL line. These conditions included:

  • Around questionable boxes, at least one other provider must market a fast internet connection, such as television cable.
  • For Telekom to use vectoring at a box, more than one competitor must be connected to that box.
  • Telekom’s competitors in turn are required to use Telekom’s vectoring in all boxes to which they have connected. Does this give Telekom’s servers access to all those end consumers and their data?

Alternatively, non-“vectoring” options for speeding up DSL connections include so-called “bonding,” bundling in which incoming data packets are distributed through two of the usually four available lines of a DSL connection rather than just being sent through one. Routers that can bundle the unsorted incoming packets will have two DSL inputs instead of just one. There is also a “phantom bundling” option that can take two (four-line) DSL connections and use one line from each connection to create a third, “phantom” circuit that will suffice to “modulate up” DSL signals. It is claimed that Deutsche Telekom’s “vectoring” would be faster than these bundling alternatives and/or speed them up by balancing away the signal bleed between copper wires.

Some Germans are concerned that their internet service providers already are claiming internet speeds they don’t actually deliver or secretly throttling cheap connections; to address these concerns the Bundesnetzagentur studied German broadband quality in 2012 and posted a link to a “broadband test” and a “net neutrality test” (that can’t be run on a wireless network) for consumers on an “Initiative Netzqualität” website scheduled to be shut down in late June 2013. The net neutrality test requires Java. Both tests are for stationary internet connections; neither can be run on a mobile network. Speaking of mobile internet: now that Deutsche Telekom has received approval from US antitrust authorities to merge T-Mobile with competitor Metro PCS, they plan to use some of Deutsche Telekom’s new cash liquidity to build mobile infrastructure in the USA.

“Intelligente Stromzähler nur mit intelligentem Datenschutz”

“Intelligent electricity counters,” so-called smart meters, but “only with intelligent data protection.” German data protection officer Peter Schaar (his official title is Federal Commissioner for Data Protection and Freedom of Information) praised some recent developments on the data protection front but criticized weaknesses remaining in protecting e.g. employee data and the data that can be gleaned from smart meters. Schaar has been warning against excessive technology-driven transparency of electricity consumers since at least 2011. His office produced a pro-consumer guideline in 2012 to supplement the 2011 Energiewirtschaftsgesetz (Energy Industry Act) amendments that enabled the smart meters which the smart grid will need for flexible management of renewable energy sources and which so-called “smart customers” are to be able to use to manage their own utility consumption. The guideline points are to flow into law eventually.

(In TELL ee GENT ah   SHTROAM tsay lah  noor   mitt   in TELL ee GENT em   DOT en SHOOTZ.)

Datendrosselung

“Data throttling.” Deutsche Telekom, whose subsidiary T-Mobile stood out from other US telephone companies because it was never explicitly mentioned in the press as having given its customers’ data to the George W. Bush administration, has announced that starting May 1, 2013, it will slow down internet traffic for its flat-rate German customers above a low monthly data limit of 75 GB. There will be no appeal. People are furious. Critics say there may be a competition issue because Telekom’s own online content, such as from its entertainment channels, will not count toward the monthly data limit. If so, this might be a case for the Bundesnetzagentur, the German Federal Networks Agency for Electricity, Gas, Telecommunications, Post and Railroads (BNetzA).

Update on 30 Oct 2013: A Cologne court forbade Deutsche Telekom to slow down the data supplied to its flat-rate internet customers, in a lawsuit brought by the North Rhine-Westphalian Consumer Protection Agency [Verbraucherschutzzentrale Nordrhein-Westfalen e.V.]. Deutsche Telekom was planning to reduce these household internet connections to as low as <10% of normal surfing speeds.

Süddeutsche.de reported that the court said Telekom could slow down its customers’ internet access but not without changing its current marketing. Without fixing the problem, “Drosselkom” had tried several responses to the outrage sparked by these plans this year, including offering a second more expensive flat rate plan that really, they swore, this time, would not be subsequently decelerated. Competitors 1&1 and Kabel Deutschland have been capping their customers’ internet connections too, SZ reported. They quoted a pundit as saying the Cologne Landgericht’s verdict was important for starting to create limits to contracts that have been being arbitrarily changed by companies. Telekom plans to appeal.

(DOT en DROSS ell oong.)

Saustall

“Sow sty.” In German, the sow is a more intensive metaphor for the pig. Pigs are pigs, but the sow is the SOW. After a six-month investigation of the Saxony state Verfassungsschutz office (Saxon LfV), the investigating committee (of “independent experts” under a former German Attorney General) has said the place wasn’t a complete sow sty but they still have some recommendations for reform. The commission proposed creating a permanent “Verfassungsschutz commissioner” for Saxony, a position that does not yet exist in any other German states and would be similar to the state “data protection commissioners” who are already widespread. The Verfassungsschutz commissioner should have an intelligence background, investigate independently, and not be dependent on which parties control majorities in state parliaments or on legislature election periods.

