December 05, 2003

We just can't be bothered

Is it just me who feels like throwing up?
Web Crime Ignites German Debate on Privacy Rights
Thu Dec 4, 8:28 AM ET
By Mark Trevelyan


WIESBADEN, Germany (Reuters)
- Germany is floating the idea of easing its cherished privacy laws, designed in part to banish its Nazi and Communist past, in order to combat rising Internet crime.

The government and the police say new rules are needed so that online connection data -- in other words, who is accessing which Web sites -- is automatically stored in case it is eventually needed as evidence in criminal investigations.

But that idea worries both telecommunications companies and officials charged with data protection, in a country which experienced Nazi and East German communist dictatorship and whose privacy laws were designed to prevent an all-knowing totalitarian state from ever emerging again.

"This goes to the very root of a democratic society," said Alexander Dix, commissioner for data protection in the state of Brandenburg.

"Telecommunications secrecy is very strongly enshrined in our constitution. The Gestapo experience and also the Stasi experience is something which is very present in the public mind here," he told Reuters, referring to the Nazi and East German secret police.

Dix was speaking at a cybercrime conference where Interior Minister Otto Schily this week proposed that online connection data should be stored by Internet Service Providers (ISPs) just as transaction records are held by financial market supervisors.

"It's unacceptable for the law enforcement authorities that connection data which are important for combating IT crime have often already been deleted for data protection reasons by the time the authorities request them," Schily said.

PORNOGRAPHERS AND TERRORISTS

Waldemar Kindler, a senior official in the Bavarian Interior Ministry, said allowing such information to be stored was a fair price to pay for combating crime on the Internet, including recent cases involving cannibalism and suicide forums.

"We want to combat child pornographers and terrorists and we need the necessary prerequisites for that fight. We must not be distracted by idealism and create lawless areas in which the security of the citizen is in danger," Kindler said.

He said ISPs should be obliged to store connection records for 12 months, instead of deleting them shortly after invoicing clients, as they do now.

Police, prosecutors and telecoms providers at the Wiesbaden conference all said the current situation in Germany was a muddle, with contradictions between aspects of the criminal code and telecoms and data protection laws.

"The legal provisions are very contradictory and everyone is suffering, the providers included, because the situation is so complex and difficult to understand," said Thomas Koenigshofen, deputy head of corporate security at Deutsche Telekom.

Storing online connection records would involve huge volumes of data and significant costs. "The state must ensure we are compensated for the costs of collecting data and sharing it with the law enforcement community," he said.

But for data privacy watchdogs, the issues go beyond cost.

"All your preferences, the kind of information you might have downloaded from the Net, the Web sites you have visited -- all that would be registered in a weakly encoded form" if Internet Protocol addresses showing people's viewing habits were retained by the ISPs, said Dix.

"That could easily be decoded to show your political opinions, your preferences. Your lifestyle would really be open to anybody who had access to this data."

It surely is a difficult problem, even ouside the Internet. Data protection in Germany revolves around important concepts of general privacy, human rights and the balance between access to information and privacy concerns. Basically, the German data protection law embodies "informationelles Selbstbestimmungsrecht" the individual's right of self-determination regarding its personal data.

The law states that the processing and use of personal data shall be admissible only if this law or any other rules and regulations permit or lay down this or the individual has consented. But the law may be preceded by the interests of the state. It says that insofar as other Federal rules and regulations are applicable, such law shall take precedence over the provisions of the data protection law.

Fine. I suppose we always have to weigh two things against each other and finally make up our mind where we stand on the scale between surveillance state and anarchy (or, so I suspect, rather oligarchy).

What is largely missing from the discussion is not the balance between the rights of the state vs. the rights of its subjects, but the conflicting rights of the different individuals. Sure, different countries -- different sensitivities and here it would be unthinkable to publish the identity of a convicted child molester. It would be considered as pillory, whereas in the United States it is regularly done because the children's right not to be (potentially) molested is regarded as preceding the child molester's privacy rights. Just one example of many, of course.

Obviously, we Germans are on the whole not as interested in our neighbour's intimate details, or we would in the meantime have tabloids comparable to the British Sun or Mirror, which lets "our" Bildzeitung look like a parish paper. We like to keep private what's private (or maybe we are just not turned on by the unappetizing details of some dreary politicians' sex life like the sex-starved Americans are, which is a good thing). But do we really HAVE to cite our murky past to justify each and every current bullshit? But sure, even I have to admit that "Never Again!" and a pompous "A country which experienced Nazi and East German communist dictatorship and whose privacy laws are designed to prevent an all-knowing totalitarian state from ever emerging again" DOES sound better than "We just can't be bothered". To those hypocrites with an uncurable good conscience, that is.