The APC European Internet Rights Project
Country Report Germany
by Mattias Jansen
The Internet has become an important medium for information and communication and covers virtually every sphere of society.
As in other European countries, the market in Germany has developed dramatically. In 1997/98 there were 4.38 million Internet users, rising to 10.83 million users by the middle of 1999[i].
The ISP market is still dominated by large players like T-online, a subsidiary of Deutsche Telekom AG (6.53 million users as at 31 December 2000[ii]), and AOL (2.6 million users in 2000[iii]). There many small ISPs, many of which offer only a local service. Users are offered lists of ISPs which provide an overview of the providers and their charges.
The cost of Internet usage has plummeted in recent years. The average cost per minute is currently around 0.02 - 0.03 DM (0.01-0.02 Euro[iv]). It is perhaps not surprising, then, that the number of top level .de- domains has increased by 3.5% per month. In February 2001 there were 2,236,243 hosts registered under the .de- domain[v].
As a result of the SaN initiative to connect schools to the Internet, 31,000 out of 36,000 schools in Germany have Internet access. This initiative is a joint project of the Federal Ministry for Education and Research and the Deutsche Telekom AG[vi].
Last year the Deutsche Telekom AG launched a project to provide broadband Internet access, via ADSL-technology, to an ever growing number of households. It is difficult to obtain current figures for DSL-connections, but an aggressive pricing policy (offering a DSL flat rate of 23 Euro per month) suggests that broadband use will grow significantly.
Cyberspace is of course subject to the law. However, the international and cross-border nature of the Internet means that it is often difficult to determine what laws apply. Alongside efforts to establish a common European legal platform to regulate the Internet, policies have also been developed at national level to deal with Internet crime and with conflicts arising from the use of the Internet.
Although some laws have been aimed specifically at the Internet (such as the so-called multi-media law, or the law on digital signature[vii]), in general the same laws apply to the Internet as to other publishing media.. Legislation treats the Internet as just another branch of the media, where freedom of expression will be guaranteed. Censorship is prohibited by the German constitution, and this prohibition applies to the Internet as well. As always, however, it is often the exception that proves the rule.
Law enforcement agencies are becoming increasingly active in the field of Internet crime. On several occasions the German BKA (the Federal Police Agency) has invited Internet service providers, politicians, experts and members of law enforcement agencies to discuss ways of combating Internet crime, with a view to promoting closer cooperation between ISPs and the police. The most recent of these meetings took place on 15 and 16 February 2001. The main fields of Internet crime were identified as:
The meeting resulted in a joint declaration by the participants, which agreed there was a need for the regular and confidential exchange of information between all parties involved (i.e. ISPs and police). To that end they agreed upon the following measures:
Law enforcement obviously depends on close cooperation with ISPs in order to solve the problems listed above . One way of obtaining knowledge of crimes is by monitoring the Internet. This is being done by selectively searching the Internet for content such as child pornography or incitement to hatred and violence against certain groups. The BKA recently reported on one case where such activities led to the detention of a 34-year-old Japanese in Japan for owning and circulating files containing child pornography[ix].
The BKA recently set up a central office, known as the ZaRD (Zentralstelle für anlassunabhängige Recherche in Datennetzen), to monitor the Internet through "Internet Patrols". The BKA's practice was widely perceived as problematic, as the BKA has no competence for collecting data, only for processing it. Data collection is the task of the police forces of the Länder, not of the federal police force. Furthermore, the collection of data by the police, even of data in the public domain such as that obtained via surfing chat rooms or Usenet, infringes data protection rights in Germany. The Federal Constitutional Court has ruled, in the context of the census in Germany, that there no personal data is insignificant, owing to the fact that it would be possible to build a reasonably accurate profile of an individual from publicly available information . In this sense the use of Internet Patrols to collect personal information on Internet users must be perceived as an infringement of a basic right. Such an infringement must be defined as necessary under the law or a regulation - otherwise it would be illegal.
Such a regulation has been established in Bavaria, for example,, where police may collect data regardless of whether there is a concrete danger of a criminal act. Critics claim that such a regulation acts is unconstitutional and conflicts with other Bavarian police regulations.
Another unresolved issue is whether a chat room should be considered a public gathering, which is protected under the constitution. In this context, the collection of information on users of a chat room would be illegal[x].
In 1999 the ZaRD identified 1126 alleged cases of crime, 1023 of which were cases of illegal circulation of pornography, 17 of fraud, 8 of political extremism, 11 of violation of intellectual property laws, 27 of violation of the law on pharmaceuticals, 17 of violation of the law on drugs, and 23 of which were other miscellaneous crimes. Unfortunately the number of records which the ZaRD held in that period is not available but must be assumed to be much higher.
Law enforcement agencies are interested not only in published but also in private data. The German government tries to make this data easily available for monitoring purposes. It seeks to do this through the TKÜV, the telecommunication surveillance regulation (Telekommunikationsüberwachungsverordnung), drafted by the Federal Ministry of Economy. Under this regulation the providers of telecommunication services are obliged to provide equipment for monitoring the transmission of data, including telephone, e-mail and other means of electronic communication.
Under this regulation, before it can offer services an ISP must obtain a certificate issued by the RegTP, the relevant supervisory authority. The certificate confirms compliance with all technical surveillance requirements. The provider can be forced to "... comprehensively record the telecommunication" of the targeted individual and to pass this information on to the "entitled authorities", i.e. the law enforcement agencies. This regulation explicitly allows for all kinds of data, including e-mail-addresses, credit card numbers, directory numbers and other means of identification, to be monitored[xi].
ISPs have mutually agreed upon their own code of conduct, under which they are obliged to avoid creating or knowingly carrying content that violates existing German state law (cf. http://www.fsm.de). This voluntary or self-regulatory approach has traditionally been used in the film and print media and has been adopted by the multi-media industry.
For ISPs the issue is not only one of ethics, but also about problems surrounding the question of liability for content. Under the multi-media law[xii], an ISP is not liable for the content of websites it hosts. It has emerged in several cases, however, that German courts have obliged ISPs to ban a site if and when the ISP obtains knowledge of illegal content offered on it. A well-known case was that of the head of Compuserve's German arm, Mr. Somme, who was convicted in a trial in Munich and was held responsible for pornographic photographs of children that had been published on a site hosted by Compuserve[xiii].
Many ISPs try to evade these issues of liability through the use of proxy servers which filter out illegal or undesired content. Such filters and rating systems are understood to make an important contribution towards the protection of minors.
It is interesting to note that, according to a ruling by the Court of Hamburg, users who place a link to another site on their homepage may be liable for content of the linked site. Such liability can only be evaded by a notice explicitly rejecting any responsibility for the content of the linked site.
In conclusion, it would seem that there is a high level of concern in Germany with regard to data privacy and protection, both on the part of users and of the legislature and judiciary. This sensitivity appears to be at a rather abstract level, however; few users encrypt their e-mail messages, for example, whereas the simple sending of a fax obliges a telecom service provider to monitor users.
[iii] http:// www.regtp.de
[viii] For the text of the declaration see http://www.bka.de/aktuell/agenda98/gemeinsame_e.html
[x] For a detailed discussion of the legal aspects of Internet patrols see http://afs-rechtsanwaelte.de/internetstreife.htm
[xi] For a detailed discussion see http://www.heise.de/tp/deutsch/inhalt/te/4954/1.html
[xii] See http://www.digi-info.de/recht/di_recht_mmgesetz.html for the wording of the law