The EU, which Germany is a major part of, passed the Data Retention Directive [0] in 2006.
That directive required every state in the EU to pass laws that all their citizens telecommunications metadata would be stored for at least 6 months, and often more, up to 2 years.
As I understand it, this means all 'metadata' is required to be stored, including the source and destination for every phonecall and text message, including cell location for cellphones, and information mapping IPs to users for web+email (and perhaps also the source and destination of every e-mail; but I'm not certain about that?). I believe that the data is stored by service providers, and only passed to law enforcement in the context of a particular investigation in theory (in the Irish implementation, a court order is not required to access an individual's records; a request from a high ranking law enforcement officer or tax official is enough). But its all collected and stored.
Maybe that's a sufficiently big difference that warrants the EU retention laws not being mentioned in this article? But it seems to me that they should still be part of this narrative.
There have been challenges to the EU directive, and countries dragging their heels about implementing it. But, by and large, it is an established part of EU law.
I don't know a lot about this area, but I feel that an understanding of existing European data retention laws seems to be missing from the coverage of the European reaction to the US data collection issues.
In Germany, the data retention law was ruled unconstitutional by the German Constitutional Court on March 2, 2010. Data retention was allowed in general by the court, but only with significant restrictions. The German government failed to pass a new law which fulfills both the EU data retention directive and the court's restrictions. The EU Commission therefore is currently sueing Germany to implement the EU data retention directive. If the EU Commission prevails, Germany will have to pay 315.036,54 Euro per day as a penalty fee until a proper law is enacted.
There's more. There's technical standards, procedures and laws accross europe for the storage, retrieval and processing of metadata and other information.
Without judging this I see one positive thing - it is publicly known what information is collected, there is a debate about it and you can file a lawsuit against it. And as seen in Germany they courts are really taking the issue serious and don't just try to silence you. To me this seems orders of magnitude better than not even knowing what is going. Of course, as seen in the case of the UK, there is no guarantee that nothing else is going on but even after the events of last weeks I still have quite a bit of trust in Europe.
After reading a bit into it I think the situation is actually quite good. The EU passed the directive requiring all EU countries to adopt national laws for data retention but now there are lawsuits all over the place. The directive has been widely adopted by the member states - in some cases after being sued by the EU for not adopting the directive (but this court is not responsible for ensuring that the directive does not violate other laws) - but at least in Germany, Romania and the Czech Republic the laws have been canceled after they were ruled unconstitutional. There are pending lawsuits against national laws in other countries, more lawsuits against member states, for example Germany, by the EU for not adopting the directive and lawsuits against the directive. After being ruled unconstitutional and violating human rights in several countries I think it is only a matter of time until the whole thing gets buried. It will have cost an insane amount of time, money and dedication but the system still seems - more or less - to work.
Even Schmidt, 73, who headed one of the more infamous departments in the infamous Stasi, called himself appalled. The dark side to gathering such a broad, seemingly untargeted, amount of information is obvious, he said.
“It is the height of naivete to think that once collected this information won’t be used,” he said. “This is the nature of secret government organizations. The only way to protect the people’s privacy is not to allow the government to collect their information in the first place.”
"The Lives of Others" (Das Leben der Anderen) is an excellent German film that dramatically shows the intrusiveness of the Stasi (secret police) into daily life in the former East Germany.
Ironically enough, the lead actor (Ulrich Mühe[1]) had really been under Stasi surveillance; a surveillance to which his then wife allegedly collaborated.
It's interesting that the only defense the USG can muster in this debacle is their insistence that there are policies in place to prevent abuse.
Policies change when governments change, so every time there are US senate elections[1] or US presidential elections[2] then it'll be a chance that we irrevocably move further down the dark road of totalitarianism.
If there's anything to do to remedy this situation, it's talk to your congressional representative. Gerrymandering may have made that a pointless task, but it's just the first step towards freedom.
The "we have policies" defense is complete horse manure for the reason you stated and also because if those policies are secret, as is the case with regards to wholesale surveillance state policies, there is no way to verify they're being followed or hold anyone accountable for violating those policies.
Additionally even when governments don't change the policies have an uncanny habit of not being followed whenever it's convenient to ignore them. That has happened time and time again.