The investigation was started half a year ago by the CDU governor of Saxony after some Saxon LfV files relevant to the serial-killing neonazi terror cell turned up but no one knew whence or how. Although the independent commission did not discover the origins of those files either, they did find many problems with the Saxon LfV’s filing system and also recommended “tightening things up” organizationally inside that authority, leaving power structures as they are but sending “the best people” to federal centers.

(ZOW! shtoll.)

Vorratsdatenspeicherung

“Reservoir data storage,” “advance data saving,” now also being called dragnet e.g. surveillance + storage. When a government collects and saves people’s personal communication data in advance, without cause, before needing the data.

Germany is in trouble with the EU for not implementing the EU rule that telecommunications data should be collected without cause and saved for six months. German Interior Minister Hans-Peter Friedrich (CSU) supports the six-month EU plan but many other German parties and politicians do not. The German Supreme Constitutional Court found that the EU rule conflicts with German law.

Update on 18 Dec 2012: Spiegel-Online reports that more than 11,000 concerned Austrians, including telecommunications employees and Carinthian civil servants, have asked the Austrian constitutional court to postpone deliberating on Austria’s new data privacy law until the European Court of Justice can determine whether the EU rule violates basic human rights. By law, communications data in Austria have had to be saved for six months since 1 Apr 2012. The EU rule was passed in 2006. The Irish High Court asked the European Court of Justice to examine the rule in mid-July 2012, and it may happen in 2013.

Update on 12 Dec 2013: The European Court of Justice is examining the E.U. guideline requiring telecommunications companies to save customers’ data for “up to two years” in case they are suspected of committing crimes in the future. An expert opinion submitted by an E.U. Advocate General to the court found the two-year dragnet data storage guideline conflicts with the E.U. Charter of Fundamental Rights. ARD tagesschau.de moderator Jan Hofer said the court usually follows such expert opinions.

Update on 08 Apr 2014: The European Court of Justice overturned the E.U.’s 2006 guideline requiring mandatory dragnet surveillance and recording of all electronic phone and internet data because it violates fundamental human rights [Grundrechte].

(FORE rots DOT en shpy cher oong.)

Verfassungsschutz

“Constitution Protection.” The name for a federal German police agency that has state branches. I don’t know much about it. The name might be intended to convey the idea that federal police are needed to keep a democracy from falling into dictatorship.

Wikipedia says the Verfassungsschutz offices are responsible for domestic intelligence, the Bundesnachrichtendienst for foreign intelligence, and the Militärischer Abschirmdienst for military intelligence.

The Süddeutsche Zeitung said federal Verfassungsschutz is responsible for defending Germany against spying.

Update on 28 August 2012: Interior Minister Hans-Peter Friedrich (CSU) has announced that he would like to reform the Verfassungsschutz, including a mandate that all state-level Verfassungsschutz organizations would have to send all their information to a central federal office (some state offices have already protested this) and that a central federal list be kept of all Verfassungsschutzmänner and -frauen who are providing information to these police in return for money. See V-Mann, V-Frau.

Update on 29 August 2012: The state and federal reps supposedly only discussed for one hour before agreeing on a framework for reform, which even the opposition SPD party now supports. Not only will state Verfassungsschutz offices be required to share all information with the federal office, but the federal office will be required to share all information with state offices as well (there are currently a total of 17 Verfassungsschutz offices). The state reps negotiated away Hans-Peter Friedrich’s proposal that the federal office be made the sole boss of  investigations of (potentially) violent groups. Angela Merkel’s libertarianesque coalition partner, the FDP, criticizes that these changes are just moving furniture around and the old system, with its redundancies, remains the same.

Update on 03 July 2013: Interior Minister Hans-Peter Friedrich (CSU) and the head of federal Verfassungsschutz, Hans-Georg Maaßen, announced the Verfassungsschutz agencies will undergo fundamental reforms of structures and procedures, imposing uniform standards on the state and federal offices. The changes are to include: new guidelines for the use of V-people (“persons who have committed the most serious crimes are not to be acquirable as V-people” —Maaßen; informants are no longer to receive fees high enough that they could live on that income alone; handlers are to be swapped every five years at the latest to prevent friendships and Seilschaften; and a central file of state and federal V-people is to be created e.g. to prevent multiple Verfassungsschutz offices from paying the same informant); new rules for working with state Verfassungsschutz agencies (which will have to send the knowledge they acquire in unfiltered form to the federal office) and in future files are only to be destroyed after multiple-step reviews (with destruction training and a “file destruction officer” appointed for each department). “Cross-thinkers” [Querdenker] in the offices are supposed to observe, question and criticize what they see, hopefully spotting real trends and catching when departments are on wrong or slow tracks. These initial reforms are said to be in response to the failures discovered in the investigations of Germany’s decade-long serial-killing bank-robbing neonazi terror cell, not to the revelations of whistleblower Edward Snowden. Because there is a German election in two months it’s possible these announced reforms will not be enacted and/or funded, as has apparently been the case with some of Health Minister Daniel Bahr (FDP)’s pre-election reform announcements. The opposition criticized them as purely cosmetic and piecemeal anyway. Thomas Oppermann (SPD) called for a mentality change at these agencies and training employees so that they “have a sense of where the real dangers to our democracy lurk.” Hans-Christian Ströbele (Green party) said Verfassungsschutz should be eliminated “such as it is. We can’t let people just continue on who failed like that.”

