ORDINANCE PROVIDES FOR UNLIMITED SURVEILLANCE OF TELECOMMUNICATIONS
On 4 May, the German cabinet passed a new ordinance on telecommunications interception, the Fernmeldeüberwachungs-Verordnung (FÜV) . The regulation amounts to a a major expansion of communication interception in Germany, both in terms of quantity and the type of monitoring allowed.
The ordinance is supposed to establish ground rules for interception, based on the law on telecommunications systems (Fernmeldeanlagengesetz, FAG ), which in turn was necessary for the privatisation of the former state-owned telecom service, Deutsche Telekom AG , and its competitors.
Enabling interception a duty of the system operator
The ordinance (FÜV) was officially justified by reference to the inability of German police and intelligence organisations to intercept mobile digital telephone traffic (see FECL No.13: "DIGITAL NETWORKS TOO SAFE?"). However, German police later admitted that an interception is already possible under a pilot project. In contrast with its official objective, the FÜV broadly regulates interception within all telecommunication networks, including ISDN and the common analogue system, and it establishes the duties of system operators. Any system operator has to submit a detailed specification for interception services to the security forces in order to obtain the necessary license for his telecommunications service. Since computer electronic mailboxes and other services are telecommunication systems under German law, the providers of information services also have to comply with the FÜV. There are only minor exemptions for such telecommunications services.
Every system operator has to guarantee a line of high quality for each person under surveillance - and one for every service, in case more than one service has an interest in one and the same person. The interception must be carried out in such a way that it is incapable of detection. The line connecting the system operator with the security service must not be a fixed one but may be a dial-up connection, enabling the security service to move its interception site around for tactical purposes.
By compelling operators to install systems with wide capacity for interception, the FÜV meets a long-standing demand of the German security agencies.
More phone tapping in Germany than in the USA
The widened capacity for interception of telecommunication traffic becomes even more questionable in the light of the available statistics. According to official figures, last year the communications of almost 4000 persons inside Germany were intercepted. This often amounts to far more than 100,000 telephone calls for every person under surveillance. The activities of the German foreign intelligence service, Bundesnachrichtendienst (BND) , are not included in this figure. They amount to an estimate 4000 intercepted and recorded calls per day between Germany and other countries. By contrast to this, only about 2000 surveillance operations were authorised in the USA last year. Thus, in proportion to population, surveillance measures are ten times more frequent in Germany than in the USA.
The FÜV enables security forces to gather not only information on the content of a communication, but also additional data. Operators are obliged to supply all data on connections, including failed calls, as well as the exact mobile phone cell and the services used, to the security services. By collecting these data police or intelligence services can establish communication and movement profiles of mobile phone users and profiles of the data services used in mailboxes and similar services.
Ordinance undermines constitutional rights, FIfF claims
In effect, both the quality and - through the capacity requirements - the quantity of telecommunications interception is being crucially increased by the ordinance that German MPs did not even see before it was issued. Forum InformatikerInnen für Frieden und gesellschaftliche Verantwortung (FIfF) , a German organisation of concerned computer scientists, sees the constitutional right to privacy in postal and telecommunication services being severely damaged. In the opinion of FIfF, the fact that a mere ordinance is used to fulfil the wishes of the security services is a further reason for serious concern.
The critical computer scientists claim that the ordinance actually reduces constitutional rights to a mere matter of defining technical interfaces for service providers (system operators) and security forces.
The FÜV is legally based upon the telecommunications law, FAG. This law will, however, no longer be in force in 1997. With this in view, FIfF demands that the FÜV be abolished and replaced by a new telecommunications law based on strict constitutional principles.
The German government has other plans. Only 13 days after the ordinance was passed, Justice Minister Sabine Leutheusser-Schnarrenberger announced her plans before the German Parliament to bring the few remaining telecommunication systems not regulated by the FÜV under control. New technical systems such as debit-card based mobile phones and private telecommunication systems such as company-wide networks will be included in an up-dated FÜV. She also vowed to bring the regulations within the EU to the standard established by the FÜV, since German mobile phone users can easily switch to one of the 22 non-German carriers in Europe to avoid being legally interceptable.
With the FÜV and these additional plans, FIfF commented, the much heralded Information Age has got off to an extremely bad start in Germany.
Ingo Ruhmann (FIfF)
For more information contact: FIfF, Reuterstr. 44, D-53113 Bonn; Tel: +49/228 219548; Fax: +49/228 214924; E-mail: fiff@fiff.gun.de