Assuming this level of unconstitutional surveillance continues, what can we do?
Here are some of my ideas: Send encrypted emails, to communicate long distances. Use the internet way less. Use cell phones only to arrange real life meetups. Hang out & talk to people in real life. Never have a meaningful discussion "over the air".
In general, I am using the internet and electronic communications less and lees. Often I am now asking myself if what I am going to do is necessary or does it have to be electronic.
As well as altering my choice to use, I am adding more and more security options. Mainly silly small things like the add-on that chooses HTTPS, ad blockers, or using Iron in stead of chrome, and so on. So, where I have an easy or ultimately seamless choice, Im choosing to encrypt and block. Nothing major, I know I am not secure, but more of my traffic is encrypted. Lastly, while I have used Linux servers for years, Im now trying to make Linux work for me as a Windows replacement. Partly because of the awful Windows 8 which I will down grade to from Vista (!!!), but more so because of these security issues.
So, nothing big, but a general move. But one key thing is that is people are anything like me, what we will see is more and more internet traffic become encrypted. Not sure what that with do to spy paranoia. Probably makes us default guilty.
The other plan is to use NO defenses what so ever. Open one's self up, but never ever do anything other then the tedious benign on the internet. Show the world how open and nonthreatening you are. Keep all the evil stuff like joint smoking, porn watching, political opinion, medical questions, employment details, etc off the electronic spy.
In general, plaintext protocols of any form should be met with the same derision as something like telnet would today. Encrypt all the things. We need the very idea of sending something like plain ASCII beyond your computer to be offensive at its core.
Considering passwords are often stored in plaintext and companies think this is no big deal, I'm not sure how well that will work.
Without proper trust models in place, this won't solve all the problems, but I feel like that's what the culture of communication on the Internet has to look like. It has to be done by the engineers at the protocol level, and application developers have to adopt it. Servers and other peer-to-peer clients should refuse to speak plaintext.
Focusing on things like getting people to use PGP, OTR, etc, is hopeless and will only work with other privacy geeks.
PGP/GPG adoption needs to go way up, but I am concerned by the rise of "non-owned" devices. I would put way less trust in running PGP/GPG from a client-side mail client on a smartphone with OTA updates, apparent carrier spyware, etc than I would in PGP/GPG running on OSX, for instance.
Maybe one way to partially mitigate these concerns is to push for only storing/using private keys on these devices on a TPM.
How about sending all that meaningless bullsht emails with an additional notice, like we have for confidentially along the lines of, and then suing the US government if your stuff ever turns up (yes, I know, it's difficult).
This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged... If you are the NSA then please note I am a US citizen and under 4th Amendment rights you are not lawfully allowed to store records of this message
I'm going to have to go with "no". Or perhaps "yes and". We should not be forced to curtail our use of one of mankind's greatest triumphs because a few cold-war troglodytes think that they are somehow entitled to read all of our mail and arrest us for word-crimes.
These people don't deserve the power given to them in trust. We should remove it from them. Nothing less than that will do.
That depends on who does the surveillance. Stopping to use American services is a simple start, and it is much easier to act against surveillance in your own country than it is to act against surveillance by the US.
Of course, this only helps if your ‘home area’, i.e. the area you trust to not intercept your messages and where you can act meaningfully to ban such interception, is sufficiently large – given the size of the EU (for example) even after Britain is out, that shouldn’t be too much a problem.
For everything going outside this green zone, encrypted communication is the go-to-response, be that PGP, OTR or at the very least HTTPS.
This actually made me think about what kinds of analog communication equipment could we use and encrypt transmissions with? I know Motorola makes some two way radios that have encryption, just not sure how good it is.
It would be interesting if people started to revert back to less and less digital communication and went back to doing what you're talking about. It's almost like another counter revolution taking shape.
Those are all passive responses. Not meaning to be critical but they are the best case response that the government could hope for.
How about picketing outside the office of your Congressman/woman? We're invisible with passive responses. I think as a people we need to get over the sense of embarrassment we feel when we gather as group for a political cause.
Since much of the information is used to find out who you hang out with, your strategy doesn't help as much as you think. Guilt by association, you know.
