I hope there isn't. But my point was that in the event they are indeed compelled by law to reveal passwords, this would be the only way they'd achieve that.
This is not the combined force of the German Nation State, this is a part of a proposal by our Federal Justice Minister, framed to counter "hatecrime".
Still far from Merkel calling Zuck und Sundar to hand over the passwords.
The current title ("Germany requests WhatsApp, Gmail etc. to hand over passwords in plaintext to DOJ") makes it sound like this law already passed, which is not the case according to the article.
This is a bit too long for the title. If it was shortened no-one would understand it. And "Ministry of justice" in Germany equals "DOJ" in the U.S, which almost anyone understands.
One problem with this kind of debate today is that fewer lawmakers than in the past have direct knowledge of communication systems and how to keep them secure.
For example, in the 80's there was concern about 'bugging' in the UK. But at the time, there was actually informed debate in parliament about the technical details. This could happen because since there was so much labour involved in maintaining the old systems, large numbers of people actually knew how they worked. There were MPs who had formerly been telecom linemen, and followed the trade->union official -> Labour party -> MP route into parliament.
Nowadays I can't think of an MP who would actually have the background to know that this is a bad idea, themselves.
I'd have thought that Germany would have enough representatives from the DDR to know why this is a bad idea. Which is why they're usually one of the most anti-surveillance countries in Europe and leaders of GDPR campaigning.
Even though we are fairly anti-surveillance as a whole, a lot of fairly radical surveillance laws get proposed all the time. Most die early, some die after push-back from the population, some get voted in and are thrown out by the constitutional court, and a few survive. It's a never ending fight.
The HN title is inaccurate. The article itself actually says:
The draft does not provide for an explicit obligation to provide identifiers in plain text. When providing information, however, "all company-internal data sources must be taken into account".
One of the notable proposed changes is that providers are required to notify federal law enforcement about content that they removed from their platform and which the provider determined to likely violate German laws, including the content and the user's IP address and [source] port number. The intention is to prosecute these cases. There is a provision that requires the user to be notified about this, except if law enforcement specifically requests not to notify the user.
The changes to §15a are very broad and allows a variety of government institutions to request not just customer contract data ("Bestandsdaten", which would be regulated by §14), but also "Nutzungsdaten", i.e. user IDs, IP addresses, logs or similar usage data, even for misdemeanor-level offences. It's a bit of a hyperbole, but to my understanding, this would, in theory, include parking violations and littering, which feels wrong.
Requesting such data was, to my understanding, regulated only superfically by the TMG in §15 (5) with unclear scope. Previous court cases established that this would include IP address data (LG Frankfurt/Main, 2-03 O 174/18). The new paragraph expands on this by explicitly allowing requests to be made using just an IP address (rather than a user identifier), by clarifying the scope to include all usage data, and requiring security measures to be taken to ensure that the data is transmitted securely.
The draft document only mentions about passwords in the comments (page 29), not the actual proposed changes to the law, which only mentions "data which can be used to access storage media on a device".
This is an oddly specific provision that likely targets full disk encryption schemes that have a server-side key backup (i.e. Windows Bitlocker). This was copy-pasted from the existing §113 TKG, which regulates ISPs, and calling these "passwords" is a very unfortunate choice of words by the authors of this draft document.
Disclaimer: Not a lawyer, but I dealt with law enforcement requests in Germany in a past job.
I know this is a tradeoff that leaves something on the table, but HN is an English-language site, so articles here need to be in English. We don't allow machine translations as a workaround. I could imagine exceptions for topics of particuar intellectual curiosity—something that is so obscure that it only exists in one form and hasn't been translated. But articles on current affairs are the opposite—in those domains, if a story is important enough to be covered here, it will certainly appear in the English-language media.
Put conversely: in popular domains like current affairs, if there's no English-language article worth submitting on a topic, mostly likely that's because the topic isn't significant enough yet. When it comes to politicians proposing bills, that's certainly the case. Most bills go nowhere (https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...), and if anything comes of this one, it will surely receive much closer attention.
> Yeah. You're totally right, anything outside of US doesn't matter :)
I was just in the process of replying to your comment and question when you replaced it with that snarky one-liner.
HN is a highly international community. Plenty of international stories appear here. Nor does HN being an English-language site imply any disrespect for other languages, including the wonderful German language. Quite the contrary.
In this case the language issue is secondary anyhow, since "politician is working on drafting a bill" is an even less substantive story than "politician introduces bill", which is one of the classics of off-topicness for HN (https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...). We would have demoted the story regardless of the language it was written in.
If you're asking why we downweighted the submission, moderators routinely do that on HN when a story doesn't fit the site guidelines, isn't substantive enough, is overly sensational, and so on. If we didn't, HN's front page would consist of the same few hot topics and flamewars repeated over and over. Maintaining a site for intellectual curiosity requires active pruning.
Sure, we've routinely downweighted tons of election campaign stories, which is what most policy proposals from candidates are. That includes Elizabeth's among many others. I could see making an exception for proposals that come with detailed arguments and make a genuinely new contribution to debate on something that's on topic here. But most aren't anything like that, they're just attempts to gain attention for a candidate.
I just spent almost an hour reading the drafts in question and converting documents back and forth to provide an English translation and a summary of what exactly the proposed changes are in a comment below, and this makes me a bit sad since it means the effort was mostly wasted.
