Rushed through the back door: New G-10 bill introduces measures for the direct surveillance of users

Last Thursday, 10 June, the German government coalition of SPD, CDU, and CSU voted in a bill that may open the door to widespread state surveillance. Hastily rushed through, an exacerbating amendment was introduced and passed at the last minute, which went far beyond the previously agreed changes, and which was controversially debated even within the governing coalition. Although app vendors and e-mail services such as mailbox.org are explicitly excluded, this kind of legislation massively undermines the security and trust of Internet providers, explains Peer Heinlein.

The bill prescribes how exactly peoples' telecommunications secrecy rights as defined in the German basic law, article 10, and limited in paragraph 2, are to be applied by investigative authorities and intelligence services. The reforms that just went through parliament extend the measures for lawful telecommunication interception and aim to force the providers of communication services to limit the security and integrity of their own services so as to support the intelligence services in performing surveillance on people.

Not only does the new bill mandate Internet providers to assist in the setup of devices but also in the supply of any information that is required for the installation of surveillance software. It also enables the intelligence services to obtain data from cell phones, for example. Critics of the new legislation have pointed out that the very security vulnerabilities that need to be maintained for state surveillance software to work properly can also be exploited by common criminals. More generally, this approach will only serve to increase the general feeling of mistrust and lack of security among Internet users.

In worst case, telecommunication service providers could be forced to spy on their own customers, something the parliamentary party “Die Linke” compared to the aiding and abetting of (state-sponsored) hacking. Unsurprisingly, constitutional complaints concerning this issue have been lining up already. Konstantin von Notz, expert for domestic and digital policy from the green party called the bill „disastrous“ and said it was „unbearable” that this particular bill, which so massively restricts individual freedoms, had been „disguised” among 70 other agenda points of the home affairs committee, one day before the vote.

mailbox.org-CEO Peer Heinlein says:

„There is no question that investigative authorities and intelligence services need to keep up with modern technology to fulfil their mandate in the 21st century. No one wants to see those who work in law enforcement to be undermined or prevented from carrying out their duties. It always has been and still is possible for them to do their job. However, the idea of maintaining common security vulnerabilities because these are required for the so-called lawful interception of telecommunications is a risk for everyone’s security and inconsistent with the basic rights granted by our constitutional law. Any constitutional state should aim to protect the security of its citizens, and not work to undermine it. In our country, the separation of powers with checks and balances present a higher good to society, which stands in contrast to these plans, which effectively try to conscript providers to act as deputy law enforcement officers.

The haste with which the amendments were pushed through is clear evidence that those responsible were very well aware of their wrongdoing. Once again, this federal government has chosen to ignore the provisions issued by our constitutional judges and so, this bill will - once again - be smashed by the federal constitutional court in Karlsruhe.

We at mailbox.org will never consider ourselves to be an extension of law enforcement. We will continue to protect the privacy of our users, for example by promoting and further developing end-to-end encryption, and making it as easy as possible to use for people. mailbox.org will also continue to invest in the development of technologies that enforce privacy by design to make sure service providers do not have access to the communication contents of their users.“

Together with our many partners, mailbox.org has contributed to an open letter that argued against the original plans of the federal government that suggested a massive expansion of digital surveillance as well as a ban of the use of effective encryption techniques.

Aside from mailbox.org, signatories of the open letter include our colleagues at Tutanota and mail.de, the Chaos Computer Club, Facebook, Google and many other affected service providers. We call for the legislature to cease introducing any further measures that are deemed to endanger the security of all citizens.

The open letter also demands that any legislation that has such significance be prepared carefully and prudently, and not hurried along at the end of a legislative period. The ultimate mandate of parliament and government is to protect citizens and businesses, and we think this means the development of encryption technology should not be weakened but promoted and encouraged to maintain the integrity of all digital communication.