Privacy and Security

En route to Germany last week, I tried to set up a meeting at the ministry of the interior. But I was stymied in my efforts to identify the appropriate officials, because in sharp contrast to most other Western governments, the German government's Web site offers almost no information on its civil servants.

This is no oversight.

Germany's data protection laws, known as datenschutz, prevent the dissemination of personal information -- including information on government employees. Ironically, the ministry of the interior is now challenging the very laws that made it so impenetrable.

The occasion for this challenge was provided by the Sept. 11 attacks.

Like many other governments, Germany's ruling Social Democrats have since introduced new security measures. And as in many other countries, advocacy groups raised concerns about how these measures will affect personal privacy, and online privacy in particular.

Most of the time, online security and online privacy enjoy a complementary relationship. Secure servers prevent unauthorized access to private messages. Secure encryption ensures that messages can be read only by the intended recipient. Privacy concerns keep people from sharing their passwords, which otherwise pose the greatest risk to network security.

But in the past few weeks, privacy and security have become enemies.

Internet security is more important than ever, as we face the prospect of online attacks against government or corporate targets. Secure mechanisms for online bill payments, purchasing, and communications are doubly important now that our offline alternative -- the postal system -- could bring anthrax to our doors.

But privacy, it seems, has suddenly become expendable.

Law enforcement authorities are stepping up their online surveillance activities, motivated by the fear that terrorists may have used the Internet to help plan their attacks.

If you think your e-mails or AOL chat sessions are beneath the attention of the RCMP, think again. Our once-private communications are now a tempting target for all the organizations that have been charged with the task of gathering information on terrorist activities.

This sudden change is nowhere clearer than in Germany, home of the world's strongest privacy laws. In coming to terms with the Holocaust, Germany evolved into a regime with a strong commitment to civil liberties.

That commitment has only grown stronger since the reunification of Germany and the opening of Stasi files that revealed the extent of spying in the Soviet regime. The twin legacies of Nazism and Soviet Communism have spawned a passionate commitment to personal privacy as the foundation of personal freedom.

To safeguard the privacy of its citizens, the German government has created a cadre of datenschutzer: officials in government who are charged with enforcing privacy laws. These privacy laws include provisions that give individuals absolute control over their personal data, limiting the ability of companies or governments to access or aggregate personal information.

The German law set the standard for the European Union's privacy regulations, which were introduced four years ago and largely modeled on the German approach.

The challenge of harmonizing privacy regulations across Europe scarcely compromised Germany's commitment to datenschutz. But that commitment is showing signs of weakness in the face of domestic and international pressure to fight terrorism.

The governing Social Democratic party has made it clear that law enforcement, not data protection, is its highest priority. It is in this spirit that the minister for the interior, Otto Schily, introduced his security legislation. Stating that "security interests must not be obstructed by data protection regulations," Schily proposed measures such as placing fingerprints on identity cards, and forcing Internet service providers to store data on their users.

Many Germans see these security measures as a threat to the principle of datenschutz. A meeting of federal and state datenschutzer condemned the proposed legislation as an over-reaction that violates basic individual rights without effectively increasing security. Last week Privacy International gave Schily one of its annual "Big Brother" awards for the abuse of personal data and individual privacy.

There is no question that there is now a trade-off to be made between security and privacy.

We probably could catch more terrorists by allowing the government to read every single e-mail and tap every phone call.

How many more?

It doesn't matter. What matters is that there is always a price to pay for ensuring personal freedom. Maybe it's a small price, like my inability to find information on the ministry of the interior.

Or maybe it's a big price, like having to wait for warrants when we're trying to stop terrorism.

Hard times, war times -- these are the moments when we want to sweep away these impediments. But these are the very moments for which laws like datenschutz are created. If Germany can't remember this lesson, what hope is there for the rest of us?