This is not an election story or a random politician drafting a bill, but a draft by the relevant ministry of the elected government in Germany. It raises important questions about the relationship between large multinational companies and law enforcement in a country other than the US, with quite a bit of nuance and potential for in-depth discussion.
If you feel strongly about this issue and you think it's worth being debated then the best thing you can do is to write an in-depth analysis in your personal blog and then submit the link
Though the last paragraph cites a politcian saying something along the lines of this can't stand as it is and needs further discussion and changes, otherwise it would be contested in germanys highest court and canceled there.
46 comments
[ 0.28 ms ] story [ 115 ms ] threadStill far from Merkel calling Zuck und Sundar to hand over the passwords.
- the title length is limited
- from my PoV, this needs some attention
What would you propose as a title?
I really tried to summarize with the available title length. And to be honest, laws like this tend to be passed in Germany.
Sorry if you disagree. Please provide a better title. Honestly, I couldn't come up with one.
For example, in the 80's there was concern about 'bugging' in the UK. But at the time, there was actually informed debate in parliament about the technical details. This could happen because since there was so much labour involved in maintaining the old systems, large numbers of people actually knew how they worked. There were MPs who had formerly been telecom linemen, and followed the trade->union official -> Labour party -> MP route into parliament.
Nowadays I can't think of an MP who would actually have the background to know that this is a bad idea, themselves.
The draft does not provide for an explicit obligation to provide identifiers in plain text. When providing information, however, "all company-internal data sources must be taken into account".
Translated to English: https://www.scribd.com/document/439773952/BMJV-GE-Bekampfung...
One of the notable proposed changes is that providers are required to notify federal law enforcement about content that they removed from their platform and which the provider determined to likely violate German laws, including the content and the user's IP address and [source] port number. The intention is to prosecute these cases. There is a provision that requires the user to be notified about this, except if law enforcement specifically requests not to notify the user.
The changes to §15a are very broad and allows a variety of government institutions to request not just customer contract data ("Bestandsdaten", which would be regulated by §14), but also "Nutzungsdaten", i.e. user IDs, IP addresses, logs or similar usage data, even for misdemeanor-level offences. It's a bit of a hyperbole, but to my understanding, this would, in theory, include parking violations and littering, which feels wrong.
Requesting such data was, to my understanding, regulated only superfically by the TMG in §15 (5) with unclear scope. Previous court cases established that this would include IP address data (LG Frankfurt/Main, 2-03 O 174/18). The new paragraph expands on this by explicitly allowing requests to be made using just an IP address (rather than a user identifier), by clarifying the scope to include all usage data, and requiring security measures to be taken to ensure that the data is transmitted securely.
The draft document only mentions about passwords in the comments (page 29), not the actual proposed changes to the law, which only mentions "data which can be used to access storage media on a device".
This is an oddly specific provision that likely targets full disk encryption schemes that have a server-side key backup (i.e. Windows Bitlocker). This was copy-pasted from the existing §113 TKG, which regulates ISPs, and calling these "passwords" is a very unfortunate choice of words by the authors of this draft document.
Disclaimer: Not a lawyer, but I dealt with law enforcement requests in Germany in a past job.
I know this is a tradeoff that leaves something on the table, but HN is an English-language site, so articles here need to be in English. We don't allow machine translations as a workaround. I could imagine exceptions for topics of particuar intellectual curiosity—something that is so obscure that it only exists in one form and hasn't been translated. But articles on current affairs are the opposite—in those domains, if a story is important enough to be covered here, it will certainly appear in the English-language media.
Put conversely: in popular domains like current affairs, if there's no English-language article worth submitting on a topic, mostly likely that's because the topic isn't significant enough yet. When it comes to politicians proposing bills, that's certainly the case. Most bills go nowhere (https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...), and if anything comes of this one, it will surely receive much closer attention.
I was just in the process of replying to your comment and question when you replaced it with that snarky one-liner.
HN is a highly international community. Plenty of international stories appear here. Nor does HN being an English-language site imply any disrespect for other languages, including the wonderful German language. Quite the contrary.
In this case the language issue is secondary anyhow, since "politician is working on drafting a bill" is an even less substantive story than "politician introduces bill", which is one of the classics of off-topicness for HN (https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...). We would have demoted the story regardless of the language it was written in.
In cases like this, we've learned that there's no harm in waiting for a story to actually become real before having a thread about it. https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
Sure, we've routinely downweighted tons of election campaign stories, which is what most policy proposals from candidates are. That includes Elizabeth's among many others. I could see making an exception for proposals that come with detailed arguments and make a genuinely new contribution to debate on something that's on topic here. But most aren't anything like that, they're just attempts to gain attention for a candidate.
This is not an election story or a random politician drafting a bill, but a draft by the relevant ministry of the elected government in Germany. It raises important questions about the relationship between large multinational companies and law enforcement in a country other than the US, with quite a bit of nuance and potential for in-depth discussion.
[1] https://www.faz.net/aktuell/wirtschaft/digitec/hassrede-bund...
Though the last paragraph cites a politcian saying something along the lines of this can't stand as it is and needs further discussion and changes, otherwise it would be contested in germanys highest court and canceled there.
edit: 2nd link [2] https://www.stern.de/politik/deutschland/hetze-und-drohungen...
edit: 3rd link [3] https://www.spiegel.de/netzwelt/web/facebook-twitter-co-mill...