On Facebook, see for instance Maggie Shiels, “Germany Officials Launch Legal Action Against Facebook,” British Broadcasting Corporation (BBC), July 8, 2010, http://news.bbc.co.uk/2/hi/8798906.stm. On Google Street View, see Ingo Ruhmann, “Google Street View: Eine politische Kampfansage,” Telepolis, August 16, 2010, http://www.heise.de/tp/r4/artikel/33/33135/1.html (in German).
GERMANY FREEDOM HOUSE Freedom on the Net prepaid SIM (subscriber identity module) card must register with the network provider. The provider in turn is required to store the user’s telephone number, name, address, and birth date; the start date of the contract; and, if applicable, the serial number of the mobile phone for the authorities.40 Still, a mobile-phone user can achieve anonymity by buying the phone and phone number secondhand, because only the initial user needs to register.41 Encryption software is freely available and may be used without restrictions.Law enforcement agencies and prosecutors can obtain users’ contractual data without a judge’s order under Sections 112 and 113 of the Telecommunications Act. However, judicial approval is required to obtain traffic and content data under Section 113 of the Telecommunications Act and Section 110g of the code of criminal procedure.43 The Federal Network Agency serves as the data-collection intermediary standing between telecommunications companies and law enforcement bodies, fielding information requests from the latter. The less-protected contractual data is handled automatically, and for the year 2009, the agency reported 4.5 million requests from the authorities and 31.5 million queries directed to telecommunications-service providers.44 A much smaller number of government entities are authorized, for more narrowly circumscribed purposes, to request more sensitive data under Section 113 of the Telecommunications Act. This data may include personal identity numbers (PINs) and personal unblocking keys (PUKs) that allow access to private terminals or web-based memory-hosting platforms, though the inquiries may only be used to identify the person who generated a certain communication or connection at a certain point in time. The number of requests for these breaches of telecommunications secrecy is reportedly 10 times lower than the number of automated requests for contractual data.45 However, this would still amount to almost half a million requests in 2009.
Telecommunications interception by state authorities is regulated in Section 100 of the code of criminal procedure, or Strafprozessordnung (StPO). It is understood as a serious interference with basic rights and is subject to proportionality, meaning it may only be employed for the prevention or prosecution of very serious crimes for which specific evidence exists and for which other, less intrusive investigative methods will likely fail.
This is required by Section 111 of the Telecommunications Act and applies to e-mail providers as well. However, it is not specified whether the telecommunications-service providers are required to verify their customers’ information.
Torsten Kleinz, “Handy-wechsel-dich,” Zeit Online, April 25, 2008, http://www.zeit.de/online/2008/03/handykartenboerse (in German).
Bundesbeauftragte fr den Datenschutz und die Informationsfreiheit [Federal Commissioner for Data Protection and Freedom of Information], Orientierungshilfe zum Einsatz kryptografischer Verfahren (Berlin: Bundesbeauftragte fr den Datenschutz und die Informationsfreiheit, September 2003), http://www.bfdi.bund.de/cae/servlet/contentblob/417366/publicationFile/25259/OrientierungshilfeZumEinsatzKryptografi scherVerfahren.pdf;jsessionid=9348094A97AEA15E9D4F6C729361CB6A (in German).
Alexander Schultz, “Auskunftsersuchen der Strafverfolgungsbehrden,” Mediendelikte.de, http://www.mediendelikte.de/auskunftsersuchen.htm (in German), accessed September 13, 2010.
The period from 2001 to 2009 shows a steady increase on both counts, from an initial 1.5 million requests from authorities and 3.2 million queries by the Federal Network Agency in 2001. Bundesnetzagentur, Annual Report 2009, 125.
Kleinz, “Handy-wechsel-dich.” GERMANY FREEDOM HOUSE Freedom on the Net According to the most recent statistics published by the Federal Office of Justice, in there were a total of 16,463 orders for telecommunications interception based on Section 100a of the StPO. These referred to fixed-line phones in 3,821 cases, mobile phones in 13,838 cases, and internet communications in 661 cases.46 Also in 2008, there were a total of 13,904 orders asking for traffic data based on Section 100g of the StPO and Sections (1) and 113a of the Telecommunications Act.German authorities do not limit themselves to domestic data but also harvest data abroad. In March 2009, Der Spiegel reported that the BND had in previous years committed at least 2,500 acts of espionage by remotely searching computers abroad. These searches had at times included the undercover copying of hard drives and transmission of the data to Germany. In other cases they involved the installation of key loggers, which made it possible to track computer keystrokes and thereby gain access to passwords. Among the targets were Pakistani nuclear scientist Abdul Qadir Khan and the Iraqi government’s computer system.
