Enhanced cyber security
November 4, 2013Germany's Interior Ministry is looking to force Internet Service Providers to keep European data out of the hands of third parties, including intelligence agencies, in the wake of an espionage scandal that has cooled relations between the US and Germany over widespread hacking.
Minister Friedrich told the weekly Welt am Sonntag that he wanted to "incorporate an IT-Security law in the upcoming coalition agreement that would provide a legal framework for hindering the interception of data exchanged [within Germany and Europe] by foreign intelligence."
But what Friedrich didn't mention was whether Germany was looking to protect data shared with servers outside Europe - where the vast majority of Internet activity in Germany takes place.
Setting up barriers
"The infrastructure needed to create an inner European network exists," said Dirk Engling, spokesman of the Chaos Computer Club, Europe's largest association of hackers.
"But the problem is: This is extremely counterintuitive," he told DW. "By 'ensuring' citizens that they are only safe if they restrict their internet usage to within Europe, what is the Internet there for?"
Friedrich's proposals, which haven't been elaborated further than the cursory statements made in the Welt am Sonntag, made no mention of forcing major US companies such as Google and Facebook to set up servers in Europe, something Brazil has pledged to do in a bid to establish "secure" Internet communication within its borders.
Asked whether such legislation could prove effective, Ian Brown, Associate Director of Oxford's Cyber Security Centre, told BBC Radio on Monday that "countries like Brazil and Germany" would have better chances getting companies like Google to set up servers on their turf - on account of their sheer size and number of internet users. "But smaller countries, of course, aren't going to have as much leverage."
With regard to the pledge of secure communication, Brown also acknowledged the possibility of containing email traffic - provided users don't "expect security" when they correspond beyond Europe.
"If you're in [Germany] and you've emailed a friend in the United States, there's no way you can keep that in [Germany]," Brown said.
'We don't want to cut connections'
Germany's largest telecommunications company, Deutsche Telekom, has already begun planning a routing system that would restrict all Internet traffic within the country to domestic networks.
"This is just the first step," said Philipp Blank, corporate blogger for Telekom, adding that eventually the company was looking to expand its routing system to the countries in the border-free Schengen Area.
Blank emphasized, however, that "Telekom does not want to cut connections or restrict users from navigating to sites based outside of Germany or the Schengen Area."
"Why should email traffic be routed outside [the Schengen Area] if both the sender and receiver are located within its borders? If our system were realized, intelligence services from countries outside this area would find it much more difficult to access this data traffic."
Safe haven Europe?
Telekom's claims haven't won over critics like Dirk Engling of the Chaos Computer Club, who pointed out to DW that spying also took place on data that was restricted to European networks.
"We know now that data was intercepted here on a large scale. So limiting traffic to Germany and Europe doesn't look as promising as the government and [Telekom] would like you to believe."
Amelia Andersdotter, who represents the Pirate Party in the European Parliament, told DW that the issue goes far beyond Internet security, dismissing Friedrich's proposals as "trumped-up lip service."
"Our politicians are making these claims now about IT security to enhance their popularity. It's lip service, and it's ineffective, and it's hypocritical. Over the last decade governments have worked together with companies to build up infrastructure that creates insecurity, in effect preventing the Internet from serving its true purpose of communication and self-empowerment."
And in the face of revelations of spying in Europe - not only by the NSA - Andersdotter called on the German government to focus more on the protection of human rights in its cyber security pledge:
"The spying we've seen is an egregious violation of human rights. Why should we believe that the limitation of internet traffic to Germany and Europe means the problem is solved? To me it seems very vague, if not suspect."