Data protection absurd - when fear becomes panic

What have two attacks in Norway, in which more than 90 People lost her life with the data protection discussion in the Internet to do? Not much at first glance. But they do provide grounds for discussion about security.

Zoff about Google Streetview

In autumn 2010 an absurd discussion broke out in Germany that is unparalleled anywhere in the world. Their subject: house facades. The trigger: The introduction of the Google Streetview service in Germany.

Google Street View is an additional service to the map service Google Maps and the geoprogram Google Earth. The service was presented for the first time in June 2007. The special thing about Streetview: The 360-degree panorama images show house facades and traffic not from above, but from the street perspective. You will be recorded with special vehicles that drive the streets with nine cameras and three laser measuring devices for three-dimensional measurements. A large part of the USA can already be found in Streetview, and parts of other countries, such as France, Japan, Italy, Great Britain and Australia, since summer 2008. From July 2008, Google recorded German roads in many cities and counties and published the locations where further recordings were planned. On August 10, 2010, Google announced that Streetview should be made available for the 2010 largest cities in Germany in 20. At the same time, Google granted an eight-week objection period in which homeowners or tenants could submit an application for their residential building to be obscured. Google undertook to delete the raw data material - the pixelated houses are therefore irrevocably lost.

But Google had them on account made without consumer associations, privacy advocates, local government, the homeowners association, politicians and the media. Because they soon stoked them Anxiety before the data octopus Google, which is now also penetrating our living rooms with its cameras - which ultimately led to this Companys had to process 244.237 requests for blurring and finally announced in April 2011 that it would expand Streetview in Germany or update the images. The scaremongers had done a great job with their witch hunt on Google. Consumer protection minister Ilse Aigner (CSU) raged: “No secret service would hunt for pictures so unabashedly. The search engine group Google already has more precise personal profiles than any of its governments Welt.”Peter Schaar, the Federal Commissioner for Privacy and freedom of information, at the network policy congress organized by Bündnis 90/Die Grünen on November 13, 2010, mentioned very tangible - and wrong - consequences that Google Streetview could have for individuals: A personnel manager at Deutsche Bahn who wants to fill a position and now via Google Streetview in the window of a Candidates there is an anti-Stuttgart 21 poster. And the net activist Jens Best, for whom a ban on Google Street View is equivalent to a ban on taking photos of public buildings and thus a restriction of freedom of the press and freedom of expression, was polemically attacked and threatened from all sides. Justification of his opponents: With his SALE “Lost Houses”, which wanted to photograph pixelated houses in street view and thus make them visible again, he did not respect people's desire for privacy. In truth, however, the excitement had completely different causes.

Placebo data protection

Pensioner Ludwig Hillesheim Düsseldorf-Niederkassel became world famous thanks to Google Street View. This is because he spoke out against the publication of photos of houses and streets, especially because of his garden. For one Article  At the Rheinische Post he had himself photographed in front of his house with his neighbors, the married couple Anne and Erich Jeschkowski and Konrad Richter. His address wasn't there, but it can be found in the phone book.

Hillesheim thus provides a good example of what the actual data protectionProblem at Streetview is: Not that Streetview den Everyday life monitored by citizens in real time, penetrating into their living rooms and bedrooms, as many apparently panicked. But not today clear is what might happen to that data tomorrow, as social media consultant and book author Nicole Simon explains: “Privacy advocates have long been right to warn about Street View, and about the way the data is being used. Most people don't realize how deeply companies can combine data to make statements like, 'Your neighbors in the same age group bought these items'.”

Exaggerated discussions

A discussion about data protection in Google services was therefore necessary, but completely exaggerated to this extent. Or like him ITexpert Kristian Köhntopp aptly sums up the absurdity of the discussion: “Germany is now the country where Google pixelates facades, but Facebook Recognizes faces.” There were and are services similar to Google Street View anyway, without this being discussed much: About Sightwalk or the planned Bing Streetside, a similar street view service is also planned. This raises the suspicion that the whole thing was primarily about one thing: a placebo data protection campaign that the awareness to keep citizens away from the actual theater of war, such as the discussion about data retention. Or is it also about economic interests?

