State trojan: What is the proposed law?
In today's cabinet meeting, the German government wanted to decide on the draft law on the harmonization of the constitution protection law. They postponed the decision to further discuss details, but the law is planned as the government has already put it on their website.
In this draft, the German government wants to oblige internet service providers (ISPs) to divert data streams to the secret services. The draft specifies that providers must make the installation of a state trojan "possible by supporting the redirection of telecommunications".
Objection to state trojan
As an email service, we at Tutanota would not be affected by this law. Nevertheless we strongly oppose this draft law. The draft creates a lot of issues for internet service providers and for Germany as an IT location as a whole. If passed, this law would
- enable violation of privacy rights of German citizens with no judicial oversight.
- undermine the integrity of ISPs.
- destroy user trust in German ISPs.
- significantly harm Germany as an IT location.
Violation of privacy rights
The draft on the harmonization of the constitution protection law will enable all 19 German authorities, including the secret services, to install state trojans on suspected criminals computers and smartphones. The trojans can also be injected on devices of communication partners of criminals so that also innocent people would be affected.
One major problem with this is that other than the Federal Office of Criminal Investigation (BKA), which already is permitted by law to use known vulnerabilities to inject trojans on devices of suspected terrorists, other German agencies such as the Federal Intelligence Service (BND) are not obliged to get a warrant from a German court before initiating such a monitoring measure. Surveillance measures of the BND would have absolutely no judicial oversight.
As previous scandals like the journalist scandal have shown, no authority should be given the power to monitor potentially all German citizens without having to give account on this to anyone.
Problematic for ISPs
The draft is also very problematic for ISPs as it would require them to become the "sheriff's deputy", which the German organization for telecommunication providers Bitkom critcizes:
"The amendments to the Article 10 Act are intended to oblige telecommunications providers in future to actively help the security authorities to introduce malware into the end devices of the target persons via their networks. However, this plan fails to recognize the enormous risks for the overall network integrity of the providers and the associated loss of trust. Furthermore, it is urgent to avoid a negative overall correlation of the currently discussed draft laws, especially with regard to the amendments of Telecommunications and IT Security Act."
Problematic for trust in politics
Taken together, all these negative implications of the draft law only increases the distrust of people in politics and politicians. In recent years, the German government has passed several surveillance laws, particularly data retention laws. Each time, the laws were declared as unconstitutional by the Federal Constitutional Court.
While we welcome that the court holds politicians responsible to the German constitution and the privacy rights granted to every German citizen, this process is very harmful to a democracy: Each time the court declares a law passed by the German government as unconstitutional, people start asking themselves why the politicians do not respect and follow the rules guaranteed by the German constitution in the first place.
Of course, mistakes happen. But if a government repeatedly passes the same law with a different wording, the conclusion people draw from this is that the government might be doing this on purpose until finally the court gives up its resistance. The new proposal aims at the same direction.
Konstantin von Notz, Vice-Chairman of the Green Group and Vice-Chairman of the Parliamentary Control Panel, says about this draft:
"Especially in these times, it is urgently necessary to restore the trust in the work of the Federal Office for the Protection of the Constitution, which has been massively lost in recent years. The exact opposite is happening here."
"The Federal Government also seems to learn little from recent court rulings. There is no other way to interpret the draft. The unconstitutionality of this project of CDU/CSU and SPD is written across its forehead. It massively endangers IT security."
Stop state trojans
Once the draft has been concluded in the cabinet's meeting, it will be discussed in the Bundestag some time after the summer break.
The controversy on whether internet service providers should be obliged to support the installation of state trojans is expected to being discussed in length. The discussion will also include questions on the draft's consistency with the German constitution as well as questions on liability, legal certainty, technical guidelines and costs.
Call or email your MP now!
Everyone of us must act now to influence this discussion to make the Members of Parliament aware of the issues of this law.
Here you can search for the representatives of your city or district. Below this post, we have prepared an email that you can send to your representative. We must all act now to stop this law!
You can also become a member of the Society for Liberties. The NGO is already suing against the state trojan for the German Federal Office of Criminal Investigation (BKA). The NGO also plans to file a lawsuit against the state trojan for all 19 German authorities and against the provider obligation to support the authorities with this should this law be passed.
Legal experts agree that the conformity with the German constitution is very unlikely. The Federal Constitutional Court only recently ruled that the protections on internet activity stemming from the right to privacy extend to non-Germans, as well; a great victory for defenders of the German constitution and our right to privacy. The new proposal by the German government goes into the exact opposite direction: Undermining everyone's right to privacy, including German citizens.
Draft letter to German MPs
Here is a draft letter to your MP. It is best if you amend this letter so that it contains your own words to describe the issues you see with the proposal on the harmonization of the constitution protection law. Check here to search for your representative and their contact details. You can also search on Abgeordnetenwatch.
Sehr geehrter Herr / Sehr geehrte Frau ,
als Ihr Wähler fordere ich Sie dringend auf, den Gesetzentwurf zur Harmonisierung des Verfassungsschutzrechts abzulehnen.
Dieser Entwurf würde den Geheimdiensten zu viel Macht einräumen und das, ohne dass die Geheimdienste Rechenschaft über ihre Überwachungsmaßnahmen ablegen müssen - nicht einmal gegenüber dem Bundestag.
Diese weitreichenden Machtbefugnisse für die Geheimdienste beeinträchtigen das Recht auf Privatsphäre jedes einzelnen Bürgers, da auch Unschuldige uneingeschränkt überwacht werden können. Außerdem gefährden die Überwachungsmaßnahmen die freiheitliche Demokratie, da die Geheimdienste Überwachungsmaßnahmen anordnen und durchführen können ohne Rechenschaft darüber abzulegen.
Ich gehe stark davon aus, dass das Bundesverfassungsgericht die derzeitige Gesetzesvorlage als unvereinbar mit der deutschen Verfassung kippen wird.
Daher bitte ich Sie eindringlich, lehnen Sie das Gesetz zur Harmonisierung des Verfassungsschutzrechts öffentlich ab.