What is the Hansens law

New security lawsData protection officer: a law introduced like a Trojan

Ute Meyer: I am now speaking to the computer scientist Marit Hansen. She is the data protection officer for the state of Schleswig-Holstein. Ms. Hansen, how angry are you that the law on the monitoring of messenger services was passed without consulting the data protection officer of the federal government or the federal states?

Marit Hansen: I am not angry, but I am very disappointed. In a democracy, this is not how you treat those who are supposed to bring in the expertise, and that applies in particular to politicians, for example the Federal Council.

"A lot of questions raised"

Meyer: As data protection officer, what could you have contributed to the discussion about the law?

Hansen: In any case, I would have asked a lot of questions. Some of the questions have been asked, but still not answered. They come, for example, from the court proceedings, which was decided by the Federal Constitutional Court at the time, namely how online searches have to be dealt with. A lot of questions were raised there and I have not yet heard the answers to these questions.

"How do you make sure that there is no abuse possible?"

Meyer: Can you tell me the most important question?

Hansen: For example: There are professional secrets, lawyers for example, doctors and so on. How do I handle this? Or if something is infiltrated, software is applied somewhere, namely the state Trojan; How do you ensure that there is no abuse possible, that unauthorized persons do not use it, for example free riders. These are things that may not even be solvable. But what concepts there really should be, I absolutely have to find out before I can somehow agree to a law. I would expect the same from politicians.

"You make use of certain security holes"

Meyer: You allude to the criticism that this monitoring of messenger services is only possible with a so-called state trojan, which penetrates deep into the operating system of smartphones and makes it possible that everything is monitored. Now I would like to counter this: We are in a constitutional state and the hurdles for such surveillance are high. A judge has to order them and he only does so if there is reasonable suspicion.

Hansen: Yes, and yet there is still a lot to consider. The judge, that's very important, and it really has to work out. But how is that supposed to work technically? You make use of certain security gaps and if you know these security gaps, then I would expect that in our information society - we are based on this technology - these gaps are normally closed instead of kept, maintained so that they can be exploited.

"Cultivating Vulnerabilities"

Meyer: They talk about closing the security loopholes. But we're also talking about fighting crime here. How are you supposed to criminals - and we're talking about serious criminals, who are at issue - how else are you supposed to put an end to them if you can't monitor them and also the messenger services, which are a main means of communication?

Hansen: You can foresee a whole host of possibilities first. That means, if you already know who the felons are, you could try to actually implement certain software in their areas by taking special measures - and there are also some things where I am quite open to suggestions - for example, actually making certain software End device that shows what encryption is taking place. I believe that a state can actually reserve these possibilities for itself. But that cannot work by cultivating security holes.

"Information fell by the wayside"

Meyer: Excuse me, I did not understand that. What is the difference between the approach you are now proposing and the messenger spying that has now been adopted?

Hansen: We want to see the real solutions on the table. And is it something that really works in individual cases with a great deal of effort for the felon and not otherwise? Or is it a method - and it seems more to me to be - that can then be used by others too, because in principle everyone then runs the risk of their own mobile phone being affected, whether that is from a judicial decision in an official one Procedure is covered or not. I would like to see that documented again. And because of this speed, how quickly it was all passed, the information fell by the wayside. We don't yet have the information as to whether this can actually be limited to these few felons.

"Whipped through in the Bundestag"

Meyer: But are you not implying that the security authorities are now spying on everything and everyone? I repeat once again: I assume that we are in a constitutional state and that data is only being spied on in a targeted manner and data that is not part of the investigation is then also destroyed. Don't you trust the security authorities?

Hansen: First: It does not have to be exploited by security authorities, but it can also be criminals who use exactly the same loopholes. The knowledge of such things, if the security authorities have it, is very likely also to be found elsewhere. Just that you now know that we're not just talking about distrust of security authorities. Otherwise, you said the rule of law, I think that's exactly right, and the rule of law means that these questions have to be clarified before anything is whipped through in a Bundestag, and that you also include those responsible and those with knowledge, and I miss that here. It was actually a Trojan of its own, as the law worked, because who would have expected that while reading the agenda there.

"I'm a little insecure"

Meyer: Aside from the stylistic criticism you have, would you have tried to completely prevent such a law or would you say the law in itself is correct, but changes have to be made?

Hansen: I think it is possible that certain things from the law will or have to become reality. But that has to run very precisely within certain guard rails and that is not a question of trust and mistrust towards everyone, rather it is about legal questions that the Federal Constitutional Court has raised and that need to be answered, and these answers are simply not yet available. That is why the opposition had made an application, but it was rejected. He also raised these questions and that's why I'm a little insecure. Where are the answers when everything has been whipped through so quickly now. It has to do with it, but in general the state is already allowed to form an opinion in this direction and to make laws. I wouldn't doubt that. But the way of whipping through without this information, which is necessary, and the discourse about advantages, disadvantages, about how it really works, then for that reason alone cannot be resolved. That's why we can't really comment on it in detail, because that passed us by.

Imbalance in data protection

Meyer: Ms. Hansen, what do you think about the fact that the big internet companies like Google or Facebook get massive amounts of all kinds of data from us and the majority of users are not particularly concerned about it and hardly protect their own privacy on the internet. But the state, our security authorities, they do not get any data in the fight against crime. Isn't that actually an imbalance?

Hansen: The imbalance is already there because these internet entrepreneurs can use so much data for themselves, and normally they shouldn't do that at all if they, like the companies in Germany or Europe, fully comply with German or European law would hold.

Meyer: It was Marit Hansen, data protection officer for the state of Schleswig-Holstein. I recorded the interview before the broadcast.

Statements by our interlocutors reflect their own views. Deutschlandfunk does not adopt statements made by its interlocutors in interviews and discussions as its own.