eco Comments on German IT Security Act 2.0: Snooping clauses are not an option

After a draft for the IT Security Act 2.0 (IT-SiG 2.0) was made public last year and was also sharply criticised by the Association of the Internet Industry, the German Federal Ministry of the Interior (BMI) has now resumed consultations and started departmental coordination.

For the Association of the Internet Industry, the responsibilities and liability for IT security must be regulated in a balanced manner within the framework of the IT-SiG 2.0 and security gaps must be closed quickly: State back-doors and the targeted weakening of encryption are counterproductive for IT security and jeopardise confidence in the use of digital services.

eco Member of the Board Klaus Landefeld comments on the upcoming consultations:

“The extended powers for the German Federal Office for Information Security (BSI) planned with the draft bill must be proportionate. Snooping clauses or portscan paragraphs in an IT law are not an option and undermine the confidentiality of electronic services and communication: any unnecessarily provoked security gap could in future be exploited by intelligence services or criminals to gain access to sensitive information from users, authorities and companies.”

It is also not clear to what extent the BSI cooperates with the ZITIS office (the German Central Office for Information Technology in the Security Field), which raises the additional question of whether known security holes are actually closed or not used by security authorities for their purposes. “We expect the relationship between BSI and ZITIS to be clarified. The BSI must be there to enforce IT security and only for this purpose,” said Landefeld.

The Association of the Internet Industry demands clear, transparent, comprehensible and proportionate rules: “In the area of critical infrastructures, we are already facing the problem that we have comprehensive reporting obligations and must report to data protection officers and the BSI. Such reporting obligations must not be extended indefinitely; they must be made manageable and transparent for companies.”


Winning Back Data Control With Smart Web Security
© ChakisAtelier