My father, a man of 75 years old in the last couple of months had been mentioning that all our calls were being recorded. I dismissed him as just paranoid. After all, I'm the software developer, I'm the techie in our house. I know best, I would tell myself. Now I feel quite stupid. How could I have been so naive in believing that our government would never do this. This is the land of the free after all right? I've learned to never trust our government. At least that is a good thing that came out of this.
edit: The funny thing is that right now he is having a small problem with somebody because they had a verbal agreement over the phone about how much a repair would cost. Both their memories seem to remember different things. It is only a couple hundred dollars but my father said that if were in the order of $50,000 or more he would get a lawyer so that the conversation he had with the man could be retrieved to prove my father was right. I told him that that would never happen because, mmm..., because the government would not want to give it to anybody else. At that point I remembered that I had already been wrong once so I could easily be wrong again.
In my experience over the last few weeks, younger Germans (my age, 30 years & younger) are blissfully ignorant ("I don't have anything to hide" - sounds familiar ?) to the impact of the government spying on its citizen.
24 years are a long time & that part of history is not as well-ingrained in the collective memory as the Holocaust. :-(
Its always struck me as odd that Germans seem to be so hot on privacy but seem fine with having mandatory ID cards and with the police being able to demand you show it.
"Memories of Stasi color Germans’ view of U.S. surveillance programs"
Might as well have written: "Memories of segregation and lynching color African American's view of modern day bigots".
I mean the "color" part tries to make it as something strange (or even bad, some kind of "distortion") is happening, when it's the most natural thing in the world: actual historical experience with the issue, makes German's more informed on what it can result to and more sensitive to how bad it is.
I'm always amazed to what BS spin columnists put on their stories. And not always innocently.
If a similar interview with someone who did participate in lynchings were conducted, I don't think your second title would be all that far off. But racial bigotry isn't the hot issue right now. I think it's helpful to draw parallels to the past - and a title like that might help encourage people to actually read.
Dagmar Hovestaedt is the spokeswoman for the German
Stasi Records Agency, which showed 88,000 people last
year what the Stasi had gathered on them. She said the
U.S. should consider doing the same.
The Stasi Records Agency is known in Germany as "Gauck Behörde"[1], because for ten years its head was the anti-communist civil rights activist Joachim Gauck.
Gauck is now President of Germany and when Barack Obama was in Berlin they met and according to the schedule talked for one hour.
I was curious which topics they discussed, but unfortunately it was not covered in the press.
The US is in need for a full operating system upgrade. Like going from Mac OS 9 to OS X. Not a .1 upgrade. Obama delivered a Microsoft-style upgrade. You were promised 'hope' and 'change'. What you got is a worse version of Microsoft Windows with lots of spyware and a built-in 'security' system.
Right. Also a federal guarantee of accessible health coverage, the end to two wars (and the notable lack of any new ones), two supreme court justices with quite acceptable records on civil liberties, and currently a reasonable shot at bringing federal immigration law into line with the size of the actual immigrant workforce.
I wasn't able to fit all that into your OS metaphor, sorry.
Clarification: Merkel said "Das Internet ist für uns alle Neuland", not “the Internet is new to all of us.”.
Now Neuland does not just mean "new", but "new land". Similar as America or Africa was new land after 1500. So it means, the internet is ripe to conquer it.
Merkel herself was a former Stasi member, known as IM-Erika (Informal Member Erika). Germany is currently tapping more phones, then DDR ever had. We do not have a PRISM scandal, but a law called Vorratsdatenspeicherung.
Merkel was not a Stasi member and she was not known as 'IM Erika'. There are some rumors, but that's it mostly.
The law 'Vorratsdatenspeicherung' is ruled unconstitutional by the 'Verfassungsgericht'.
That the Internet is 'Neuland' is trivially true. I have been using the Internet since the mid 80s. But what we currently have is completely different, of a different quality and unprecedented.
My favorite stasi joke: After the wall came down all the former stasi agents got jobs as taxi drivers - you get in the cab, tell the driver your name, and they already knew the address to take you home.
My son just asked why the English are so bad "spying on Europeans". I reassured him by saying that most western governments are almost cetainly corrupt (inc dear old Australia).
