What
happens when a bureaucracy goes wild? Well, you can end up in a
situation where private companies are facing the most restrictive
privacy regime in the world, while government agencies are at liberty
to spy on their people at will. Germany – my country of origin, and
the country that claims to have “Informationelle
Selbstbestimmung” (roughly: information self-determination) –
has now completed a fairly comprehensive system of laws limiting
fundamental human rights viz-a-viz the government:
-
Just yesterday, the
so called “BSI Gesetz” was passed, which allows the BSI
(roughly comparable to the NSA) to store and analyze any
communication of government agencies, in particular exchanges
between the people and government employees. So anytime you send an
email to any German agency or visit their websites, the BSI will
store all communication parameters and use them as they see fit.
They claim pseudonymization, but they reserve the right to make the
data identifiable again at any time. Inadvertently collected
information may be used in any legal proceeding against you. So
beware, if you send them mail, call them, or even just visit their
web sites. The most chilling aspect is that this total oversight –
with an equivalent lack of transparency and accountability – has
echoes of two periods in German history which the country does not
recall with pride: the periods which are closely associated with the
Gestapo and the Stasi. -
Just a week earlier, a censorship law was passed
that is officially aimed at blocking access to websites containing
pornographic material depicting minors. While I wholeheartedly agree
with the goal to persecute the criminals that produce, distribute,
and consume such media, the law is implemented in worst possible
way: a secret set of lists will be created by the BKA (comparable to
the FBI) that determines which web sites are to be blocked. This
activity is supposedly to be monitored by the Datenschutzbeauftrager
(roughly: federal privacy commissioner), who has already indicated
that his agency is neither capable nor willing to perform this
function.
Strong promises were made prior to passing the law
that this new “federal firewall” infrastructure will only
be used in the context of access prevention to objectionable
pornographic material; there have now already been demands to also
use it to block access to “Killerspiele” (i.e. first
person shooters), Nazi propaganda material, and also pull this
entire approach to the E.U. level to guard all Europeans from bad
influence. Thought police, anyone?
This new legislation is on top of a slew of
other nonsense, like the ability of almost any government agency to
investigate your financial situation without a warrant, a lifelong
globally unique tax ID, a national ID card that will soon contain
biometrics, the requirement to inform the agencies of any change of
address, and a federal broadcast tax that is collected by the GEZ,
which has received the second ever “Big
Brother Lifetime Award“.
But – satisfying all prejudices about being
thorough – there is more to come: my big favorite is the current
health record proposal – which centers around the “Gesundheitskarte”
(literally: health card, their health insurance card), but in reality
will create the biggest database of medical records ever: Gematik
will store all electronic health records of all patients in the
entire health care system, including the – nominally – independent
private insurers. If interested, take a look at their “Security
Whitepaper” (German only, sorry): other than explaining the
benefits of using a symmetric key for bulk encryption and
public/private keys for key negotiation they have little to offer. If
this is Gematik’s level of competence in security and privacy, then I
predict happy times for identity thieves specializing on the German
patient.
What amazes me most is the ease with which all these
regulations are introduced and accepted: yes, there has been some
protest against the federal firewall law, but in the end it still
passed and – quite frankly – I cannot imagine that any future
administration will even attempt to remove it. It seems to me
perverse that a government is misusing the compassion for victims of
the most horrific crime to introduce a comprehensive cyber censorship
infrastructure. This can only serve as a sobering reminder that even
20 years after the fall of the last dictators in Europe, there are
countries in the continent which still have not fully embraced what
her most gifted thinkers had set out to achieve more than 350 years
ago. As most of you know, I now live and work in the United States –
and fervently hope that this may never happen here.
[Many thanks to Robin for
correcting some of my many mistakes].