Because the hangover offices of the municipalities also publish geodata. Sometimes free of charge, but very often only against payment. Take Wupperthal as an example: The products that the geodata center has ready for sale include property maps combined with aerial photos, with detailed information on fences, balconies and the number of storeys of buildings on request - depending on the size from 22 euros. But not only that: Oblique aerial photographs in poster size 50 cm x 60 cm are also sold for 38 euros or Digital from 35,70 euros. There is no longer any need to be afraid that someone will look in your window via Google Streetview: the plans and pictures from Wupperthal provide at least as much information – without any right of objection. And best of all: The geodata center takes orders by post, eMail or fax and promises: “You can already a few mouse clicks later at customers be."

But when it comes to the sale of geospatial data, Wupperthal is not an isolated case: The journalist Wolfgang Noelke has done extensive research on the subject and spoke to Ilse Aigner, Franz Reinhard Habbel, the spokesman for the German Association of Towns and Municipalities, and Franz Josef Pschierer, the IT department, among others.Executive the Bavarian State Government. He explained to him how state authorities see the matter: “...there is, quite simply and banally put, the issue of the Costs, which arise for us as a state and in this respect we see ourselves as a state as a service provider... But then there is potential for data, especially if you Combination of basic geodata and corresponding specialist data, where there is also a specific benefit for a specific population group. So we tend to go for a fee or a limited fee…”. Was Google Streetview just the unwelcome competitor?

Ritsch-Ratsch: The digital eraser will fix it

The headline with which the Süddeutsche on July 13, 2011 scared her readers: “Google is planning the super database”. and ZEIT ONLINE headlined with a lurid “Google wants user profiles direct merchandise", but changed this headline again to "Google is getting closer to the user." Both media skilfully played with the fears that had surfaced with the new social network Google+: namely, that Google is now offering even better and more comprehensive data to advertising companies merchandise can. But what the article is about is much more mundane, even if it is not necessarily harmless from a data protection point of view: The group is planning an exchange called DDP, on which publishers and other data marketers can store their customer data. Advertisers can then put together the desired target audience.

But it is precisely such reports that bring thunderous applause to immature data protection concepts – such as that of the so-called digital eraser. He was applauded violently because he seems to be doing exactly what data protectionists are demanding again and again: the network must learn to forget. It is unacceptable that thoughtless youthful sins can still be found on the Internet decades later. Just the implementation of how to teach the internet to forget throws up Ask .

Professor Michael Backes, Chair of IT Security and Cryptography at the University of the Saarland, as well as Stefan Lorenz, one of his former students, want them Solution of the problem, which you explain on the website of your GmbH, which was founded as a spin-off: “X-pire! can encrypt images and associate them with an expiration date. The encrypted images can then be shared on the internet, particularly on social networks such as Facebook, who-knows-whom and Flickr will be discontinued. Once the expiry date has been reached, these images can no longer be displayed; the pictures have fallen into disrepair. "

Export hit made in Germany?

Minister of Consumption Aigner, who has already given her Facebook-Profile deletes to protest against the data protection violations, revealed in an interview with the Süddeutschen from the Idea enthusiastic - and sees a future export hit: "Made in Germany should stand for the highest data protection on the Internet worldwide... If it works, it would come very close to an eraser and could also be sold worldwide."

Kristian Köhntopp is X-Pire! Viewed - and serious defects discovered. He not only found a way to circumvent the encryption, no, users also involuntarily transmit information about their own usage behavior to the key server required for decryption. In other words: the extremely important data that contain information that is necessary for the Online-reputation of their users are practically essential for survival, stored on a server that light can be hacked, but at the same time collects other data about us. This is more than questionable from the point of view of data protection. In addition, the encrypted images are not retrieved from the network when the X-Pire server is down.  And Heise editor-in-chief Jürgen Schmidt also considers the idea to be technically impossible to implement: “From a technical point of view, X-Pire is a new infusion of a fairly old idea that has already failed in the previous implementations. The image file is encrypted and the image can only be decrypted as long as the central server provides the required key. So far there is nothing to suggest that the 'inventor' Professor Backes would have solved the fundamental problems of this concept ... Because in addition, it should cost all the money. Not that it would be bad to want to earn money on the Internet - Heise wants that too. But it makes the incompetence of those involved clear ... Who pays money to be on Facebook Can post pictures with an expiration date that his friends cannot look at at first? "