And he who controls the databases controls the politicians, police, lawyers, judges ... You get the idea.
And even better, just because you've got nothing to hide, it's easy for these databases to be changed by someone in the know.
These systems are extremely dangerous, and should not be underestimated.
What I find suspiciously absent from the relevations so far is the DNA angle. If the STASI had had todays technology, they would have tapped all phones, stored all data, and collected DNA samples wherever they can. Assuming that all spy agencies think more or less alike on the issue of data gathering, why haven't we heard of the NSA collecting DNA samples?
The US government's acquisition of people's biometric information, including DNA, has already been outed by WikiLeaks in their release of the Embassy cables a few years ago. Did you see this story?
http://www.guardian.co.uk/world/us-embassy-cables-documents/...
Let's keep some perspective. The fear of the Stasi wasn't just 'are they tapping our phones?' If it was, they wouldn't have been so feared - just be careful on the phones. It was having a network of informants, such that you couldn't trust anyone, anywhere, that really caused the oppressive atmosphere. Americans are not living under the fear that if they mention something anti-government to a neighbour, they have a realistic chance of being carted off in the night.
[+] [-] feral|12 years ago|reply
That directive required every state in the EU to pass laws that all their citizens telecommunications metadata would be stored for at least 6 months, and often more, up to 2 years.
As I understand it, this means all 'metadata' is required to be stored, including the source and destination for every phonecall and text message, including cell location for cellphones, and information mapping IPs to users for web+email (and perhaps also the source and destination of every e-mail; but I'm not certain about that?). I believe that the data is stored by service providers, and only passed to law enforcement in the context of a particular investigation in theory (in the Irish implementation, a court order is not required to access an individual's records; a request from a high ranking law enforcement officer or tax official is enough). But its all collected and stored.
Maybe that's a sufficiently big difference that warrants the EU retention laws not being mentioned in this article? But it seems to me that they should still be part of this narrative.
There have been challenges to the EU directive, and countries dragging their heels about implementing it. But, by and large, it is an established part of EU law.
I don't know a lot about this area, but I feel that an understanding of existing European data retention laws seems to be missing from the coverage of the European reaction to the US data collection issues.
[0] http://en.wikipedia.org/wiki/Data_Retention_Directive
[+] [-] blumentopf|12 years ago|reply
[+] [-] philipp-de|12 years ago|reply
it's called ETSI Lawful Interception see: * http://en.wikipedia.org/wiki/Lawful_interception#Technical_d...
* http://en.wikipedia.org/wiki/Lawful_interception#Europe
* http://www.etsi.org/index.php/technologies-clusters/technolo...
* http://webapp.etsi.org/WorkProgram/Report_WorkItem.asp?WKI_I...
* http://webapp.etsi.org/WorkProgram/Report_WorkItem.asp?WKI_I...
This has been in place much longer than the "data retention" directive.
[+] [-] danbruc|12 years ago|reply
After reading a bit into it I think the situation is actually quite good. The EU passed the directive requiring all EU countries to adopt national laws for data retention but now there are lawsuits all over the place. The directive has been widely adopted by the member states - in some cases after being sued by the EU for not adopting the directive (but this court is not responsible for ensuring that the directive does not violate other laws) - but at least in Germany, Romania and the Czech Republic the laws have been canceled after they were ruled unconstitutional. There are pending lawsuits against national laws in other countries, more lawsuits against member states, for example Germany, by the EU for not adopting the directive and lawsuits against the directive. After being ruled unconstitutional and violating human rights in several countries I think it is only a matter of time until the whole thing gets buried. It will have cost an insane amount of time, money and dedication but the system still seems - more or less - to work.
[+] [-] lispm|12 years ago|reply
[+] [-] 1morepassword|12 years ago|reply
[deleted]
[+] [-] griffordson|12 years ago|reply
Even Schmidt, 73, who headed one of the more infamous departments in the infamous Stasi, called himself appalled. The dark side to gathering such a broad, seemingly untargeted, amount of information is obvious, he said.
“It is the height of naivete to think that once collected this information won’t be used,” he said. “This is the nature of secret government organizations. The only way to protect the people’s privacy is not to allow the government to collect their information in the first place.”