Update on 19 Sep 2013: A state Verfassungsschutz office (Lower Saxony’s) was caught collecting and keeping information on at least seven journalists. Federal-level Verfassungsschutz was also caught cooperating with the C.I.A. and the Bundesnachrichtendienst to spy on a journalist, though Hans-Georg Maaßen issued a denial; the NDR journalist‘s name, passport number, mobile phone number and date of birth were on a U.S. list of names and data given to the German domestic and foreign intelligence agencies in 2010 with a request for more information about those people.

These reports showed that the German domestic intelligence Verfassungsschutz (state and federal) and foreign intelligence Bundenachrichtendienst agencies are supplying information for databases (now including ones named “Project 6,” “P6” and/or “PX”) that should have been inspected by data protection officers and subject to German data protection rules regulating among other things what information they can contain and for how long, after which the data must be deleted. However, the German data protection officers did not know about these databases, said Peter Schaar. He said this is no minor infraction, and “anyone running such a project absolutely must guarantee that all activities are completely documented and subjected to data protection control/inspection.”

The excuse for Lower Saxony Verfassungsschutz’s spying on journalists was fighting neonazis and the excuse for federal Verfassungsschutz’s spying on journalists was fighting terror. In his 2007 book Das Ende der Privatsphäre [“The End of Privacy”], Mr. Schaar said in the 1990’s the excuse tended to be fighting organized crime.

Update on 14 Mar 2014: New Interior Minister Thomas de Maizière announced the Verfassungsschutz will stop watching members of the Leftists party, which many S.E.D. politicians from the former East Germany joined twenty years ago, “unless they have good grounds for surveillance.” It will also “in general” stop watching Bundestag members, no matter what party they belong to. He said they reserved the right to investigate resumption of surveillance if they received new knowledge. Such as, that Bundestag members had connections to extreme milieux willing to do violence. Süddeutsche.de said this change of policy is in response to a case Bodo Ramelow (Leftists, and kept under observation for decades) brought to the supreme court, Bundesverfassungsgericht, in Karlsruhe. The court decided in October 2013 that “parliamentarians could only be watched who abused their mandate to fight against the free democratic basic order.” Süddeutsche.de said Mr. de Maizière’s formal statement did not say members of state parliaments would generally no longer be watched, and it noted that formally that his statement only commits the federal Bundesverfassungsschutz to suspend operations, not the 16 state offices.

Update on 08 Apr 2014: A company that represents companies in the Maschinenbau industry [“machine building,” industrial engineering] signed an agreement with federal Verfassungsschutz at this year’s trade show in Hanover. The agreement is supposed to encourage more German companies to consult Verfassungsschutz about suspected cases of industrial espionage. FAZ.net: “But Verfassungsschutz’s advantage is that unlike police they do not have to follow up on a crime, said the association. That is to say, the intelligence agency can pass on information to a company that’s affected; what happens with it after that is the management’s decision.”

(Fer FOSS oongs shoots.)

unverhältnismässig

“Not proportional.” Improper. Like how a tiny number of Bundestag delegates amended a bill during the recent Italy vs. Germany match to permit their gubmint to sell the contact information—the names, addresses, phone numbers, &c.—people must provide when they mandatorily register their residence in Germany. The new law is required because in future residents are going to have to register their contact information with the federal government instead of the state ones. The “Italy” amendment flipped the default from “burghers must give permission before their data can be sold” to “burghers must forbid the selling of their data or their data will be sold.” The “score” of delegates added an excemption to even that: when people state that they do not want Angela Merkel’s government, and all governments after hers, to sell their personal data to address dealers and marketing firms, the government will still release this data to entities seeking to correct errors in their databases.

Update on 21 Sept. 2012: The Bundesrat stopped this law. It’s been sent back for rewriting.

(Oon fer HAIL t niss mace ick.)

Blog at WordPress.com.