The BigBrotherAward 2006 in the “Consumer Protection” category goes to the Association of German Insurers (Gesamtverband der Deutschen Versicherungswirtschaft, GDV) represented by its president, Dr Bernhard Schareck for the insurance industry’s “warnings and indications” databases, which insurers use to exchange substantial amounts of data about millions of citizens — with undisclosed criteria, without sufficient legal foundation, and unknown to the people affected.

The insurance companies organised in the Association¹ are maintaining a joint database called “Uniwagnis” (uni[versal?] peril), in which data about insurance customers, but other people as well, are stored without their knowledge. The database, according to the Association, is about uncovering insurance fraud, but it is really a “black list” — and any person regarded  by any member company as “bad risk”, or a not so lucrative customer, could be recorded in it.

“No, not everyone (is thrown into this code pool). As a prerequisite, one has to have somehow been involved in a loss, and the insured person must be under suspicion of fraud. But the fraud does not need to be proven.”

(From an Association statement in their magazine, “Positions”)

There are about 10 million entries in the “Uniwagnis” database. How is that possible? How does one appear in this list?

Sooner than you think, actually. Imagine you had a car accident on a country road at night. Fortunately, there was a witness whose statement to the police confirms what happened. Imagine further that you are a student and the car was not registered to yourself but to your mother or your flatmate. You may not see anything wrong here, but each of these details would seem suspicious to insurers, “earning” you negative points on a secret scale of the insurers’ scoring system. By the time you exceed 60 points — for whatever reason — your car insurer would rate you as a “suspicious customer” and enter you in the “warnings” database of the Insurers’ Association. And because you were deemed suspicious, the same label would apply to everyone else involved in your accident: the registered car owner, the friendly witness and the assessor who evaluated the damage.

The warnings database does not only get involved when you claim your insurance, but as soon as somebody wants to enter into one — such as legal, life or disability insurance. Whenever one of the associated insurers receives an insurance application, “Uniwagnis” is activated through an interface in the background. Entries into the system are automatically passed on to the Association, regardless whether the customer only wanted to acquaint themselves with the terms and conditions and even if they expressly objected to their data being shared².

If “Uniwagnis” finds a hit, i.e. the newly entered personal data matches an existing record, that record is displayed. In theory, the employee of the querying insurance should now phone the insurance supplying the data and ask about the details. But in practice the mere existence of a matching record will suffice to give you special treatment. It is a stigmatisation with a consequence: being entered in the warnings database might for example lead to increased insurance premiums or prevent you from getting an insurance at all.

An example: legal expenses insurance will often take as little as two claims within one year as grounds for cancelling the contract. And you could even lose your legal insurance if for three times in three years you had only asked about getting coverage — no matter if the insurance was then actually claimed or had to pay at all. So, if you suffer from a difficult neighbour or landlord who would keep sending you those worrying letters so that in the course of 36 months you had raised this three times with your legal insurer, just to be on the safe side (without ever actually using it!), you might still end up with a terminated contract and a notice in “Uniwagnis”. Which would mean that all legal insurers are aware of this and might not insure you, or only do so for a higher fee. By asking your insurance to do only the slightest beginnings of its actual purpose — which is to be potentially called upon in case of loss — you might end up stored in a “fraud aversion” database without even knowing it.

Every two to three weeks, every insurance receives the full amount of data reported about millions of people. This data is transferred whether the insurance has a justifiable interest in it or not. A clear case of data being transferred for nothing but “stockpiling” — which is plainly illegal under the German Data Protection Act.

The Insurers’ Association does not see anything illegal in its actions: after all, the customers had consented to their data being shared, a clause they signed in their insurance contract. But do customers actually know what they are signing? Explanations are not given in the contract itself, only in a separate leaflet. The “Merkblatt zur Datenverarbeitung" (leaflet on data processing) comprises four sheets of small print. Often the customers won’t even be shown the leaflet before signing — let alone have the individual items be explained to them — because they are only sent it later with their insurance certificate. The same insurers that usually reply to complaints about their business practices by saying that customers were simply not reading their contracts actually conceal vital information from them. Customers are deliberately led to believe that giving consent to data sharing was just a formality. And customers like to believe it, because their mind is focused on other issues at the time they enter into an insurance contract.

Everyone who is reported into the warnings database would actually have to be notified by the insurance and be given an opportunity to comment. This does not only apply to insurance customers but even more so to related persons such as car owners, witnesses and assessors, because these people never even signed a contract with the insurance to begin with. But the insurances are not notifying anyone, as this would lead to a negative image and many complaints. And complaints management is expensive. So the storing goes on, without any kind of transparency.

“If you want to find out if your name is stored in one of the ‘warnings databases’ of the insurance industry, you’d better take a few days off work ...”, writes Finanztest, a major German financial services consumer magazine³. This is because the only way for customers to find out is to ask each insurer individually what they have reported to the Association — it is the individual companies who are legally obliged to respond to such queries. The Association refuses to give this information to citizens and considers itself not obliged to do so. Firstly, the Association says it is acting as a subsidiary of the insurances (citing § 11 of the German Data Protection Act), and secondly, they claim that the data is stored in a coded way, making it no longer personal or person-relatable.

This is what the Insurers’ Association calls “coding”: if you search the database for, say, “Petra Meyer” and “Hamburg”, you are given all existing records of people in Hamburg whose names sound similar (Petra Mayer, Petra Meyer, Petra Meier etc.) with address, possibly date of birth, reason for being reported and contact number for the reporting insurer. Using the address or date of birth, a link to the individual person can be made without any external information. If necessary, further data can be obtained through a call to the reporting insurance without the knowledge of the affected person. The data are therefore neither anonymous nor “pseudonymous”, in spite of the Association’s claims. All participants can relate the data to the person, so the data is person-related. The system is even lacking an effective prevention of queries out of mere curiosity or for advertising and marketing purposes.

There seems to be an abundance of lawyers who are happy to author (partly outrageous) justifications for the insurers’ practices. A law professor commissioned by the Association argues in a legal assessment⁴ that a “justifiable interest” for sharing the data would not need to be demonstrated at all, because the insurers had an interest in the warnings database as a whole. And he seriously holds out the view that it would be sufficient information to the customer if the “leaflet on data processing” would be kept in insurance agents’ offices so that customers “could inspect it”.

Another expertise⁵ commissioned by the consumer association VzBv⁶ however makes it clear that the declaration of consent to data sharing that is commonly used at present is ineffective because of serious legal shortcomings⁷. The consent given by consumers to the sharing of data is neither “conscious” nor “informed”, as mandated by law. Customers are not informed about the contents or the possible consequences of their data being shared, and they are not given an alternative decision. If customers do not consent, they might “potentially” not be given insurance.