German agents had also followed the e-mail traffic of an office run by the Welthungerhilfe aid group in Afghanistan. And as noted above, it was revealed in 2008 that the BND had for several months been illegally monitoring e-mail exchanges between Afghan government minister Amin Farhang and a Spiegel journalist.The generalized authority claimed by the BND, whose interceptions are supervised by the parliament’s G 10 Commission rather than the judiciary,49 was seen as particularly excessive at the time because of the landmark February 2008 decision by the Federal Constitutional Court on preventive covert remote computer searches. In its ruling, the court specified that such searches were only permissible “if factual indications exist of a concrete danger” that threatens “the life, limb, and freedom of the individual” or “the basis or continued existence of the state or the basis of human existence.” The decision also ruled that any secret infiltration of an information-technology system is “in principle to be placed under the reservation of a judicial order,” and that any statute permitting such an infiltration must “contain precautions in order to protect the core area of private life.” Even more remarkably, as mentioned above, the court found that the general right of personality Some orders referred to more than one type of telecommunications interception. Bundesamt fr Justiz [Federal Office for Justice], “bersicht Telekommunikationsberwachung (Manahmen nach §100a StPO) fr 2008,” July 14, 2009, http://www.bundesjustizamt.de/cln_108/nn_1635504/DE/Themen/Justizstatistik/Telekommunikationsueberwachung/dow nloads/UebersichtTKUE2008,templateId=raw,property=publicationFile.pdf/Uebersicht_TKUE_2008.pdf (in German).
Bundesamt fr Justiz, “bersicht Verkehrsdatenerhebung (Manahmen nach § 100g StPO) fr 2008,” August 24, 2009, http://www.bundesjustizamt.de/cln_115/nn_1635504/DE/Themen/Justizstatistik/Telekommunikationsueberwachung/dow nloads/UebersichtVerkehrsdaten2008,templateId=raw,property=publicationFile.pdf/Uebersicht_Verkehrsdaten_2008.pd f (in German).
Holger Stark, “Online-Durchsuchung: BND infiltrierte Tausende Computer im Ausland,” Spiegel Online, March 7, 2009, http://www.spiegel.de/netzwelt/web/0,1518,611954,00.html (in German).
Daniel Brssler, “Telefonberwachung: Der Staat hrt mit,” Sueddeutsche.de, September 22, 2009, http://www.sueddeutsche.de/politik/2.220/telefonueberwachung-der-staat-hoert-mit-1.25048 (in German); Gesetz zur Beschrnkung des Brief-, Post- und Fernmeldegeheimnisses (Artikel 10-Gesetz – G 10), available at http://www.gesetze-iminternet.de/bundesrecht/g10_2001/gesamt.pdf (in German), accessed September 9, 2010.
GERMANY FREEDOM HOUSE Freedom on the Net guaranteed by Article 2 of the German Basic Law “encompasses the fundamental right to the guarantee of the confidentiality and integrity of information-technology systems.”A law that took effect in January 2009 empowered the BKA to conduct covert remote computer searches to prevent terrorist attacks with a judge’s permission.51 Online searches are also an option in very severe criminal cases, with a special responsibility to safeguard the individual’s private life and the sensitive data obtained in the search. The law provides immunity from covert remote computer searches to political representatives, the clergy, and defense lawyers, but does not similarly protect doctors and journalists. In addition to computer searches, the act empowers the BKA to employ methods of covert data collection including dragnet investigations, surveillance of private residences, and the installation of a program on a suspect’s computer that intercepts communications at their source. So far, the Federal Criminal Court has not availed itself of its new rights.52 The state government of Rhineland-Palatinate empowered its police force in a similar way, adding the right to interrupt or hinder telecommunications but comprehensively protecting all the professional groups discussed above.
Preventive covert remote computer searches have been defended as a last-resort measure for combating terrorism, but the utility of the tactic has not yet been proven. 53 It has so far been ruled out as a source of evidence for criminal prosecution, and it remains unclear whether it may be used by secret services such as the BND, the Federal and State Offices for the Protection of the Constitution, and the Military Counterintelligence Service (MAD).
