Germans became the best-protected users of computers and the Internet today when the Federal Constitutional Court set out strict rules for government agencies anxious to spy on their hard disks. The decision was widely viewed as a slap in the face for Wolfgang Schaeuble, the hard-liner Interior Minster who has been proposing that law enforcement agencies be given broad powers to monitor the computers and e-mails of suspects on their own authority. No, the court said, you have to ask a judge first. And if during the course of an authorized surveillance the police also happen to stumble across highly personal data, then it is their obligation to erase it “immediately”.
Surprisingly, German turns out to be a rather imprecise language. Forget their perfectionist image: “unverzueglich”, the word used in the court decision, can also mean “promptly”, “unhesitatingly” or even “instantaneously”, depending on context. So that leaves the cops quite a bit of leeway and doesn’t exactly please the digital rights crowd, either. Still, better than nothing, supporters say. Especially since the court also severely limited the use of one of Schaeuble’s favourite high-tech toys, the so-called “Bundes-Trojaner”, or “federal Trojan”; a piece of software allegedly under development at the BND, the German equivalent of the FBI, and designed to sniff out suspicious correspondence between terrorists. Never mind that nobody seems to have figured out how to sneak the state-sponsored malware past a simple virus detector, much less how to get the bad guys to click on the self-extracting application. And never mind that nobody in the Berlin government seems to have heard of PGP or other easily available encryption tools.
The historical dimension, if there is one, lies in the high court’s recognition of the individual’s basic right to being able to use a computer without fear of being observed. Collecting data stored or exchanged on a personal computer “directly encroaches on a citizen’s rights”, the judges decreed, given that fear of state-sponsored snooping could prevent “unselfconscious personal communication” which they deem a human right.
While lawmakers will be able to pass legislation on computer spying as planned, the court has laid down strict ground rules that are intended to limit the number of cases in which it will in fact happen. The greatest hurdle is the requirement of judicial approval in each and every case, with the burden of proof of “clear evidence of a concrete threat to a prominent object of legal protection” (e.g. life, liberty, or property) clearly lying with the authorities.
Unfortunately, the federal judges did not answer a number of basic questions, such as whether hacking personal data stored on another computer is to be considered a crime. This is especially interesting in view of recent German legislation that compels Internet Service Providers to keep records of all e-mail transactions for at least six months in case the police decide they want to see what a delinquent was doing. And while the judges do recognize the danger stemming from cache storage by programs like web browsers on an individual’s machine, it does not discuss caching by providers or search engine operators. Neither is their any mention of personalized portable devices like PDAs or Smartphones, leaving some confusion as to whether these are also covered by the definition “personal computer”. In fact, the brief specifically singles out PCs “such as those in many homes”, so conceivably it’s okay for the bulls to spy on your Blackberry once you leave the house.
Foreigners have long struggled with the concepts behind German privacy law which many, especially Americans, find exaggerated and contra productive. If so, they will have to make an extra effort to get their head around the idea that hard disks, like homes, can be castles. But of course, anyone who has ever taken a boat ride down the Rhine is familiar with the German penchant for castle-building, so maybe it shouldn’t really come as a surprise.