The “warnings and indications” database does not only serve the stated purpose of tracking down insurance fraud, it facilitates a price cartel for the insurers. It is an obvious goal of the insurers to filter out so-called “bad risks” and insure these only against a higher premium or not at all. The insurers are thus using the warnings and indications database as a market information device to restrict competition, which is illegal and to the disadvantage of the consumer. That is a case to look at not only in terms of data protection, but also for the German monopolies commission.

How do the insurances succeed again and again in pushing through their positions in politics and new laws? “The Association of the German Insurers and the Association of Private Health Insurances are not very visible in public, but the more are they active behind the scenes. Because insurance giants such as Allianz AG are among the economic heavyweights, the industry is finding open ears in every political party”, says the daily newspaper “Die Welt”. The insurance lobby has a huge influence. Some parliament speeches or draft laws come straight from the insurers’ writing desks⁸

Sometimes their links to TV editors are too short as well. Between 2000 and 2005, the Insurers’ Association clandestinely bought themselves product placements in Marienhof, a successful soap on Germany’s nationwide public broadcasting station, ARD. Commissioned dialogues and magazine features are probably far more effective than conventional advertising — on the other hand, they’re completely illegal.

It seems that transparency is the last thing the organised insurance industry would want for its own activities — but their customers just can’t be transparent enough for them.

As legal scholar Daniel J. Solove concludes: Databases fundamentally change the way decisions in the administration are made and judgements that influence our lives are worked out. Databases are not the basic cause, but they enforce an already existing imbalance of power and tend to leave the people powerless⁹. The “warnings and indications” database of the insurance industry is a prime example.

We want our politicians to develop more spine against powerful lobbying organisations. We wish consumer associations and data protection commissioners more effectiveness in confrontations with the insurance industry. Our advice to the insurers themselves is to change their data protection and business practices profoundly — before the word “insurance fraud” takes on a whole new meaning in the public arena.

Congratulations, dear Association of German Insurers, dear Dr Schareck — you, for one, have been notified in advance; now you are stored in the public “warnings and indications” file that is the Big Brother Awards.

The “Politics II” BigBrotherAward goes to the Conference of the Interior Ministers of the Federal States represented by its chairman, Günther Beckstein (CSU¹), the Interior Minister of Bavaria.

The Interior Ministers Conference receives the award for its resolution on 4 Sep 2006 to establish a joint anti-terror database, which is to be supplied and used by all German police forces and all 19 intelligence services on the national and federal state level. With this network, police and intelligence services will become more entwined — despite the constitution calling for a strict separation of these two kinds of state security agencies.

The Conference has thus opened the door to a fatal re-unification in security politics. It formulated the cornerstones of this networking scheme, which have now largely been adopted by Federal Interior Minister Wolfgang Schäuble (CDU²) in his draft “joint data law”³. After the Federal Government passed the draft on 20 Sep 2006, only the Federal Parliament (Bundestag) can stop the project now.

According to the Conference, a central anti-terror database (originally to be called “Islamists database”) is necessary not least because of the attempted train bombings of Koblenz and Dortmund — while it is known that the two alleged attackers had not been conspicuous in any way, neither to the intelligence services nor to the police. They would therefore never have been registered in such a database.

The Conference speaks of a necessity of “improving cooperation between the police and intelligence services, especially through sharing data on terrorists”. By using these words, they hide the fact that the database is not supposed to be one of convicted criminals but essentially a preventive list of suspects. To make someone such a suspect, “genuine evidence”, whatever that is, will be sufficient. And even personal data of alleged “contacts” of suspects are to be stored in the new database. So even the social surroundings of mere suspects, such as family, children, colleagues, business partners, lawyers, landlords, sports friends etc. are under threat of being systematically registered in this database, and people who have not committed the slightest offence might come under the grave suspicion of supporting terrorism. It is stigmatising to the extreme if people are to be stored in a terrorism database for nothing but suspicion.

The anti-terror database will be kept at the Federal Criminal Police Office (Bundeskriminalamt, BKA). Almost 40 other security authorities will be authorised to enter and access data: the Federal Police (Bundespolizei, formerly known as Bundesgrenzschutz or Border Protection Police), the Customs Criminal Office (Zollkriminalamt), the Federal Intelligence Service (Bundesnachrichtendienst, BND, Germany’s foreign intelligence agency), the Federal Constitution Protection Office (Bundesamt für Verfassungsschutz, the domestic intelligence agency on the federal level), the Military Intelligence Agency (Militärischer Abschirmdienst, MAD), the Federal States’ Constitution Protection Offices (Landesämter für Verfassungsschutz, the domestic intelligence agencies on the state level), the states’ Criminal Offices (Landeskriminalämter) — and other police forces, if specific reasons are given. All these security authorities are obliged to supply data — only in individual cases, for reasons of secrecy or protecting sources can this be waived, partly or completely, or the data can be shielded from access by a “hidden” kind of storage.

The anti-terror database will be designed as an extended index, or more precisely as a combination of full data and index. This means that on access, authorities can find out immediately whether another authority holds information on a suspect person, group, company or foundation. They see full data on only basic items at first, such as identifications (including “distinguishing physical features, languages, dialects, photos …”), and references (index) to findings or incidences stored with other authorities. As a second step, the inquiring institution will request the respective authority to release an extended record, which is stored in a hidden area of the database and might contain sensitive personal data about suspects and some contacts — such as communication partners, financial transactions, school and professional education, places of work, driving and flying licences, abilities with “terrorism potential”, everyday and travelling movements, even details of ethnic and religious identity and maybe soon deviant sexual behaviour, as called for by Dieter Wiefelspütz, spokesman on interior policy of the Social Democratic Party (SPD). This catalogue, says the Conference's resolution, is supposed to “facilitate a reliable threat assessment by the security authorities”. Also, “specific notes, additional remarks and evaluations” by the participating authorities are to be included. This backdoor clause paves the way to a full-text database that can be extended at will. Next to the permanent creation of the anti-terror database, joint “project databases” with personal data are to be legalised, which police forces or secret services can set up on occasion and keep and jointly use for up to four years. It makes one wonder if the poisonous “fruits of torture" will be stored in these files as well. After all, Federal Interior Minister Schäuble deems it compatible with basic human rights if German security authorities are allowed to profit from inhuman prison conditions and interrogation practices in other countries, and maybe use confessions and other evidence gathered under torture to avert threats.

Access to initially hidden areas of the anti-terror database is projected to be given to requesting authorities via a fairly trouble-free online procedure, “as far as is necessary to fulfil the particular objectives of investigating or defending against international terrorism”. If a reference to a hidden area is encountered, clearance is to be “granted immediately”, to quote the Conference's resolution — which probably means automatically and without a factual and legal assessment of the individual case. The draft law speaks of a decision according to existing rules on data sharing. This means that every storing authority will have to adhere to its legal regulations when responding to a clearance request. When requests are granted, data can be accessed online. In urgent cases, e.g. to prevent an imminent terrorist attack, access will be possible without prior approval — the interior ministry talks about data transfers within seconds, “at the press of a button”.

