Hamburger data security service demands right to encryption from legislator
Hamburg, March 19, 2019 – “We need a right to data encryption”, the Hamburg-based security data service provider TeamDrive is demanding in response to the planned introduction of a new paragraph 126a into the German Criminal Code. The Federal Council had approved the corresponding bill, which makes the operation of illegal marketplaces on the Internet a punishable offence. “This is well meant because it is intended to stop the spread of serious crime such as drugs, explosives or child pornography in Darknet. But by no means should all operators of online marketplaces or online services be placed under general suspicion simply because they want to put a stop to unrestrained spying by encrypting data.”
Hamburg-based TeamDrive Services GmbH offers a so-called Sync&Share service via which companies, associations and consumers can exchange data with end-to-end encryption. This means that the sender’s data is encrypted in such a way that it cannot be read by anyone via all communication channels and even when stored on servers. Only the intended recipient can decrypt and read the data. According to TeamDrive, “Readable for no one” means that neither the provider nor any authority can view the encrypted data. It is precisely for this reason that the service is used particularly frequently by professional secrets holders such as lawyers, doctors, pharmacists, notaries, social workers, tax consultants or auditors. The German Bar Association (DAV) therefore expressly recommends its approximately 66,000 members to use the TeamDrive Cloud for data and documents that meet the special requirements of Section 203 of the German Criminal Code (“Violation of Private Secrets”). According to the provider, journalists often use TeamDrive for the protected exchange of information with their sources. The German Journalists’ Association (DJV) has rated the latest legislative initiative by its spokesman Hendrik Zörner as “an absurd example of German regulatory frenzy”. Stefan Brink, the data protection officer for Baden-Württemberg, has already pointed out that under certain circumstances the law could be interpreted to such an extent that encrypted data transmission services could also fall under it.
According to the bill, the distinction between legal and illegal platforms should be based on whether the operator uses access barriers such as the Tor anonymization network. “If someone wants to remain anonymous or encrypt his data, this must not automatically lead to a general suspicion,” warns TeamDrive boss Detlef Schmuck and draws the comparison: “Anyone who pays anonymously with cash in real life or gives away confidential information in his own four walls is not necessarily a criminal after all.
Detlef Schmuck explains: “Of course, the law enforcement authorities must have modern means and methods to combat serious crime. But there must be a well-founded initial suspicion. The mere fact of anonymity or data encryption does not justify this initial suspicion. The scepticism of many members of the Bundestag in view of the bill by the Bundesrat is more than justified. Crimes can be arranged or committed via any communications service, but that should not be a reason to undermine the right of citizens to anonymity and confidential data transmission on the Internet.”
