Among all of the Covid 19 pandemic news which currently dominates the headlines, we should not lose sight of some actions being taken by EU governments to spy on unsuspecting citizens.
Heise Online is a well respected German magazine focusing on PC-orientated publications. Last month it issued a worrying report about moves by the German Federal government to reform the Code of Criminal Procedure to allow for the scanning of vehicle license plates. One particular paragraph of the Code enables law enforcement officers to automatically collect “license plates of motor vehicles as well as place, date, time and direction of travel”, this being without the knowledge of the persons concerned. This data then gets compared with other vehicles registered to suspects.
The Code states that, in theory, there must be “sufficient factual evidence that a criminal offense of considerable importance has been committed”. This somewhat vague definition refers to commercial, gang and organized crime in general. The Code stipulates that data collected should only be held on a temporary basis and be deleted if of no immediate use to law enforcement. There is no mention of a system of oversight and experience in other countries, such as the UK, shows that much of this type of data can remain on file for long periods.
Germany is really pushing hard with its efforts to invade people’s privacy and has long been trying to have backdoors installed in end-to-end encryption. Back in 2015, the then German Federal Minister of the Interior, Thomas de Maiziere, stated at the International Forum for Cyber Security that German security authorities must be “authorized and able to decrypt or circumvent encrypted communications when necessary for their work to protect the population”. Prior to de Maiziere’s comments, the then British Prime Minister David Cameron said he wanted his secret services to be able to eavesdrop on all communications channels. In his opinion, encrypted chats should be prohibited by law if necessary.
Also in 2015, an EU counter-terrorism report, in a paragraph headed “Encryption/interception”, it was suggested that the Commission “be invited to explore rules obliging internet and telecommunication companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights, access to relevant national authorities to communications (ie share encryption keys)”.
These proposals were met with much criticism from various groups. The Greens in the EU Parliament said:
“Anyone who wants to oblige IT services to crack secure communications is definitely overriding the fundamental rights to data protection and privacy, as well as communication secrecy.”
The German Home Office is still unable to resist the temptation to stick its nose yet again into the end-to-end encryption debate. Commenting on an EU draft document which was released towards the end of last year, Interior Minister Horst Seehofer said the document didn’t contain “any proposed solutions or demands for a weakening of encryption systems,” adding that the resolution was to be “a first step towards a trustworthy discussion and cooperation between politics, business and academia.”
The EU have realized that the somewhat brutal approach suggested by David Cameron is a non-starter. Therefore, it can be seen in the document that a more measured approach is proposed to enable a backdoor. It states that the aim of the initiative is “to enter into a permanent dialogue with the industry on proposed solutions which represent the least possible interference with the encryption systems.” Well, a backdoor is a backdoor even if it is described as “the least possible”. Like a dog with a bone, the Federal government won’t let go, as they pressed on, talking about the “need to strike a balance between the protection of company secrets and personal data and the needs of the security authorities.”
Any weakening of end-to-end encryption will of course be strongly opposed. The deputy chairman of the board of the IT association ECO, Klaus Landefeld said:
“This deep intervention that thwarts IT security and manipulates complex software systems of the operators of messenger services is in no relation to the as yet unproven benefits in the fight against crime and terrorism.”
Dirk Engling, a spokesman for the Chaos Computer Club warned that:
“Secure end-to-end encryption must become a rule in order to guarantee the protection of business, civil society and politics in the 21st century. Instead, this shot in our own knee would catapult us back into the Stone Age.”
The creeping invasion of privacy in Germany continues with a new requirement to add fingerprints to national ID cards and residence documents. This will actually be EU-wide starting on August 2, 2021. So from that date onward, applicants will have to give prints from their left and right index fingers. Anyone who is now eligible for an ID card should therefore apply before that date whilst the fingerprinting is not a requirement and thus maintain a degree of privacy during its ten year validity period. Previously in Germany, it was voluntary as to whether or not you wanted your fingerprints included on your ID card although this option was never highlighted during the application process.
Now with the inclusion of fingerprinting, people will be identifiable for life even if they change their name and location to escape persecution or threats. Moreover, without oversight, since 2017 police and secret services in Germany have been able to automatically access the biometric photos from ID cards and soon fingerprints will also be readily available to them. Those traveling abroad with biometric passports are also at risk when they visit authoritarian countries as their complete data will be captured and retained forever.
This relentless encroachment on the rights of the individual is something we must all stand up against.
You have been warned! More next week...