The anti-terror database therefore gives police forces at the national and federal state level simpler ways of accessing unsubstantiated preliminary information from intelligence agencies, and these agencies in turn get access to highly sensitive suspects’ data from the police.

Why, then, is this shared data pool such a problem? This kind of linkage is ultimately revoking the constitutional mandate to separate police and intelligence institutions — which, after all, was a historically essential lesson from the painful experience with the Nazi Gestapo (Geheime Staatspolizei, Secret State Police), which engaged in both intelligence activities and executive law-enforcement. The mandated separation, a consequence of the principle of the rule of law as laid down in the German constitution, was enacted in then West Germany to prevent an uncontrollable and therefore undemocratic concentration of power in the security apparatus and a new political secret police. The negative experience made in former East Germany with its “Stasi” (Staatssicherheit, State Security), which was intelligence authority and police force rolled into one, reinforces the original intention of the German constitution.

While this separation (which was meant to go beyond the organisational-functional level) has long been perforated in the last decades, it would practically be abolished with an online electronic data exchange between police and intelligence agencies such as the one projected by the Interior Ministers' Conference. There is the danger that secret or intelligence services would tend towards becoming an intelligence gathering extension of the police, and that police forces would mutate into an executive branch of the intelligence agencies. Internal reviews of individual cases of data sharing, which had been routine under the mandate of separation and the principle of informational self-determination, are clearly being reduced at this time. To control the flows of data is therefore going to be a hopeless task — even if every access to the database is to be logged and data protection commissioners can perform audits under privacy laws.

We are seeing a fatal structural change here — or to put it another way: one element of a new security architecture, whose aim it is to gradually abolish constraints on state power. This reshaping of the liberal-democratic, law-based state has been going on for a long time. At the core of the process are two taboo breaches that have a particular significance in the context of Germany’s history. One, as already mentioned, is the increasing linkage between police and intelligence agencies. Apart from the anti-terror database, the Berlin based “joint terrorism defence centre”, where police and intelligence services have been working together directly since 2005, shows this development. The second breach is the militarisation of “interior security”, which is most visible in the deployment of the German army (the Bundeswehr) as a regular reserve security force — even though police and the military, for historical reasons and according to the constitution, are to be strictly separated.

The anti-terror database must also be understood on the background of the anti-terror laws enacted after 9/11 (the “Otto Catalogues”, for which former Federal Interior Minister Otto Schily received a Big Brother Award), which drastically extended the remits and powers of secret services and police, and also significantly increased the “density” of surveillance in state and society. It must further be seen in the context of the planned “terrorism defence supplementary act”, which the governing “grand coalition” recently put before parliament with the aim of not only prolonging the soon to expire anti-terror powers of 2002 for another five years, but extending them as well — without presenting an independent, critical assessment of the current anti-terror laws and their effects first. Now all secret services are to be given yet more powers, not only for averting terrorist threats, but even for intelligence gathering on anti-constitutional activities that could further violence. Exceptional anti-terror instruments for the secret services are thus made into everyday, regular competences.

To sum it up: with an anti-terror database at the centre of a new anti-terror network, we see the (at least partial) unification of what should not be unified, we see the disposal of important democratic lessons from German history and the sacrificing of constraints of governmental power to an unrestrained attitude of prevention. Maybe the anti-terror laws will eventually have to be decided upon by the Federal Constitutional Court⁴. The court has had to declare several laws and measures unconstitutional in the last few years — such as the “Major Eavesdropping Attack”⁵ with electronic bugs in and from private residences, preventive telecommunications surveillance, the licence to shoot down hijacked aeroplanes in the airfare security act and excessive “dragnet investigation”⁶ to try and find so-called “sleepers”. Respect of the constitution seems to be dwindling in the political classes in the course of fighting terrorism — strictly speaking, this should be a case to consider for the Constitution Protection (Germany’s domestic intelligence agency), if not for storage in the anti-terror database.

The Big Brother Award 2006 to the interior ministers of the German federation and of the federal states is consciously given in a preventive way, before their resolution is put into practice. The Bundestag now has the last word, it is the only institution that could still stop this project. We regard this award as a measure of threat prevention and as work relief for the Federal Constitutional Court.

Congratulations, Mr Chairman Beckstein, heartfelt congratulations to all responsible members of the Interior Ministers Conference.

The “Politics I” BigBrotherAward goes to the members of the 4^th Parliament of Mecklenburg-Vorpommern represented by the Parliament's President, Ms Sylvia Bretschneider, for legislation that allows eavesdropping and sound recording in public places, public buildings and public transport. The Big Brother Award is due to the whole State Parliament (Landtag) of Mecklenburg-Vorpommern. Members of all parties making up the House — SPD (social democrats), PDS (leftist) and CDU (conservative) — have approved of this excessive surveillance.

The citizens of the former GDR had hoped that by the overthrow of the old system in 1989 and the German unification in 1990, they had finally overcome ubiquitous surveillance by the infamous “State Security” (Staatssicherheit or Stasi). Also, the German Bundestag had advertised freedom rights in the Federal Republic with the slogan: “Flirting, Slandering, Gossiping. And nobody will listen in.”

16 years after the unification, Mecklenburg-Vorpommern has a revised police law called “Law of Public Security and Order in Mecklenburg-Vorpommern” or, for short, “Security and Order Law” (Sicherheits- und Ordnungsgesetz, SOG M-V). Since July 2006, this law in its article 32, paragraph 3, gives public order authorities and the police permission to monitor public spaces in the vicinity of so-called “endangered objects” not only with video cameras but also by recording sound that will be stored for one week:

Image and sound recordings may be openly made [... in a transport or supply facility of an institution, a public transport vehicle, in official buildings or in an endangered object specified by the police authority or in its direct vicinity ...] insofar as there are facts justifying the assumption that near or in objects of this kind criminal acts are to be committed through which persons, these objects or other items kept therein will be put to danger. Such measures [...] may even be carried out if third parties will inevitably be affected.

Article 32, Paragraph 3 (in part)
Sicherheits- und Ordnungsgesetz Mecklenburg-Vorpommern

To be fair: Such surveillance measures in public space need to be mandated by the proper authorities. But the hurdles for such a mandate are about as low as they were in GDR times: repeated cases of pick-pocketing or graffiti in trams justify the assumption that this can also occur in the future and that therefore surveillance should be necessary.

Through this, the public order authorities are allowed to carry out sound recording alongside video surveillance for example at park benches, in the corridors of public buildings, in public streets and places in the vicinity of “endangered objects”, as well as in buses, trains and trams.

These sound recordings are expressly not restricted to originators of dangers but are allowed to extend to all citizens. That is, even to completely unsuspicious and uninvolved people who happen to be in these particular places. Of special interest is the legal reasoning that justifies the recording of sound: There is none.

