Berlin The new federal government has set itself clear security policy goals. The traffic light coalition agreement states: “The interventions by the state in civil liberties must always be well justified and considered in their overall effect.” The SPD, Greens and FDP therefore promise a “monitoring accounting” and by the end of 2023 at the latest an independent scientific evaluation of the local security laws.
Federal Minister of Justice Marco Buschmann (FDP) recently confirmed the plans at the virtual New Year’s reception of the German Lawyers’ Association and asserted: “It’s about bringing freedom and security into a fundamental rights-oriented new balance.”
The Friedrich Naumann Foundation for Freedom, which is close to the FDP, is now speeding up and providing a blueprint for the implementation of the “surveillance accounting”.
On behalf of the foundation, the Max Planck Institute (MPI) in Freiburg created a model concept for research into crime, security and law. It is entitled “Surveillance barometer for Germany” and is available exclusively to the Handelsblatt.
It is about an overall view, “which sort of adds up all available state surveillance measures,” says the report with a view to data queries by the authorities for security and criminal prosecution. The researchers’ first conclusion: In almost all areas there is a “significant increase” in official access to data.
Citizens’ burden of surveillance “particularly clear”
The MPI scientists write that the increase in the various forms of account queries and in the query of telecommunications traffic data was particularly strong. When querying account balance data, the increase was “almost exponential”.
Broken down to the perspective of citizens, for about the year 2018, this means on average 73 telecommunications surveillance orders and 110 traffic data queries by law enforcement authorities, 3758 simple account queries and 205 queries of customer data by various authorities at the three market-leading IT providers every working day Microsoft, Apple and Google.
“Even this small excerpt makes the monitoring load visible in a particularly clear form,” says the concept.
The reason for the debate is the groundbreaking judgment of the Federal Constitutional Court in 2010 on data retention without cause. The Karlsruhe judges declared data retention without cause in the field of telecommunications for the purpose of averting danger and criminal prosecution to be permissible in principle, but considered the specific design of the provisions in the Telecommunications Act at the time to be unconstitutional.
Beyond the specific individual case, the court stated that the legislature would be forced to exercise greater restraint in future when considering new storage obligations and authorizations with a view to “all of the various existing data collections”. As a result, a discussion arose about a possible monitoring accounting.
The Freiburg MPI researchers Ralf Poscher, Michael Kilchling and Lukas Landerer have now developed a model that could be used to measure the monitoring burden on citizens in the future.
Concrete pilot study on the “surveillance landscape”
For the barometer, there must therefore first be an inventory of the surveillance scenarios. It also needs to be clarified which security authorities have access to the specific data and what the number of accesses is.
The accesses would finally be weighted according to constitutional criteria – the duration of the measure, its “dispersal effect” or “secrecy” should be taken into account. The intensity of the intervention can, for example, be classified as minor, sensitive or particularly strong. In this way a monitoring index value is created.
The results are then to be aggregated. The entire monitoring load, individual scenarios or regional monitoring would be measurable.
Specifically, the researchers have already carried out a pilot study. To do this, they first collected “monitoring scenarios that are particularly relevant to practice”. In her opinion, there has never been a “such a comprehensive inventory” of the “surveillance landscape” in Germany.
The seven-page overview with 14 scenarios ranges from classic telecommunications surveillance to querying account data from telemedia services such as search engines, webmail services or social media to the unreasonable retention of customer data at banks for money laundering control or flight passenger data to combat terrorism.
The list also includes home surveillance using smart household appliances, mobility data queries and dragnet searches.
Many government agencies can access data
It also lists how many government agencies can access the data, such as the public prosecutor’s office, the Federal Criminal Police Office, the Federal Police, the respective state police, intelligence services, tax authorities, customs authorities, the network agency, Bafin or the Federal Central Tax Office.
For the pilot study, the MPI scientists initially limited themselves to a selection of “monitoring issues that are particularly relevant to the intervention”. In some cases, “detective research work” is necessary to access the data.
Result: The number of data requests from IT providers is increasing noticeably. The monitoring density in connection with the unprovoked retention of account management and other financial transaction data is also increasing, as is the inventory data query for bank accounts.
The former Federal Minister of Justice Sabine Leutheusser-Schnarrenberger, who is now deputy chairwoman of the Friedrich Naumann Foundation for Freedom, told the Handelsblatt: “The data on surveillance measures evaluated in the study show some absurd excesses of surveillance.” frequently monitored as elsewhere in Germany.
In addition, many data accesses and transmissions are already so automated “that their effectiveness is no longer questioned”. The debate on security laws must “finally be objectified again”.
More: Why the head of the cartel office, Mundt, wants to expand the leniency program