Alexandra Samuel is a Vancouver-based technology writer and consultant.

alex@samuel-cottingham.com



	Privacy and security turn from friends to enemies

	Alexandra Samuel Friday, November 9, 2001

	En route to Germany last week, I tried to set up a meeting at the ministry of the interior. But I was stymied in my efforts to identify the appropriate officials, because in sharp contrast to most other Western governments, the German government's Web site offers almost no information on its civil servants. This is no oversight. Germany's data protection laws, known as datenschutz, prevent the dissemination of personal information -- including information on government employees. Ironically, the ministry of the interior is now challenging the very laws that made it so impenetrable. The occasion for this challenge was provided by the Sept. 11 attacks. Like many other governments, Germany's ruling Social Democrats have since introduced new security measures. And as in many other countries, advocacy groups raised concerns about how these measures will affect personal privacy, and online privacy in particular. Most of the time, online security and online privacy enjoy a complementary relationship. Secure servers prevent unauthorized access to private messages. Secure encryption ensures that messages can be read only by the intended recipient. Privacy concerns keep people from sharing their passwords, which otherwise pose the greatest risk to network security. But in the past few weeks, privacy and security have become enemies. Internet security is more important than ever, as we face the prospect of online attacks against government or corporate targets. Secure mechanisms for online bill payments, purchasing, and communications are doubly important now that our offline alternative -- the postal system -- could bring anthrax to our doors. But privacy, it seems, has suddenly become expendable. Law enforcement authorities are stepping up their online surveillance activities, motivated by the fear that terrorists may have used the Internet to help plan their attacks. If you think your e-mails or AOL chat sessions are beneath the attention of the RCMP, think again. Our once-private communications are now a tempting target for all the organizations that have been charged with the task of gathering information on terrorist activities. This sudden change is nowhere clearer than in Germany, home of the world's strongest privacy laws. In coming to terms with the Holocaust, Germany evolved into a regime with a strong commitment to civil liberties. That commitment has only grown stronger since the reunification of Germany and the opening of Stasi files that revealed the extent of spying in the Soviet regime. The twin legacies of Nazism and Soviet Communism have spawned a passionate commitment to personal privacy as the foundation of personal freedom. To safeguard the privacy of its citizens, the German government has created a cadre of datenschutzer: officials in government who are charged with enforcing privacy laws. These privacy laws include provisions that give individuals absolute control over their personal data, limiting the ability of companies or governments to access or aggregate personal information. The German law set the standard for the European Union's privacy regulations, which were introduced four years ago and largely modeled on the German approach. The challenge of harmonizing privacy regulations across Europe scarcely compromised Germany's commitment to datenschutz. But that commitment is showing signs of weakness in the face of domestic and international pressure to fight terrorism. The governing Social Democratic party has made it clear that law enforcement, not data protection, is its highest priority. It is in this spirit that the minister for the interior, Otto Schily, introduced his security legislation. Stating that "security interests must not be obstructed by data protection regulations," Schily proposed measures such as placing fingerprints on identity cards, and forcing Internet service providers to store data on their users. Many Germans see these security measures as a threat to the principle of datenschutz. A meeting of federal and state datenschutzer condemned the proposed legislation as an over-reaction that violates basic individual rights without effectively increasing security. Last week Privacy International gave Schily one of its annual "Big Brother" awards for the abuse of personal data and individual privacy. There is no question that there is now a trade-off to be made between security and privacy. We probably could catch more terrorists by allowing the government to read every single e-mail and tap every phone call. How many more? It doesn't matter. What matters is that there is always a price to pay for ensuring personal freedom. Maybe it's a small price, like my inability to find information on the ministry of the interior. Or maybe it's a big price, like having to wait for warrants when we're trying to stop terrorism. Hard times, war times -- these are the moments when we want to sweep away these impediments. But these are the very moments for which laws like datenschutz are created. If Germany can't remember this lesson, what hope is there for the rest of us? Alexandra Samuel is a Vancouver-based technology writer and consultant. alex@samuel-cottingham.com © Copyright 2001 Vancouver Sun