Users of public transport, people going for a stroll near a ministry, pensioners sitting on a park bench, or couples necking there, have to bargain for somebody they themselves cannot see listening in to them flirting, slandering, gossiping.

Given the power of modern microphones, even the cheapest ones, no word in a bus, on a park bench or in public buildings’ corridors will remain unheard. There may be no official legal reasoning to justify sound recordings, but perhaps the parliamentarians thought that terrorists would chat about their plots on a stroll round Lake Schwerin (Schweriner See). After all, in early summer of 2007 the G8 Summit will be held there.

Already in 1983 the Federal Constitutional Court (Bundesverfassungsgericht, the highest German court), had ruled in its census verdict that restrictions to personal freedom of the citizens must not go further “than what is indispensable for the protection of public interests.”

One may strongly doubt that recording images and sound irrespective of suspicion in public places, public buildings, or in public transport is indispensably necessary for the protection of public interests. We even doubt that it serves the protection of public interests at all. We have yet to wait for the first camera that will throw itself between an assailant and his victim. And no microphone in the world “protects” against crimes — they will just be plotted somewhere else.

The Federal Constitutional Court demands that legislators must not excessively interfere with the rights of citizens. Authorities must always choose the measures that constitute the smallest possible interference. The sole aim of security is the protection of freedom.

It follows from the ruling of the Federal Constitutional Court about the so-called Major Eavesdropping Attack (Großer Lauschangriff, the German name for audio surveillance being used on private homes in the course of state investigations) that private communication belongs to the sacrosanct core area of private life. Such disproportionate surveillance is therefore impermissible.

With this background alone, the bill is clearly unconstitutional. The change of the law in Mecklenburg-Vorpommern would be equivalent, as it were, to a voluntary declaration by the citizens to waive a constitutional right. Whoever stays in a place under surveillance would thereby consent to being under surveillance. There are information signs, after all. But: a voluntary waiving of a constitutional right? Constitutional rights cannot be waived. Not even with the argument: “I have nothing to hide.”

In its ruling on the census in 1983 the Federal Constitutional Court made it clear that already an awareness of being under surveillance can lead to changes in behaviour. Especially the “psychological pressure of public participation” could inhibit the freedom of the personality and the autonomy of decisions. Even granting that being watched by others and picking up parts of conversations is a normal element of living together in a society, control over the individual must not exceed the degree necessary for a member of society and must not deprive him of essential parts of his freedom to act.

But this is exactly what happens in recording images and sound in the public area, without any suspicion, where also people who are explicitly unsuspicious are under surveillance. Nobody knows: Am I being watched, am I being listened to? Is somebody eavesdropping on me? Can I slander, gossip or even flirt without any danger? When in doubt, one will be prone to behave inconspicuously and streamlined — and have a persistent feeling of being under observation. For one or the other politician in the Mecklenburg-Vorpommern parliament this may be a tantalising prospect, but our constitution has other priorities:

Everybody has the right to free development of his personality insofar as he does not hurt the rights of others and does not violate the constitutional order or the moral law.

Article 2, Paragraph 1 of the German Constitution

Flirting, slandering, gossiping. And the police are listening in. Mecklenburg-Vorpommern is following an old tradition here. Especially the state parliament of one of the formerly “new states” in the Federal Republic of Germany might, 17 years after the dissolution of the GDR, have shown a different kind of historic sensitivity. It remains to be hoped that the authorities will make use of their new capacities in as few places as possible. And that the Federal Constitutional Court will topple the objectionable points of the “Law of Public Security and Order in Mecklenburg-Vorpommern”

Our heartfelt congratulations to you, Ms President Bretschneider, our heartfelt congratulations to the members of the 4^th Parliament of the state of Mecklenburg-Vorpommern.

The BigBrotherAward 2006 in the category “Business” goes to the Society for Worldwide Interbank Financial Telecommunication (SWIFT) represented by the German members of the SWIFT supervisory board¹, Roland Böff (Senior Vice President, Bayerische Hypo- und Vereinsbank) and Wolfgang Gaertner (CIO, Deutsche Bank AG) for breach of confidence regarding customer privacy by imparting to US authorities details of financial transactions made through SWIFT.

As was only recently made public by reports in US newspapers on June 23 of this year, the Central Intelligence Agency (CIA) uses a special bank surveillance programme to internationally gather and analyse information on banking transactions. Since the end of the year 2001, the CIA has obtained these data mainly from the Belgian “Society for Worldwide Interbank Financial Telecommunications” (SWIFT). Their reason for this vast data delve is to investigate the source and flow of terrorist money. Of course, the SWIFT data are not retrieved by the CIA themselves: they are subpoenaed by the US Treasury Department for this purpose.

Once again, the “war against terrorism” is taken as an excuse for massive breaches of privacy. For almost five years now, the US American “Operation Center” of SWIFT (SWIFT USA) has granted US authorities access to data of wire transfers and other transactions. SWIFT justify themselves by pointing to US law and an executive order signed by President Bush that has made it possible for the Treasury Department to examine financial records. This executive order was used as one of the many weapons in the “war against international terrorism”.

However, not only details of transfers to or from US American accounts are being monitored. For backup reasons, all data of inner-European transfers are also mirrored from SWIFT Europe to the servers of SWIFT USA. And thus, US authorities gain access to each and every transaction involving SWIFT, which means nearly every international bank transaction. That an abuse of these data by US authorities cannot be ruled out is even acknowledged by SWIFT in their own statement of 25 Aug 2006: “SWIFT is aware of the potential for misuse which exists in every system.”² Still, SWIFT contend to be in “factual control”, through internal and external auditors, of the data transmitted to US authorities.

We venture to doubt their claim: The directors of SWIFT cannot seriously believe they could control the US Department of the Treasury, or the CIA!

It is almost grotesque to think of SWIFT transmitting European data to the USA for backup — they would be much better taken care of on a server in Europe. There is no legal foundation whatsoever for such a transfer of data. SWIFT could only point to the subpoenas from the Treasury Department when transactions to or from accounts in the US are concerned, as SWIFT USA is subject to US American law.

All other data concerning financial transactions, especially those restricted to Europe, should never have been made available to SWIFT USA. After all, it is inadmissible under both German and European data protection legislation to pass on personal data without legal basis. It was only possible to subpoena data for European credit transfers because they were accessible in the USA.

At the very latest, SWIFT should have changed their backup system immediately to protect the confidentiality of all data unrelated to US credit transfers when they started negotiating with US authorities about access to bank transaction data.

On the other hand, we must also ask German banks why they neglected their data protection responsibilities in their choice of a service provider for as sensitive an area as credit transfer. § 11 of the German Law on Data Protection quite clearly states these responsibilities. Every single data protection officer of even a middle-sized company whose computer is being accessed by an external IT service provider for maintenance has to know these requirements. A contract has to be drawn up for each case, stating explicitly and in detail which data the service provider may access, to whom they may pass on the data and to which end, and which technical and organisational measures are to be taken to ensure data protection and backup.

