Yesterday, the German Federal Constitutional Court declared the German law on "Vorratsdatenspeicherung" for illegal. That wasn't a real surprise, given that this is overall well aligned to other decisions of the Federal Constitutional Court. Two interesting annotations: There where some 35.000 suitors against this law. And the German Minister of Justice, Sabine Leutheusser-Schnarrenberger, was amongst them. She started the law suit when being in opposition - right now she had the interesting situation that there was a lawsuit by her against Germany, represented by her - so she would have been a winner in that case anyway.
The law on "Vorratsdatenspeicherung" (a nice term, isn't it, as long as the name of the Minister of Justice) is about the collection of data at ISPs and other types of service providers - about connection logs in internet and telephony services. They had to be kept for six months to allow investigations. The law has been formulated based on an EU guideline, but exceeded the minimum requirements of that guideline. The fact that this law has been declared illegal might affect as well the EU guidelines because they are critizised not only in Germany but in other countries as well, it probably will affect other instances of massive and undifferentiated data collection of the German state.
The Federal Constitutional Court doesn't forbid the collection of information. However, the current law didn't fulfill the requirements of data security, didn't comply with some other laws (like the protection of preachers, doctors,... and their confidentiality requirements), and didn't restrict the use of the information sufficiently. Interestingly, the Federal Constitutional Court also decided that the information has to be deleted immediately (or at least as fast as possible), thus the decision goes beyond other decisions which allowed the government to first improve the law, without changing the status quo.
After the decision of the Federal Constitutional Court had been unveiled the discussions about the next steps started immediately - and that's where IPv6 comes into play. Within its decision, the Federal Constitutional Court declared that connection data of churches, some governmental organizations, and other specified parties must not be stored. That led to the argument of the lobbyists of the "internet economy" (e.g. ISPs and so on) that this can't be implemented. Given that IP addresses are usually assigned dynamically it wouldn't be feasible to exclude some groups. But, honestly, that isn't true. It is true as long as you rely on IPv4 and dynamic IP addresses (and given that they are limited, we have to). But it isn't true with IPv6. With other words: When relying on IPv6, you can comply with the decision of the German High Court. Given that the technology supporting IPv6 is out in most areas - client operating systems, servers,... - at least in most cases, the answer is simple: Finally switch to IPv6 as the standard protocol and you're done. Overall, we've been waiting way to long for IPv6 becoming the primary protocol and IPv4 being used only for backwards compatibility. This decision, with its impact on the entire European legislations in that field, thus might become a push towards IPv6.
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
How can we help you