In the amendment of the Telecommunications Act (TKG), the German Federal Ministry of the Interior (BMI) is calling for last-minute modifications, with these set to have far-reaching consequences for all Internet users. The “formulation aid” – which surfaced at the beginning of March and which the ministry submitted to the parliamentary group of the CDU/CSU in the Bundestag, outside of the realm of the regular legislative process – provides for an identification obligation for what are called “number-independent services”; this relates to messenger, audio and video chats as well as email communication. In future, such services are obliged to collect, verify and retain the name, address and date of birth of their users.
eco – Association of the Internet Industry is sharply critical of the approach of the Federal Minister of the Interior and vehemently opposes such an obligation: “The planned measures would in fact mean imposing an identification obligation prior to putting devices such as mobile phones, notebooks and tablets into operation, as – by default – user accounts are linked to at least one means of communication with every manufacturer. Many other services enable communication by users, which means that they would not only have to collect information on users’ identity, but also to verify this information – in other words, they would have to be shown the ID.”
Loss of trust and negative consequences for Germany as a digital location
In eco’s view, such a regulation would lead to a further undermining of the trustworthiness and integrity of communication on the Internet. Klaus Landefeld, Vice Chair of the eco Board, also fears that small and medium-sized enterprises would be especially overburdened in this area, because verifying data to determine the identity of users is always tied to a high organisational and financial effort. What’s more, there could be an exodus of users who, in a globalised world, will prefer “clickable” services from abroad that can be used without much fuss.
Surveillance overview bill dragging its feet
Overall, the spate of new legal measures and obligations emerging from current draft acts in Germany is raising considerable concerns for eco. As Landefeld says: “In terms of both its quantity and quality, the systematic and continuous expansion of surveillance measures contained in the draft versions of the Telecommunications Act, the IT Security Act, the BND Act, the Constitution Protection Act and the further development of the Code of Criminal Procedure is alarming. Aside from the fact that the implementation of all these surveillance measures poses considerable challenges and burdens for the providers concerned, the German state is eroding the confidentiality of communications through clandestine surveillance and is also endangering the security of IT infrastructures through hacking and state Trojans.” On the other hand, there is still no trace of the constitutionally-required and announced surveillance overview bill of the state (i.e. the German ‘Überwachungsgesamtrechnung’). “The Federal Ministry of the Interior is keeping a low profile here,” Landefeld says.
Legislator must examine alternatives
eco calls on the legislator to finally seriously look for alternatives to surveillance measures and to more rigorously promote empirical research on this topic. In addition, the investigating authorities must be better equipped in terms of personnel and equipment, because deficient resources usually prevent an investigation.
“There can’t only be one direction on the issue of surveillance. Our constitution requires that such measures be scrutinised – and ultimately revoked– if milder, equally effective means are available or if the surveillances measures are found to be ineffective,” says Klaus Landefeld.
Criticism of state Trojans in planned German Federal Police Act
Landefeld will raise this criticism within the bounds of an expert hearing on the Federal Police Act planned for Monday, 22 March in the Bundestag, with this Act envisaging the use of state Trojans: “The use of state Trojans weakens the IT security of citizens, the economy, and ultimately the state. It undermines the trustworthiness of communication on the Internet. State Trojans are completely unsuitable for averting danger. Because an application of the software on the IT device of the target person requires so much time that immediate action by the Federal Police to fend off the danger is almost impossible,” says Landefeld.