A newly elected government always tries to frame their future plans as groundbreaking and promises everything will get better. But all too often, after letting some time pass, promises are not kept, and thus, we as citizens are disappointed. However, after 16 (long) years of Merkel leaded governments in Germany, we want to give the new government - with chancellor Scholz from the SPD - a fair chance. Thus, to begin our series of several episodes accompanying the new German government, we list some of the plans the government offers in their “Koalitionsvertrag” (coalition agreement) on digital and net policy topics. Surprisingly, to give you an early impression, Chaos Computer Club members point out that the agreement has remarkable similarities with an aid article for a new government.
One of the most unexpected sentences in the agreement is: “We fundamentally reject hackbacks as a means of cyber defense.” This is totally contrary to what previous governments wished to do and very unexpected. Maybe previous debates - especially by internet activists - helped convince politicians that hackabacks are not a good idea. Felix von Leitner - well known in Germany under his pseudonym “Fefe” - published in 2019 a presentation (in German) on his blog about why hackbacks are indeed a bad idea. To summarize, a “hackbacker” cannot determine which party hacked him before due to the internet’s architecture. As such, hackbacks can lead to hacking the wrong parties. Also, we should think if hacking back does not lead to a situation where governments or intelligence agencies try to hide vulnerabilities known to them. Then they can utilize those in an attack, leading to an in total unsafer internet. Even a reported vulnerability was once “rewarded” with criminal charges against the security experts in Germany. However, the new government announced in their plans that government agencies have to report security vulnerabilities to the German Federal Office for Information Security (BSI). The BSI then can take appropriate action. Also, regular external audits need to be conducted.
Digital experts often say that biometric mass surveillance is unreliable as it gives too many false positives. Hence, it should not be used, or even better be prohibited from being used in public spaces - a recent decision by the European Parliament is in line with this. Fortunately, the new coalition contract states that biometric recognition in public spaces is prohibited.
One more unexpected point in the agreement is that there should be a right to encryption and anonymity. For encryption, this means that citizens can encrypt their data as securely as they want; without that, the government will give any constraints on what is allowed to be used. Also, a right to anonymity will probably disappoint some officials. Such officials often announced desires to make it mandatory to only use personal identifying accounts on the internet, which it seems, will be a thing from the past. They argue that only then effective criminal prosecution is possible. However, others argue that with the existing tools, the proper focus, and sufficient police officers, this can also be done effectively today without identifying everyone on the internet. Also, it can set a bad example as not-so-democratic regimes could use the same tactic to get rid of unpleasant opposition.
A very annoying thing for a developed nation such as Germany is still too often slow internet connection. In August 20201 only 5,4 % of all internet connections in Germany are fiber optic connections - in Sweden for instance, 84.8 % of all internet connections are fibre optic. Additionally, the internet is way slower in many smaller villages than in bigger cities, which discriminates against citizens living in the countryside. Luckily, the new government promises “comprehensive coverage with fiber optics and the latest mobile communications standard.” But other governments before promised a lot and did not deliver on this point especially - but maybe without the CDU, things actually can get better.
Another great promise is to make all software funded by government money open-source by default. The initiative “Public Money Public Code” explains in a nutshell what good reasons are to make code public:
- Tax savings: Similar applications don’t have to be programmed from scratch every time.
- Collaboration: Major projects can share expertise and costs.
- Serving the public: Applications paid by the public should be available for everyone.
- Fostering innovation. With transparent processes, others don’t have to reinvent the wheel.
I also think this would lead to greater involvement of the general public, and thus to better and more secure software!
One more important topic is transparency within Government institutions and the economy, as critics said that there has not been done enough in Germany in the past. Commendatory, we need to acknowledge that the coalition lists some points in which they want to improve transparency. E.g., they plan to extend the “lobbyregister” it shall be possible to follow how lobby activities influence a law.
Unfortunately, buzz words such as “blockchain” also made their way into the agreement. I feel too much tax-payer money was spent in the past trying to realize successful blockchain projects. Still, I do not know any successful ones build by public institutions. Often a blockchain is not needed. When used, it makes a system often unnecessarily complex, and, thus, it becomes more difficult to maintain and can lead to more security problems. Not to forget the large carbon footprint of blockchains when using the “proof-of-work” consensus algorithm.
There are some areas where the new coalition could be more progressive. For instance, in my humble opinion, the education system needs a significant upgrade, especially on digitalization. The new coalition wants to make it easier for schools to get funding, but a big vision is missing. To be fair, it is also difficult for a federal government to change educational-related things as the states are responsible for education. At least, they are considering establishing the “Federal Agency for Digital Education” (“Bundeszentrale für Digitale Bildung”).