It would have been the responsibility of all German banks and savings associations to prevent data of European credit transfers from ending up in the USA. Though SWIFT members have received no information about the monitoring activities, Deutsche Bank and the Bayerische Hypo- und Vereinsbank knew and know full well that the data were being accessed by US authorities, as leading members of either bank are also members of the SWIFT supervisory board. However, neither of these banks has taken any action in the matter.

On August 23, 2006, the Independent Centre for Data Protection for the federal state of Schleswig-Holstein voiced their criticism in the following statement: “The surrender of financial data of European citizens to US authorities by the Society for Worldwide Interbank Financial Telecommunications (short SWIFT), based in Belgium, is in contravention of German and European Data Protection Law.”³ Two days later, SWIFT brazenly claimed to have complied with all applicable laws. Obviously, SWIFT can only come to this erroneous conclusion by restricting their judgement to the legal relations between SWIFT USA and the US authorities. The question whether any transfer of data from Belgium to the USA was permissible at all is being blissfully ignored. Perhaps this rather one-sided view is due to the fact that SWIFT are quite aware that the answer to this question would have to lead to a change of their data backup concept.

Both the supervisory board and the national central banks have been informed about the executive order and the subpoenas in the USA No information, however, has been given to the 7,800 member institutions. Neither the Bundesbank nor the representatives of the German financial institutions on the supervisory board of SWIFT, the gentlemen Roland Böff and Wolfgang Gaertner, deemed it necessary to speak up against SWIFT’s course of action, which is so obviously against data protection law. Neither did they see any need to inform the persons affected.

It is for this reason that they of all people deserve the Big Brother Award in the business category.

Congratulations to the members of the supervisory board of SWIFT, Roland Böff and Wolfgang Gaertner.

The "Regional Award" within the German BigBrotherAwards of 2005 is jointly given to the Primary School of Ennigloh (in the city of Bünde, district of Herford), Volksbank Herford (a bank) and Sparkasse Herford (a municipal bank)¹ for sharing and using address data of school beginners.

“What Little Hans doesn’t learn, Hans will never learn”, goes a German proverb. True to this motto, banks have long been trying to build customer relations with children as early as possible, offering “pupils’ accounts” or giving confirmation presents. Now even school beginners are becoming a target: as they enter school life, children are offered “starter” accounts. To make sure the kids know about the offer in time, the competing banks, Volksbank and Sparkasse of Herford, are sending the kids marketing material for starter accounts into their homes.

The interested reader and listener is immediately going to ask, “Hold on, how do these people know who is entering school?”

We have given the banks a call. Of course, Volksbank are certain that they did it all according to the book. At a parents’ information evening, the not too friendly man on the phone explains, a list was passed around on which parents declared that they explicitly welcome such advertising. Well, the parents who alerted us didn’t remember such a list, or giving their consent. Could the bank send us such a list by fax? Oh no, the man roared through the phone, after all, they could not rule out that through the Big Brother Awards these lists could find their way to competitors!

Ah. Yes, of course.

Anyway, the competitors don’t need our help at all. Because they, too, know how to get their hands on children’s names and addresses. At least they wouldn’t lie to us over the phone. “Through years of good relationships, Sparkasse have been able to obtain the children’s names from the schools”, said a friendly young woman on the phone. The bank would then see if they had the parents’ addresses, and hey presto, the file for the marketing mailer is finished.

Most schools don’t realise that data they hold about the kids they are entrusted with arouses desires from, as I’ll call them now, all kinds of scum. We have therefore decided — for educational reasons, so to say — to give this award primarily to the primary school in Bünde, not the banks. It is intended as a warning to all schools in Germany that head offices, secretariats, and teachers must not give data to businesses. We should maintain that schools will not become an instrument for economic interests.

Not only primary schools or school beginners are affected. There are several grammar schools, we have been told, where pupils are repeatedly promised books of the Duden series. (The Duden dictionaries are an authoritative source on the German language, having been the officially recognised standard for several decades.) Duden, Meyer, Brockhaus — renowned names indeed (the latter two being established encyclopaedias). Nobody will suspect any wrongdoing there. Who would be more respectable than the Duden publishing company?

However, these presented books, thin editions named “pupils’ helpers”, come with strings attached: The pupils must give their names and addresses, and the resulting list must be sent to the “noble presenters” by the school.

We have done some research. The company at the centre of these dirty tricks is called inmediaONE, Ltd. It is located in Gütersloh, part of the Bertelsmann group, of course. And that group is one of the major players in the address trade. inmediaONE contracts the whole operation out to WKV Ltd, near Trier. This is how WKV describe themselves:

“We engage in active acquisition of new customers, extending your customer base. We generate […] qualified addresses for large companies in the German-speaking region. Our annual net capacity is around 1 million addresses of interested persons. We achieve this by collecting data through prize draws, quiz games, and” — hear, hear — “giveaway campaigns.”

One teacher didn’t want to abuse her position of trust and become an assistant in customer acquisition, so she put the publishers to a test: She did not pass on her pupils’ addresses, but ordered a class set instead — the result was, of course, no books. That shows it clearly: these are no “presents” at all.

I expect the education authority of North Rhine-Westphalia, which just a short time ago could see “no violation of the data protection act” — contrary to the view of the state’s data protection commissioner — to inform all schools and put an end to these shenanigans.

In previous years we have repeatedly featured the address trade with its various facets in the Big Brother Awards. In most cases, the traders and their benefactors were awarded. This year, for educational reasons, we put the primary school of Ennigloh in Bünde in the first row for its thoughtlessness and unscrupulousness. Behind them in class are Herford’s Volksbank and Sparkasse. In the third row, we give the federal state’s education authority a written warning.

Congratulations to all!

The BigBrotherAward in the category "Politics" goes to the Minister of the Interior of the federal state of Hesse Mr Volker Bouffier.

You are being honoured for the new Hessian police laws for which you are responsible, and with which the secrecy of telecommunication is further curtailed, informational self-determination is further undermined, and the public space is further degraded to a zone of complete surveillance.

The sheer number of new or revised directives makes it impossible for me to come up with a complete list of your freedom-hostile atrocities to hold it against you. So I have to limit myself to those enabling acts where the breach of constitutional principles is the most obvious.

Let's first have a look at the new rules for the surveillance of telecommunication (German: Telekommunikationsüberwachung, TKÜ). In Hesse you have now allowed police to tap telephones and use so-called IMSI catchers. IMSI catchers are devices with which the position of mobile phones can be quickly detected, even if they are not used. So-called preventive surveillance and the use of IMSI catchers are allowed for the prevention of acute harm to body, life or freedom of a citizen. Our criticism: Counter to express guidelines from the Federal Constitutional Court (Bundesverfassungsgericht, Germany's highest court), your law does not provide any regulations that protect the core areas of private life. Among such core areas are e.g. conversations between spouses, with close relatives or other persons of high trust.