Since 1999, the BKA has maintained the Zentralstelle fr anlassunabhngige Recherchen in Datennetzen (ZaRD), roughly translating as a “central unit for unprovoked searches in data networks.”54 The ZaRD, rather than assisting with existing investigations or pursuing outside tips, actively monitors the internet for signs of unlawful activity in Germany and abroad. Once it has discovered such signs, it can request additional data under Section 113 of the Telecommunications Act, Sections 100g and 100h of the StPO, and Section 7 of the Federal Criminal Office Act, which in turn refers to Section 163 of the Bundesverfassungsgericht, Headnotes.
Dirk Heckmann, “Anmerkungen zur Novellierung des BKA-Gesetzes: Sicherheit braucht (valide) Informationen,” Internationales Magazin fr Sicherheit nr. 1 (2009), http://www.imsmagazin.de/index.phpp=artikel&id=1255446180,1,gastautor (in German).
Cordula Eubel, “Online-Durchsuchungen – bisher geht es auch ohne,” Der Tagesspiegel, May 25, 2010, http://www.tagesspiegel.de/politik/online-durchsuchungen-bisher-geht-es-auch-ohne/1844734.html (in German).
It is interesting to note that the same was said about telecommunications interception at the 66th Conference of Federal and State Commissioners for Data Protection, held in Leipzig on September 25–26, 2003. See “Entschlieung – Konsequenzen aus der Untersuchung des Max-Planck-Instituts fr Rechtswirklichkeit und Effizienz der berwachung der Telekommunikation,” http://www.bfdi.bund.de/cae/servlet/contentblob/416440/publicationFile/25103/66DSKKonsequenzenAusDerUntersuchungDesMax-PlanckInstitutsUeberRechtswirklichkeitUndEffizienzDerUeberwachungDerTelekommunikation.pdf (in German), accessed September 9, 2010.
Its profile can be found at http://www.bka.de/profil/zentralstellen/zard.html (in German), accessed September 9, 2010.
GERMANY FREEDOM HOUSE Freedom on the Net StPO. The ZaRD’s investigations uncover 600 to 800 cases of illegal activities annually, of which 70 percent or more involve the storage and dissemination of child pornography.The BKA reported a total of 50,254 criminal cases in 2009 involving information and communication technologies (ICTs), causing ˆ36.9 million in damages. Almost half of the cases, 22,963, involved computer fraud, and the second-most-common type, at 11,491, centered on illegal data interception and spying.56 The BKA noted that many more cases are not pursued legally or are not even detected, and that the professional perpetrators, especially international criminal syndicates, constitute a fundamental threat. This argument has been bolstered by the Association for German Criminal Investigators, which sees the internet as the “biggest crime scene of the world.”57 Among other steps, the association calls for mandatory registration with a governmental authority of every user who employs the internet for business transactions, the training of special units to fight computer crimes, and more scope for overt and covert investigations on the internet, especially on socialnetworking sites.
As of early 2009 there were a total of 80 surveillance facilities maintained by different authorities in Germany. By midyear, a Telecommunications Surveillance Service Center and a Telecommunications Surveillance Competence Center had opened at the Federal Administration Office (Bundesverwaltungsamt) to support the existing surveillance facilities and to start centralizing their activities. The first step in this direction was the linking of the surveillance technologies of the BKA and the Federal Police that year. Critics argued that there was no legal basis for building such “super interception headquarters,” and that they would erode the barrier between secret services and police that was incorporated into the constitution as one of the lessons learned from the Nazi era. Moreover, it was unclear how such a centralization of surveillance would safeguard the separation of different investigations and their distinct aims, legal underpinnings, and pools of data.As noted above, the secret services conduct surveillance under the Act for Limiting the Secrecy of Letters, the Post, and Telecommunications (Article 10 Act–G 10), which enables them to intercept, monitor, and record private communications, and stipulates that their activities are to be governed by the Parliamentary Control Panel, which in turn An indication of the constancy of this low number of cases and the prevalence of child pornography is provided by Robin O.
Debie, “IuK-Kriminalitt, mehr als nur Cybercrime: Entwicklung – Stand – Perspektiven,” JurPC, 2004, available at http://www.jurpc.de/aufsatz/20040214.html (in German).