But apart from the technology, the idea simply has some practical feasibility problems: It is all well and good that I can add an expiration date to my data. But what about photos that others upload of me and that may be a much bigger problem - keyword cyberbullying? And: How should I know today which data I no longer want to find on the Internet and when. Or to put it another way: If a 13-year-old already knew at this age that certain photos she had posted on Facebook posts, would be a disadvantage if she was named Manager of the Year at 43 - then she would probably leave the posting of these photos the same. The digital eraser is simply superfluous with the foresight it takes to use it properly. And actually it should achieve the opposite: Help us to use the stupidities of our youth, about which we have just not thought about before! No wonder that we haven't heard of the idea that haunted the gazettes in January 2011 - except as a running gag on Twitter. Where else?

With two dimensions: Locationgate and co.

The paradox of such data protection discussions is that two different standards are used: individual services such as Facebook or Google are completely demoned. In many other cases, however, users have no concerns about giving even more intimate data to companies. To put it bluntly: Social media is the devil's stuff. But I can use online shops, online banking and mobile services without any knowledge and in good spirits, because nothing happens! A mistake with grave consequences.

It was a data theft on a massive scale. The victims: More than 75 million users of the Playstation Network (PSN) and the video and music service Qriocity, both of which belonged to the Japanese electronics crisis Sony. In April 2011, the hackers gained access to names, addresses, eMail-Addresses, dates of birth, passwords, logins and lists of purchases. However, the loss of private data was not the only problem, as Sony explained: "While there is currently no evidence that credit card information has been illegally accessed, we cannot completely ignore this possibility".

Cloud computing is also a service that is growing in popularity. The practical possibility of being able to access your data from anywhere in the world, from different computers, and to be able to share it with other people if necessary, leaves many users with the disadvantages fast forget. Cloud computing owns the Future. And more: Since June 15th it's Google Chromeebook on the market that runs on the Google Chrome OS operating system instead of Windows. But you can't install any software on it, because every application has to be called up as a web app via the Chrome browser. But apart from the fact that the device cannot be used offline, this means that all important data must also be stored in the cloud. That cloud computing is by no means the most secure Alternatives is that manufacturers would like us to believe, as the popular data synchronization service Dropbox recently showed. Dropbox provides 2 GB for free, around 25 million users worldwide benefit from it. Dropbox had always stated that the data is well encrypted and DropboxEmployees can't see what users are saving. In May 2011, it came out that that was a lie. In June, all accounts were freely accessible for a few hours. The provider later confirmed serious security errors.

Passive transfer of data?

Even those who do not actively pass on data may do so passively: namely if they have a smartphone that collects location-based data. In April 2011, the IT experts Alasdair Allan and Pete Warden explained at a specialist conference that mobile Apple devices from operating version iOS 4 store the location data of their users and then store them in a hidden file on the computer. This affected both iPhones and iPads, which, however, did not show the actual location of a user, but rather location data from cellphone cells and WiFi networks in their respective surroundings. Apple reacted immediately: The permanent storage of this data is a software error that could be fixed quickly with an update: In the future, data will only be stored encrypted for seven days. However, the location data will continue to be transmitted anonymously and in encrypted form to Apple. This is also common with other mobile operating systems such as Google's Android or Microsoft's Windows Phone 7. If you don't want that, you still have one Choice: switch off the WLAN location detection and GPS on his smartphone.

That our data is not protected from hacker attacks, even on the servers of large companies for sure and that cellphone service providers store our location-based data – none of this sounds very reassuring. And apart from any panic, we should urgently ask: Which of our data are actually interesting for other people? And what can they do with it? In any case, the fact is that the state is not as innocent as it pretends to be when it comes to data protection.