Now you, Mr Bouffier, will object that for instance a bank robber will presumably not discuss details of married life with his wife over the phone while holding hostages in a bank. What you are overlooking here is that the expression "acute harm for body and life" has suffered severe damage after 11 September 2001. Many courts have been of the opinion that merely the abstract possibility that at some time somebody might want to commit an attack was sufficient to assume an acute danger in the present. "Present dangers to life and body" seem to be lurking just everywhere and at any time in our times of global terrorism. But who is to exclude, in this permanent state of emergency, that through your new authorisation communications that do belong to the inviolable core of the secrecy of telecommunication could be overheard? It is only a few months ago that the Federal Constitutional Court had to explain to the legislative body of the state of Lower Saxony (Niedersachsen) that the core area of private life is sacrosanct even in the surveillance of telecommunication. Your regulations disregard this ruling.

You are also responsible for a regulation according to which even persons under the age of 14, i.e. children, may be subjected to DNA analysis. The prerequisite is that these children have committed a severe crime and that such behaviour is to be expected from them in the future. Body cells may be extracted from them, the obtained material may be examined and the DNA signature stored for further use. What you are overlooking here, Mr Bouffier, is that children's misdemeanours do not normally impair the sense of security in the public. But a severe feeling of impairment of this sense of security is part of the constitutional definition of a severe crime. So there is a question of principle whether the youngest in the community are even able to commit a "severe" crime in the sense of the law. Beyond such doubts, you are disregarding the principle that early stigmatising of young people - e.g. through storing their data in a "rogues' gallery" - should be avoided. And finally you ought to have occupied yourself a little more with the objection that you are not even legally in a position to enact a law that provides for DNA analysis as a measure for the prosecution of possible future crime. This objection was expressly raised in an expert hearing in the state parliament of Hesse. This advice was obviously of little use, since the unchanged act was still laid before the parliament. And that is why in the near future the courts may well have to explain more fully to you the division of legislative competencies between the national and the federal state level.

Let's turn to the area of public traffic, which you, Mr Bouffier, obviously misunderstand primarily as an area of surveillance. As one of the first German federal states, Hesse has enacted an authorisation for the scanning of number plates. Through your authorisation, the police are enabled to compare number plates of cars with investigation databases while observing public traffic. A reference to an individual can thus be made whenever the car is being driven by its owner. The police can therefore know who was where at a certain moment. But this makes that measure different from "simple" video surveillance of public spaces by the police, where they don't normally know whose every step they are monitoring with their camera eyes. The fact that plate scanning produces personal references makes this measure seem exceptionally intrusive.

Also with respect to video surveillance you seem to think that you have to set new standards. The Hessian law about public security and order now contains an authorisation for the police to shoot video footage while taking personal details, for instance during large public events. Not only are you thus subjecting yet another area of public life - which indeed occasionally includes the taking of citizens' personal details - to total surveillance. No, you are also trying to differentiate in this authorisation between the inspected persons and inevitably affected third parties. Storage of data is only allowed with respect to the individuals inspected, with other passers-by there may only be collection of data, which is preliminary to data storage. But how, Mr Bouffier, are you going to prevent storage of data of a passer-by when the video image of this person is recorded? The jury really regards what is now contained in the law as legal nonsense, as has already been pointed out to you by experts' advice before the law was passed.

You, Mr Bouffier, are a repeat offender in terms of the Big Brother Awards. Already in 2002, you were honoured for a revision of the Hesse police law with which the requirements for "police investigation by data mining"¹ had been lowered considerably and which also ignored a ruling of the Frankfurt Court of Appeal (Oberlandesgericht Frankfurt). We saw this as your first considerable breach of civil liberties that severely damaged the assuring impression that we were living in a free country. Now the new Hesse police law is further proof of your low regard for data protection issues. Informational self-determination, Mr Bouffier, is a basic right. Quite erroneously, you still seem to believe that one can cut back on basic rights almost at will, without touching their very core at some point. This renewed offence against a free society leads to your infinite storage in our database of data leeches.

Congratulations, Mr Bouffier.

The BigBrotherAward in the category "Consumer Protection" goes to FIFA World Cup 2006 Organisational Committee for Germany of the DFB (the German Football Association), represented by Franz Beckenbauer, for the inquisitiveness of their questionnaires required for ordering tickets for the World Championship, for planning to pass on addresses to FIFA and their sponsors and for the use of RFID spychips in World Cup tickets, and the resulting attempt to make control surveillance technology more acceptable, for the benefit of World Cup sponsor and RFID producer Philips.

Indeed, it was quite predictable that the World Cup committee would receive a Big Brother Award. Already in 2003, the spychipped ticket for the 2006 World Cup was listed as a candidate. But at the time the jury decided in favour of Metro's "Future Store" field experiment, as the spychips were already in operation there. The Big Brother Award for the Metro had global repercussions: since then, RFID producers are facing the critics.

In 2004, the World Cup organising committee was back on the BBA list of candidates, as more details had become known to the jury, but we didn't want to be a bore and center on yet another RFID-related topic. "2006 is a long way off", we thought, "we can still do something a year from now".

But after presenting the awards one year ago, we suddenly had to realise that the World Cup surveillance scenario was much closer than we had thought. The association of active football fans (Bündnis Aktiver Fußballfans, BAFF) brought to our attention that the sale of tickets was only three months away, starting in February 2005. Lacking greatly in the area of football enthusiasm ourselves, we would almost have missed the impending data protection catastrophe ....

To the facts: Whoever wants to buy a ticket has to apply for it, and an application is about details. Personal details: Name. Address. Childhood diseases ... No, not diseases. But: Date of birth, phone number, nationality and supported football nation. - Excuse me? In Germany? 60 years after the end of the war, 60 years after whole ethnic groups have been killed in German concentration camps, a German company is really asking for my nationality in a questionnaire and enquiring for which nationality my heart beats? I am Greek and think the Turkish team is cool? I have an American passport and cheer for the Saudi-Arabian team? ...

And why, for example, would they need my date of birth? That's useless for ticket ordering, but - it is of greatest interest for marketing.

Who needs these details? Who is seeing them and what will happen with them? Well, in any case, they are going to FIFA¹, the international football association, who will pass them to their sponsors, such as Coca Cola, Mastercard, Gillette, Philips, the Airline of the United Arab Emirates, the Telekom, McDonalds, etc etc.

Sociologist Richard Sennett says that modern capitalism is essentially anti-democratic. It favours what he has called a "soft kind of fascism". According to Sennett, dictatorship is moving into modern politics, which is now leading to arbitrary and authoritarian decisions, disregarding completely what the majority of people may think.²

But actually this isn't about people at all. "It's all about security", says the World Cup Organisational Committee. And that's why all those who might be interested in a ticket are even required to specify the number of their ID or passport. However: collecting and processing these numbers is unlawful, according to German jurisdiction, because the law prohibits the use of the ID card's serial number as a personal identification key. But that hardly troubled the World Cup Committee of the German football association, DFB.