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] nekojima|12 years ago|reply
http://en.wikipedia.org/wiki/The_Lives_of_Others
In the film you can see some of the techniques used by Wolfgang Schmidt and his colleagues.
[+] [-] Historiopode|12 years ago|reply
[1]http://en.wikipedia.org/wiki/Ulrich_M%C3%BChe
[+] [-] ihsw|12 years ago|reply
Policies change when governments change, so every time there are US senate elections[1] or US presidential elections[2] then it'll be a chance that we irrevocably move further down the dark road of totalitarianism.
If there's anything to do to remedy this situation, it's talk to your congressional representative. Gerrymandering may have made that a pointless task, but it's just the first step towards freedom.
[1] http://en.wikipedia.org/wiki/United_States_Senate_elections,...
[2] http://en.wikipedia.org/wiki/United_States_presidential_elec...
[+] [-] gorbachev|12 years ago|reply
Additionally even when governments don't change the policies have an uncanny habit of not being followed whenever it's convenient to ignore them. That has happened time and time again.
[+] [-] ChrisAntaki|12 years ago|reply
Here are some of my ideas: Send encrypted emails, to communicate long distances. Use the internet way less. Use cell phones only to arrange real life meetups. Hang out & talk to people in real life. Never have a meaningful discussion "over the air".
[+] [-] alan_cx|12 years ago|reply
As well as altering my choice to use, I am adding more and more security options. Mainly silly small things like the add-on that chooses HTTPS, ad blockers, or using Iron in stead of chrome, and so on. So, where I have an easy or ultimately seamless choice, Im choosing to encrypt and block. Nothing major, I know I am not secure, but more of my traffic is encrypted. Lastly, while I have used Linux servers for years, Im now trying to make Linux work for me as a Windows replacement. Partly because of the awful Windows 8 which I will down grade to from Vista (!!!), but more so because of these security issues.
So, nothing big, but a general move. But one key thing is that is people are anything like me, what we will see is more and more internet traffic become encrypted. Not sure what that with do to spy paranoia. Probably makes us default guilty.
The other plan is to use NO defenses what so ever. Open one's self up, but never ever do anything other then the tedious benign on the internet. Show the world how open and nonthreatening you are. Keep all the evil stuff like joint smoking, porn watching, political opinion, medical questions, employment details, etc off the electronic spy.
[+] [-] lawnchair_larry|12 years ago|reply
Considering passwords are often stored in plaintext and companies think this is no big deal, I'm not sure how well that will work.
Without proper trust models in place, this won't solve all the problems, but I feel like that's what the culture of communication on the Internet has to look like. It has to be done by the engineers at the protocol level, and application developers have to adopt it. Servers and other peer-to-peer clients should refuse to speak plaintext.
Focusing on things like getting people to use PGP, OTR, etc, is hopeless and will only work with other privacy geeks.
[+] [-] jlgreco|12 years ago|reply
Maybe one way to partially mitigate these concerns is to push for only storing/using private keys on these devices on a TPM.
[+] [-] kamjam|12 years ago|reply
This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged... If you are the NSA then please note I am a US citizen and under 4th Amendment rights you are not lawfully allowed to store records of this message
(I am not a US citizen, so fix as required)
[+] [-] noonespecial|12 years ago|reply
These people don't deserve the power given to them in trust. We should remove it from them. Nothing less than that will do.
[+] [-] claudius|12 years ago|reply
Of course, this only helps if your ‘home area’, i.e. the area you trust to not intercept your messages and where you can act meaningfully to ban such interception, is sufficiently large – given the size of the EU (for example) even after Britain is out, that shouldn’t be too much a problem.
For everything going outside this green zone, encrypted communication is the go-to-response, be that PGP, OTR or at the very least HTTPS.
[+] [-] at-fates-hands|12 years ago|reply
It would be interesting if people started to revert back to less and less digital communication and went back to doing what you're talking about. It's almost like another counter revolution taking shape.
[+] [-] forgotAgain|12 years ago|reply
How about picketing outside the office of your Congressman/woman? We're invisible with passive responses. I think as a people we need to get over the sense of embarrassment we feel when we gather as group for a political cause.