The state reads: Rasterfahndung via Twitter

The media educator and social media analyst Thomas Pfeiffer analyzed on Twitter who is networking with whom - and what statements can be made about the corresponding person. To do this, he examined 492 German-speaking accounts that indicated a clear party preference in their profile. From these accounts, he checked who they are following and who is tracking them. For each account examined, a typical refollower profile emerged as to who had the greatest overlap with which party members. And Pfeiffer noted: It is not only leftists who link, above all other leftists. Greens, too, above all, Greens and CDU supporters link other CDU supporters, etc. 97% of the party accounts examined had the most re-followers within their own party. There are very few connections between the different groups. Now that is exactly the phenomenon of the echo chambers already discussed, in which you only gather like-minded people around you.

But Pfeiffer found even more surprising things: By choosing online friends, you also make statements about yourself. Because the re-followers did not have to have any party preference given in the public profile in order to be recognized as a possible sympathizer for a certain political direction to become. From the mere structure and number of connections, conclusions can be drawn about who is actually friends with whom. This in turn allows a fairly reliable assessment of political attitudes. Pfeiffer draws the conclusion: “As zoo politiconone may understand another expression of political opinion in his online profile (“online reputation”). But one should be aware of that. Anyone who does not want to make their political convictions public (for whatever reason) should think twice about where he or she has already done this, consciously or unconsciously. "

If intelligence agencies read along

Because the police, the state and secret services hear and read on the Internet and on the go Communication strong with. And apparently not only in countries with totalitarian regimes, but also in democratic states like Germany or the USA. Cloud computing services such as Google or Microsoft must grant US law enforcement agencies access to the data stored by customers. This also applies to EU-based companies and data that are located in European data centers. During anti-Nazi protests in Dresden on February 13 and 19, 2011, the police received over a million communication data from around 330.000 residents, demonstrators, politicians, lawyers and journalists from telecommunications companies as part of so-called radio cell evaluations, which occurred during the two large-scale demonstrations in Dresden Downtown. In July, the Saxon Ministry of the Interior had to admit that the names, addresses and telephone numbers of 40.732 people were known - previously it had always been communicated that there were only 460 cases.

But also in social networks government agencies are active. In July 2011, for example, the Federal Ministry of the Interior, responding to a question from the parliamentary group DIE LINKE, admitted that the Federal Criminal Police Office (BKA), the Federal Police (BPOL) and the customs investigation service used openly accessible information from social networks in the fight against crime on a case-by-case basis. Undercover investigators are also used, who sneak into the networks under false identities. In the previous 24 months, BKA officers were on the road as virtual undercover investigators in six cases. And if you believe the journalist Sascha Adamek, what he says from p. 173 of his alarmist “Die Facebook-Falle ”writes, the CIA has bought into the software company Visible Technologies through its company In-Q-Tel, which specializes in the analysis of social media sites. The secret service now wants contacts and expressions of opinion from millions of people on Facebook to capture.

Help data retention

Superficially, all of these serve Measures, similar to the fiercely discussed data retention in Germany, the blocking of websites and similar ideas of fighting crime and terrorism. And that's why the fear of it is also often fueled. critic fear, however, that once appropriate legislation is enacted and we become accustomed to such surveillance measures being "normal", even the slightest suspicion of knowing the wrong factsebook-Friends something, enough to make you suspicious. That such surveillance measures will also open the door to innocent citizens. And that we are moving step by step away from democracy in this way. That is exactly what must not happen!

For the domestic policy spokesman for the Union faction in the Bundestag, Hans-Peter Uhl, however, the incidents were the reason to once again demand the (re)introduction of data retention. He told the Passauer Neue Presse on July 25, 2011: “Only if the investigators stop communicating with the Planning of attacks, they can thwart such acts and protect people." The Federal Constitutional Court overturned the old data retention regulation in March 2010. According to her, data from telephone and Internet connections was stored for six months to fight crime. However, the example of Norway shows that such measures for Prävention of assassinations bring nothing and that with the internet fear is being used in a targeted manner to promote political Set enforce: In Norway, data retention had only just been introduced in April 2011.