And obviously, the Committee felt quite safe in its improper use of personal details, because the Minister of the Interior, Otto Schily himself, is a member of the World Cup Organisational Committee and backed the use of the ID numbers, perhaps even requested it. The passport numbers will be stored in a database and can then be linked to the number on the RFID chip that is part of the tickets.

Both Otto Schily and the DFB were awarded "The Closed Clam", a negative award from the journalists' association "network research", for not answering questions that implied criticism. When FoeBuD roused publicity just in time before the sale of tickets opened and many journalists tried to put their questions to the Committee and the Ministry of the Interior, they met with the same deep silence. No interviews. No comment.

Even a caution by the Federation of German Consumer Organisations, vzbv, regarding serious defects in the questionnaires only made the DFB react when the association threatened them with a temporary injunction that would have closed down the sale of tickets.

Now, the DFB has agreed to a half-hearted compromise. Customers now have to expressly agree to having their details used for marketing purposes, but the illegal obligation to enter one's ID number remains. Just as illegally, unnecessary details are still being asked, and everybody applying for a ticket still has to include ID numbers of friends or family members if they want to order more than one ticket.

Vocal criticism has also come from the Data Protection Commissioner's Office of the federal state of Schleswig-Holstein. They have taken on FoeBuD's complaints and published a critical legal assessment. Here is a summary by Dr. Thilo Weichert:

"The World Cup is being used as a huge surveillance project that is to facilitate total control over football fans. However, this increase in surveillance will hardly achieve more security. (...) At the same time, the ticket procedures attempt to make the use of RFID technology, the use of spychips socially acceptable. RFID are useful in logistics, but using them on people is anything but helpful for data protection and privacy. Also, the application form asks for more details than are necessary. (...) As there is no other way to obtain tickets, football fans are faced with the alternative of either giving away their personal details or missing the World Cup. Apparently, the DFB is more interested in marketing the fan as a commodity than in him enjoying the game."

It is a fateful trend that services are increasingly made to depend on citizens' presenting themselves as transparent customers. It is the arrogance of an increasingly totalitarian system to force personally identifiable tickets on customers.

The continual chants of "security aspects" that we have are exposed to as justification for this new law and that latest measure are nothing short of a farce. If football matches today are indeed such a security risk that they can only be hosted by totalitarian states, then football fans will just have to travel to such states for their passion. We do not wish for a state that, using constant threats of vague dangers of terrorism, is forcing us to relinquish civil rights and restrict ourselves to inconspicuous behaviour.

To collect personal details on the application form creates no security. The RFID chip in the ticket emits a radio signal so fans can be tracked and movement profiles constructed - but it gives us no rise in security (it probably just helps to raise the ticket price on the black market). Obviously, the World Cup Organising Committee know that as well.

Here is an original quote from an interview between a journalist and one of FIFA's highest-ranking IT specialists: "Why do you need RFID?" - "Because Philips is our sponsor." - "Are there any technical advantages with these chips?" - "Philips is our sponsor. Please ask their representative."²

With this World Cup, an attempt is being made to use tickets, desirable as they are to all fans, as a lever to establish RFID technology in Germany - after all, the RFID reading devices are hardly going to be dismantled after the end of the tournament. Thus, a potentially far-reaching surveillance and control system is made acceptable to the public - with the football fan as guinea pig.

And you, Mr Beckenbauer, keep holding your face into every camera for that, too.

As a result, you're now popular even with the Big Brother Awards. By numbers alone, you have reached second place in our nomination charts. But that is no reason for joy, for every nomination is a red card - pointed at you by German football fans.

Heartfelt congratulations, dear DFB, dear World Cup Organising Committee, and dear Franz Beckenbauer.

The BigBrotherAward 2005 in the Category "Technology" goes to well, yes, to whom actually? for the creeping degradation of citizens to objects of surveillance and the act of playing down dangerous tendencies towards ubiquitous observation.

Do you sometimes pick your nose when nobody is looking? Do you prefer sleeping in the back rows of an auditorium to listening to boring speeches? Do you sometimes rob petrol stations?

"There won't be anybody coming to look, anyway!" you say? - Well, no, not so fast. Because all kinds of snoopers are looking in on us, in more and more areas of our lives, and we hardly ever notice them. It's just that they don't come to look but hide behind monitors fed by video cameras - a very one-way line of sight in which they don't have to reveal themselves as watchers. The observed is barred from seeing the observer, he transforms into a mere object of surveillance and does not know by whom, when and from what distance and for what purpose, he will be looked at, gazed at, leered at or filmed.

Judges at German courts however bestow a number of quasi-personal rights to anonymous cameras as representatives of governmental powers and institutions. Already in the year 2000, the Bavarian Court of Appeal (Oberlandesgericht) ruled that "flashing the finger" at a camera should be seen as a personal (!) insult to the police officers leering at the monitors, and could be fined. The regional court in the town of Stadtroda wrote an almost identical sequel to this novella in 2004. Does one have to fear soon to be taken to court for insulting a finder, when losing one's wallet with holiday photos showing the naked behinds of people one met on the beach?

In this light the following scenario seems to be only too consistent: Should you be short-sighted and walk past your girl-friend whom you were going to meet at the underground station Brandenburger Tor in Berlin, and then return when she calls after you - well, then you'd better prepare yourself for a small police crowd gathering around you. Or, better, you should plan your rendezvous somewhere else in the first place. Because according to an analysis of typical behavioural patterns this kind of behaviour (walk past, stop, return, and then stand together) is associated with drug dealers - and for that reason will immediately raise the alarm of pattern-recognition software in the future. And if you don't want to change your normal behaviour: the drug dealers for their part will surely be quick about changing theirs. Which is why pattern recognition alone will be no solution in the long run.

"So why not always try out the newest technology, or rather, have it tried out?" Thought the manager of Berlin transport (Berliner Verkehrsbetriebe, BVG), Mr Thomas Necker. And that is why - perhaps boosted by a little extra advertising revenue - he has turned the complete underground station into a playing ground for makers of surveillance technology. The playthings were installed by grateful companies, and the necessary utensils, namely us, come for free.

