Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Data Retention Law Ruled Unconstitutional

Posted by Soulskill on from the raise-a-stein dept.

mseeger writes "The German Federal Constitutional Court has ruled the country's current data retention law unconstitutional. All stored telephone and email communication data, previously kept for six months in case it was needed by law enforcement, now must be deleted as soon as possible. The court criticized the lack of data security and insufficient restrictions for access to the data. The president of the court said continuing to retain the data would 'cause a diffusely threatening feeling of being under observation that can diminish an unprejudiced perception of one's basic rights in many areas.' While it doesn't disallow data retention in general, the imposed restriction demands a complete reworking of the law." An anonymous reader contributes the Court's press release and more information on the ruling, both in German.

11 of 129 comments (clear)

  1. A great victory by saibot834 · · Score: 5, Informative

    In my story submission, I included a few more details. 35,000 citizens filed a class-action against this law and now after two years we finally see this law voided.

    The "Bundesverfassungsgericht" has once again proven that is the most significant institution in Germany that protects citizens' constitutional rights - in this case the right of informational self-determination.

  2. All hail the Chaos Computer Club by Denial93 · · Score: 5, Informative

    Although this ruling is what us IT guys would expect from any reasonable court, the fact of the matter is that judges know shit. The Chaos Computer Club worked their asses off providing expertise to the court, while also mobilizing the German IT scene and putting out pressure on opposing (governmental) parties. This is their success and I salute them. Guess I should get around to finally apply for membership myself...

    --
    blow your mind already
    1. Re:All hail the Chaos Computer Club by chrismeidinger · · Score: 2, Informative

      You don't have to apply for membership in CCC. Just join.
      If you come to the Congress - http://en.wikipedia.org/wiki/Chaos_Communication_Congress - you can join right at the door, and get your ticket discounted immediately.

    2. Re:All hail the Chaos Computer Club by TiloB · · Score: 2, Informative

      The court is not supposed to know shit

      I think you are arguing from the perspective of Common law which does not apply in Germany. Here, judges and courts in general have much more freedom in discovering the truth during trials, they may ask questions, they may ask for more information. And we are happy they do so.

  3. Re:Pyrrhic victory? by Mindcontrolled · · Score: 4, Informative

    Well, at least they demand some serious restrictions - asymmetric encryption with separately stored keys, no central storage of the data under direct government control, no access without a judge's order, no access without a well-founded and substantiated suspicion, access only for prosecution of serious crimes (exceptions for simple lookup of dynamic IPs), severe penalties for illegitime access. This is way better than what we had before.

    That aside, thank the FSM for our constitutional court. They basically struck down every security-theatre related law in the last couple of years. I am starting to think about a three-strikes law for politicians - vote for three unconstitutional laws and you are out. Loss of eligibility for any political office for 4 years at last. Ahh, well, a man can dream...

    --
    Ubi solitudinem faciunt, pacem appellant.
  4. Re:Pyrrhic victory? by saibot834 · · Score: 2, Informative

    One of the restrictions the Federal Constitutional Court has imposed is that such data may only be saved decentralized. Additionally they have to be stored securely and must only be used for very severe crimes. The court is very careful: Technical possibilities change very quickly and they want the verdict to be still useful in 10 or 20 years. That's why they avoid saying "such data cannot be stored securely, therefore data retention is for all times unconstitutional".

    In another verdict the court has ruled that e-voting is not principally unconstitutional. However, it imposed rules that no e-voting system in the near future is able to fulfill: Every citizen must be able to verify the correctness of the vote without specific technical knowledge. Not even open source e-voting systems meet this requirement.

    I doubt that a new data retention law will be passed any time soon. Most parties have realized by now that data retention sucks and I don't think they can pull together a majority for this.

  5. Re:Domestic spying unconstitutional? by Anonymous Coward · · Score: 2, Informative

    IMHO it would be difficult, since the ruling is based on the concept of "informational self-determination", which the constitutional court established based on specially protected fundamental rights in the German constitution. Plus, it is quite unlikely that they would find the necessary support for a change of the constitution in the parliament. Several parties are against the law (at least in current form), including the Liberal party (FDP) which is the junior partner in the coalition government right now. In fact, the current minister for justice (FDP) was one of the persons suing against the law at the constitutional court (the law was passed by the previous government).

  6. Re:Great Precedent by ahaubold · · Score: 3, Informative

    At least the new EU commisioner for justice Viviane Reding announced an enquiry of the EU Directive which was one of the main reasons for making that law in the first place.

    --
    Nope, I think you mistook me for someone else.
  7. Re:Unenviable comparison by Hasai · · Score: 5, Informative

    "How messed up is the US when we have to take cues on privacy laws from, of all people, the Germans?"

    Actually, the Germans, "of all people," have the advantage of knowing precisely just how bad things can get.

    --

    Regards;

    Hasai

  8. Re:ACTA by Asic+Eng · · Score: 4, Informative

    Well the German law was already an implementation of a EU directive. However while the constitutional court has rejected the implementation, it did not declare the EU directive illegal. So it's still possible (actually mandatory under EU law) to implement a revised data storage law.

  9. Re:Great Precedent by V+for+Vendetta · · Score: 4, Informative

    To be honest, we weren't the first ones. The Constitutinal Courts of Romania and Bulgaria (not sure of the second country) already ruled the EU data retention law unconstitutional.