[+] [-] gorbachev|12 years ago|reply
You can't hide that information.
Don't send email and don't use the phone is the only alternative. Snail mail may be safe.
[+] [-] mark-r|12 years ago|reply
[+] [-] Eliezer|12 years ago|reply
[+] [-] skore|12 years ago|reply
[+] [-] shill|12 years ago|reply
[+] [-] ewrwerwerw|12 years ago|reply
edit: The funny thing is that right now he is having a small problem with somebody because they had a verbal agreement over the phone about how much a repair would cost. Both their memories seem to remember different things. It is only a couple hundred dollars but my father said that if were in the order of $50,000 or more he would get a lawyer so that the conversation he had with the man could be retrieved to prove my father was right. I told him that that would never happen because, mmm..., because the government would not want to give it to anybody else. At that point I remembered that I had already been wrong once so I could easily be wrong again.
[+] [-] hiddenfeatures|12 years ago|reply
24 years are a long time & that part of history is not as well-ingrained in the collective memory as the Holocaust. :-(
[+] [-] walshemj|12 years ago|reply
[+] [-] coldtea|12 years ago|reply
Might as well have written: "Memories of segregation and lynching color African American's view of modern day bigots".
I mean the "color" part tries to make it as something strange (or even bad, some kind of "distortion") is happening, when it's the most natural thing in the world: actual historical experience with the issue, makes German's more informed on what it can result to and more sensitive to how bad it is.
I'm always amazed to what BS spin columnists put on their stories. And not always innocently.
[+] [-] grannyg00se|12 years ago|reply
If a similar interview with someone who did participate in lynchings were conducted, I don't think your second title would be all that far off. But racial bigotry isn't the hot issue right now. I think it's helpful to draw parallels to the past - and a title like that might help encourage people to actually read.
[+] [-] weinzierl|12 years ago|reply
Gauck is now President of Germany and when Barack Obama was in Berlin they met and according to the schedule talked for one hour.
I was curious which topics they discussed, but unfortunately it was not covered in the press.
[1] http://en.wikipedia.org/wiki/Federal_Commissioner_for_the_St...
[+] [-] lispm|12 years ago|reply
[+] [-] ajross|12 years ago|reply
I wasn't able to fit all that into your OS metaphor, sorry.
Less rhetoric, more policy debate please.
[+] [-] penguindev|12 years ago|reply
[+] [-] dwaltrip|12 years ago|reply
[+] [-] kephra|12 years ago|reply
Now Neuland does not just mean "new", but "new land". Similar as America or Africa was new land after 1500. So it means, the internet is ripe to conquer it.
Merkel herself was a former Stasi member, known as IM-Erika (Informal Member Erika). Germany is currently tapping more phones, then DDR ever had. We do not have a PRISM scandal, but a law called Vorratsdatenspeicherung.
[+] [-] lispm|12 years ago|reply
Merkel was not a Stasi member and she was not known as 'IM Erika'. There are some rumors, but that's it mostly.
The law 'Vorratsdatenspeicherung' is ruled unconstitutional by the 'Verfassungsgericht'.
That the Internet is 'Neuland' is trivially true. I have been using the Internet since the mid 80s. But what we currently have is completely different, of a different quality and unprecedented.
[+] [-] Amadou|12 years ago|reply
[+] [-] junto|12 years ago|reply
[+] [-] rustynails|12 years ago|reply
[+] [-] fooqux|12 years ago|reply
[+] [-] sentenza|12 years ago|reply
[+] [-] Asparagirl|12 years ago|reply
The text of the original cable: http://www.guardian.co.uk/world/us-embassy-cables-documents/...
[+] [-] pstuart|12 years ago|reply
http://www.sfgate.com/crime/article/How-innocent-man-s-DNA-w...
[+] [-] ferdo|12 years ago|reply
http://www.dissidentvoice.org/Jan05/Whitney0121.htm
[+] [-] Pinckney|12 years ago|reply
[+] [-] vacri|12 years ago|reply
[+] [-] andrewcooke|12 years ago|reply
knowledge of death and disease colours doctors' views on healthy living