Deutsche Bahn, Germany's major railway operator, like Berlin transport and other local transport companies, are also investing in ubiquitous video surveillance in their stations and on their platforms. One has to be almost thankful that in an "Inter City Express" (ICE, Germany's high-speed train) one is not yet under constant observation by a video eye, as is already the highly questionable normality in many busses, trams and railways. But before escaping into the ICE one is under extra-thorough observation. And since nothing is so good that it could not be made even better, the Deutsche Bahn is now planning to install a centralised observation centre in Berlin. Here the home-grown security forces of Deutsche Bahn and the Border Protection Force (Bundesgrenzschutz), now called Federal Police Force (Bundespolizei), shall have access to all video cameras in German railway stations. The proclaimed goal is to fit each and every station with at least one camera linked to the observation centre in Berlin. Apart from the lack of a legal foundation for this construction (there is, e.g., as yet no data protection contract between Deutsche Bahn and the Federal Police Force, as the Berlin Data Protection Commissioner remarked somewhat sourly), one asks oneself what use it could possibly be that someone in Berlin could watch somebody being attacked at a railway station in Munich. But all this is probably nothing to do with petty things like public disorder or rape or bag-snatching, but about the really big threats: terrorism, or at least robberies and murders, which one wants to able to see centrally even if one can't prevent them from such a distance.

At least one thing is perfect about this kind of surveillance: the sweeping registration of significant parts of the lives of many people who have to rely on public transport, like commuters and school children.

One can almost pity the police authorities of a great number of communities who are not able to simply "compute" potential misdemeanours of the people they observe in real time, but still have to evaluate the footage from the growing number of surveillance cameras with their own eyes. The mere placement of such mobile installations all-too often neglects the balance between usefulness and infringement of constitutional rights. As for example in Leipzig, where despite the most obvious futility of video-monitoring of a public square deemed prone to brawls, observation of that place was pushed through even with the help of downright lies, openly uttered before an astonished public. Also in Bielefeld the justification of video-surveillance of a park (Ravensberger Park) was not all too truthful. The Ministry of the Interior of the state of North Rhine-Westphalia claimed a great success and decreased crime rates. The opposite was the case, as FoeBuD found out for the years 2000 and 2001. The number of offences committed in the park even rose from 6 to 9 after cameras were installed in 2000. What didn't fit the picture should obviously be made to fit, however clumsily.

Considering such observation furore from governments one need hardly wonder that private enterprises also want to take advantage of what public institutions are preaching and demonstrating before their very eyes in so many different ways.

"Why should I pay heed to legal prescriptions about notices when governmental surveillance is operating more and more secretly, without the knowledge of the people affected?" is what bookseller Stilke must have thought when he clandestinely installed video cameras in the ceiling of his branch in a Hamburg railway station, in order to "have an eye on" his employees - clearly against the law. And since according to a German motto "attack is the best defence", the employee who had accidentally discovered the camera was fired at short notice, for alleged damage of property (the camera).

Video monitoring has become part of our every day life to such an extent that there seem to be no moral inhibitions left. It hardly occurs to most of the "vidiots" that there even might be legal boundaries that must not be crossed.

Those suffering a wrong or maybe just fearing one are, it seems, readily prepared to take the law into their own hands. Not seldomly these protagonists shoot far beyond the mark and lose sight of any proportion - especially in terms of personality rights of the people affected.

Belonging to this category is the secret video recording and subsequent publication on the internet of shop customers' images by Macintosh retailer GRAVIS. Apparently they didn't want to bother police and the state prosecutor with extra work, so they published secretly taken video recordings of customers on the internet themselves, asking visitors to the website to help with identification. The alleged targets were members of a gang of burglars who systematically broke into GRAVIS stores. As a winner's reward in this "pillory-game" they offered an iPod?

FoeBuD's funny sticker saying: "For reasons of hygiene this toilet is monitored by video!" has been in circulation for several years now. More than a handful of people after reading this notification have cast startled looks at ceilings of "restrooms", looking for live cameras ? But there is no idea absurd enough that it couldn't be topped by reality. Wellness Oase Mediterana in the town of Mönchengladbach are a case in point.

After paying a not really modest entrance fee, one is welcomed - apart from oriental designs, luxurious saunas and soothing muzak - by video cameras in the ceilings of the changing rooms. Not only is the legally required notification missing, there is also no way of finding out who watches all these pictures of naked people - or records them, or maybe even deletes the recordings occasionally. Whether there is some kind of data protection representative also remains one of the sweet secrets of the operator.

Although this sobering collection of outrageous examples is sufficient proof that we really are on our way to ubiquitous video surveillance, we could continue this list for hours on end. We have therefore decided not to point out a single winner in the Technology category of this year's Big Brother Awards. All the others would get the impression that for the moment they had got away with what they are doing.

No. We say our heartfelt congratulations to all of you out there! You are in really bad company!

The BigBrotherAward in the category "Communication" goes to Erhard Rex, General Attorney of Schleswig-Holstein, as chief of the Public Attorney's offices of Kiel and Lübeck for a large area search for witnesses using mobile phone locating without well-funded justification, and for his refusal to allow inspection of the associated files by the data protection commissioners of the federal state of Schleswig-Holstein.

In June 2005, a remnants market in the Schleswig-Holstein city of Bad Segeberg burned down due to arson. The state attorney submitted a request to allow police to perform a so-called radio cell inquiry. Network operators T-Mobile, Vodafone, E-Plus, and O2 were ordered to identify all their customers who had used their mobile phone near the scene of the crime during the night of the fire. Seven hundred mobile phone owners subsequently received mail from the police. They were asked in a questionnaire where they had been that night, who was with them and whether they had noticed anything uncommon. In a press statement, police made clear that those who wouldn't reply would arouse suspicion.

The questionnaire was voluminous - for instance, anyone who was in a vehicle that night was asked to provide the license number, brand, type and colour ... of his own vehicle. Were police really just looking for witnesses? Among the receivers of the questionnaire was a journalist who had reported about the fire for a local newspaper and had used his phone at the scene of the crime. Press reports finally caused the case to be raised in Schleswig-Holstein's parliamentary committees of internal and legal affairs. It was brought to light that this radio cell inquiry had been a very special debut: for the first time this kind of investigation had not been used to identify suspects or even offenders, but mere witnesses who were then treated as potential suspects all the same.

A murder committed in Oedendorf (south-east of Hamburg) in June 2005 also led to the use of mobile phone location. About 3000 individuals were identified due to an order issued by the Public Attorney, but after public pressure this line of investigation had to be abandoned. But 150 persons had already been questioned over the phone. How many of these will have made themselves suspicious by careless remarks or misunderstandings? As the site of crime was next to a country road and a motorway, many mobile phone users who were just passing by had attracted the attention of police investigators.

It remains unknown what happened to the retrieved data and call protocols. When the Independent Centre for Data Protection, Schleswig-Holstein (the state's Data Protection Commissioner) requested wanted to inspect the case, the attorney ordered police not to disclose the files.

It is the Big Brother Awards jury's opinion that in both cases the state's legitimate interest in criminal prosecution was exercised in a way that violated the constitutional rights of the affected citizens in an unacceptable way. Cell phone providers were forced to violate their customer privacy agreements without probable cause. Countless innocent citizens were turned into suspects. The burden of proof was reversed - potential witnesses had to prove their innocence.

Congratulations, Erhard Rex, State Prosecutor of Schleswig-Holstein.