Communication (2003)

T-Online

The German Internet Service Provider T-Online AG receives an BigBrotherAward for storing the IP adresses of customers with flat rate contracts.
Laudator:
digitalcourageLutz Donnerhacke, Förderverein Informationstechnik und Gesellschaft (FITUG)

The BigBrotherAward in the "Communications" category is given to T-Online, plc for their long-time storage, against data protection laws, of telecommunications link data.

The German "Teledienstedatenschutzgesetz" (telecommunications data protection act) allows the storing of telecommunications link data only as far as required for accounting purposes. This rule, prohibiting a "hoarding" of data, exists to protect internet users from being traced months after a connection was made. If the internet connection is unmetered (charged at a "flat rate"), payment is not linked to individual dial-up events, so there is not even a hint of a reason to store the so-called IP address - which enables ISPs such as T-Online to trace logging data from servers on the internet back to the actual owner of the line. But even if net access is paid per use, the IP address should not be relevant for billing, only the actual time a connection was made.

The principle of avoiding unnecessary or excessive data forbids storing personal information without a compelling reason. In the past, ISPs have been keeping this data for extensive times simply out of convenience. Under pressure from data protection authorities and customers, more and more ISPs have now moved to deleting IP address data as soon as a connection is closed. Not T-Online, who refused taking on such a policy with the argument that IP addresses had to be kept in order to verify and ensure an undisrupted service. T-Online sees storing IP numbers for 80 days as a necessary means of research in cases of abuse, such as hacking or sending viruses, even if no such abuse or virus infection is detected. Verifying bills does not require IP addresses, and competitors are not noticing an increase in disruptions of service. But T-Online, the largest German ISP, are giving no justification apart from letting us know that their data protection authority, the district government of Darmstadt in Hesse, had confirmed their position that "data austerity" was not a principle they would need to adhere to. Their illegitimate practice of data accumulation has been given a blessing from the authorities.

The effect of T-Online's storing of IP addresses is an obvious intrusion into their customers' privacy. The anonymous use of the internet, explicitly safeguarded by law, is being undermined. And it isn't just T-Online that can access the stored data, police and other institutions in a position to claim interest, such as intelligence services, can read it as well. These authorities are increasingly making use of such data that by law should not even exist in the first place, breaking the privacy of telecommunications for even the pettiest reasons. An internet user in Münster was dragged to the courts, having been found through this data, because he had made satirical comments on the internet about the 11th of September 2001. Participants of music file sharing services can be identified and pursued. The long-term storage of IP addresses turns the internet, which was supposed to be an instrument of free expression and information, into a tool of control and surveillance. T-Online's colleagues from the Telekom phone company were recently complaining how rudely the police were dealing with them, trying to get at customers' data with nothing but forms, without examining the legal position for individual cases, and threatening to prosecute for perverting the course of justice. T-Online, in contrast to Telekom, are readily supplying their customers' data, and they are even collecting it for that very purpose.

But instead of openly admitting to their violation of the law, T-Online pretend in their so-called privacy policy that IP addresses are just accounting data, which they would be allowed to store for up to 80 days. Granted, T-Online are not the only ISP storing link data for excessive periods of time. But as a prominent representative of the business they must not lead by bad example, and least of all must they participate in bending the law with the aid of their supervising authority. The Big Brother Award jury is calling on T-Online to delete this data immediately after connections are closed. Because T-Online hasn't followed this complaint from its customers even after sustained criticism was voiced throughout Germany, they richly deserve the Big Brother Award. If the company should finally be convinced to improve their behaviour, their customers as well as the BBA jury would surely be grateful. But so far we are unable to report such a change. Therefore:

Congratulations, T-Online.

Jahr
Kategorie

Laudator.in

digitalcourageLutz Donnerhacke, Förderverein Informationstechnik und Gesellschaft (FITUG)

About BigBrotherAwards

In a compelling, entertaining and accessible format, we present these negative awards to companies, organisations, and politicians. The BigBrotherAwards highlight privacy and data protection offenders in business and politics, or as the French paper Le Monde once put it, they are the “Oscars for data leeches”.

Organised by (among others):

BigBrother Awards International (Logo)

BigBrotherAwards International

The BigBrotherAwards are an international project: Questionable practices have been decorated with these awards in 19 countries so far.