First the U.K., now Germany

While Germany and Europe in general have some of the strictest rules regarding the use and storage of personally identifiable information, the last few months have seen rather extreme data security breaches. Today, the German media is reporting about a new installment of irresponsible negligence government incompetence:

According to the SPIEGEL ONLINE a spokesperson for the software company HSH admitted that the personal information of more than 500,000 residents of at least 15 cities and towns were readily available on the internet for at least 3 months [1]. According to a investigative news program (Report aus M√ľnchen), this problem actually affected more than 200 municipalities for more than 3 years. The alleged cause for this blunder was rather simple: the software used by the cities to manage these huge data collections had at least one default/demo account that was not disabled by the IT staff of the authorities. These credentials were inadvertantly published by the software maker on their web site and thus available to every one.

While problems like this can happen, it seems odd that this massive security breach has not caused a major uproar with the various highly paid privacy guardians. In fact, there i svirtually no report on this incident in any language but German. One might get the impression that there is a strong desire with a rather large number of people to keep this incident on the q.t. and avoid further investitigations and public disclosures.

Germany has (or had?) after the horrible experiences with two dictatorships and their respective secret police a tradition of resistance against data collection and privacy invasion. The proposed general census of 1983 was stopped by the German Supreme Court in a decision that laid the foundation of what has recently been termed "Informationelles Selbstbestimmungsrecht" (right to informational self-determination).

So far, Germany has not seen a large number of identity theft cases: until last year, there was no unique ID  in use and most electronic transactions are currently handled through a European debit card system that is less exposed to a number of frauds. Also, while the various branches of government had been busy collecting large amounts of data on German citizens and residents, there have been only a few federal databases. When talking to people on the street, I found a growing indifference to the German governments extended data collection and linking programs. The general attitude seems to be that "we do not have anything to hide", and if a little (or even more than just a little) loss of privacy leads to a few high profile tax evasion prosecutions, everyone is happy.


[1] Germany has a national ID law that requires citizens to register with city hall and disclose persoanlly identifyable information such as names, current and former addresses, religious affiliation, birth date and place, children, current and former spouses, tax information, serial numbers of the national ID card and passport, and more. Since last year's July, this data also includes a tax ID, the German equivalent of a social security number.


Comments:

Post a Comment:
Comments are closed for this entry.
About

beuchelt

Search

Categories
Archives
« April 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today