The BigBrotherAward 2012 in the “Workplace” category goes to Bofrost Dienstleistungs GmbH & Co. KG, Bofrost Services.

Bofrost receive this award for unabashedly accessing a legally protected electronic file belonging to the staff council. Bofrost seem to have no sense of guilt despite having been found to be in violation of the law; they continued to pursue industrial law court proceedings in higher courts, after losing in the first instance.

[Note to international readers: a staff council, or works council, is a ‘shop-floor’ organization representing employees at the company level in labour negotiations. Staff councils are a major element of the co-determination provisions in German industrial law. Companies above a certain size must establish a staff council, consisting of regular employees and elected by the whole workforce. Staff council members carry out their duties using some of their regular working hours. They must not be obstructed and can only be dismissed for “extraordinary” reasons.]

On their website, Bofrost declare their intention to act as a “pragmatic, cooperative, reliable and enterprising” business. A member of the company’s staff council got to experience that cooperative pragmatism. He was accused of having written a position paper in support of sacked employees during his working hours, which Bofrost regarded as inadmissible. This paper had been e-mailed from a staff council computer to their legal secretary.

Bofrost got to know of this e-mail during industrial law proceedings against these sacked employees. The company then wanted the staff council to reveal who had written the paper. When the staff council refused to answer, Bofrost accessed relevant data that belonged to the staff council secretly, without the staff council’s actual knowledge. Bofrost claimed that a company framework agreement would authorise this and that the staff council had been notified of the access and asked to consent to the data being examined. Interesting how easy data espionage can become in a constitutional democracy. Naturally, the staff council did not agree and objected to the request to access the data.

The information that was then obtained secretly and without actual knowledge of the staff council led to consequences. The staff council member received an extraordinary dismissal. The reason given by the employer was that writing such position papers was not among the tasks of the staff council, therefore the paper’s author had defrauded the company by misusing his work time.

Bofrost’s actions led to a number of industrial law cases, which were all lost by the company. The local industrial court of the city of Wesel declared the dismissal invalid. In another case, the same court ruled that Bofrost was generally not permitted to access the staff council’s electronic data.

Although the industrial court’s decisions were an all-round slap in the face for Bofrost, the company was not deterred from appealing the decision in the dismissal case. The higher industrial court went ahead and slapped Bofrost again: accessing staff council data was declared unlawful on the 7th of March, and no appeal was allowed.

Another case shows that the company is not willing to listen to plausible and judicially confirmed arguments. Staff council members at another Bofrost site noticed that remote control software had suddenly appeared on their computers. This had been secretly installed by Bofrost and enabled clandestine access to staff council data. The company hadn’t even bothered to go through the legally required processes of prior information and co-determination. The software installation was therefore illegal. There was one consolation though: after this was found out, the software was uninstalled.

This kind of behaviour highlights that employee representative’s rights are not regarded as a desirable quality feature by Bofrost. Numerous privacy scandals of the last few years – we will cite just two examples, Lidl and Daimler – and the debate about protecting employees’ personal rights seem to have completely passed the company by. Could it be that the responsible people were locked into a cold store at the time?

Bofrost, Lidl and the others are not alone. The BigBrotherAwards jury have had several reports of similar cases this year. Again and again, staff council members experience inadmissible inquisition and snooping, during which employers access stored data. And the employers don’t seem to fear making headlines with such privacy scandals at all.

But it could be worse – if the governing coalition in Berlin adopt their draft of an “employee data protection law”, that is. In contrast to what the name suggests, the law will not improve workers’ protection against computer files being spied upon. Instead, it creates new opportunities for companies to collect and analyse data, far beyond what is legally permissible today. The law would legalise many past privacy violations in retrospect. In cases where breaches of duty or criminal behaviour are suspected, monitoring abilities would even be extended. This new law would not protect employees (despite what its name suggests), but company interests. A more approprate name for this “employee data protection law” would therefore be “employee surveillance authorisation law”.

One law would remain unaffected by this change, however: the works constitution act (Betriebsverfassungsgesetz, the main German co-determination law). Bofrost still won’t be able to clandestinely inspect staff council data; such actions are and continue to be forbidden.

We can only advise Bofrost to brush up on their legal knowledge and swiftly put that into practice – before another industrial court pours cold water on them again. With actions like these, Bofrost will clearly miss the aim displayed on their own website: to become one of the best employers in Europe.

Congratulations on the BigBrotherAward, Bofrost.

The BigBrotherAward in the “Technology” category goes to Gamma Group, represented in Germany by Gamma International in Munich, personally by its general manager Stephan Oelkers, for their software FinFisher. FinFisher is used by authorities to penetrate computer systems in order to install surveillance software.

An excerpt from their sales brochure reads as follows: “Remote surveillance and software-installation products enable access to the target systems (computers and telephones), allowing remote control, data analysis, eavesdropping on encrypted communications and data collection. …”

With frightening frankness, Gamma offer their services on their German website – despite the fact that development and distribution of this kind of spyware is prohibited by German criminal law (Par. 282c StGB). However, this only applies to dealing with private customers, not to sales to domestic official agencies, or the secret police of a foreign dictatorship. At least that was the reason why the Munich prosecution refused to open a case against Gamma.

The so-called “Federal Trojan” (Bundestrojaner) is one of the most controversial investigation tools for the German police and secret services. Once installed on somebody’s personal computer, it enables government agencies to search the machine’s contents remotely and covertly, snoop through e-mails, or record passwords. Even the computer’s microphone and web cam can be activated for surveillance. Although the Federal Constitutional Court has strictly regulated the use of such programs in Germany, other countries are much less squeamish: in Syria, Turkmenistan or Oman the secret police will routinely spy on computers of opposition members, and persecute them for advocating a more democratic state.

Pro-democracy movements are increasingly using the Internet for their activities. Consequently, government agencies would like to be able to observe the “electronic life” of a targeted person. Large-scale control of the Internet as well as targeted examination of private computers, e-mails and Facebook accounts are methods of choice.

Documents found during of the storming of the headquarters of the Egyptian state security agency prove that the secret police was going to hunt down members of the opposition using a Trojan made by Gamma group. The agency ran extensive tests on a Gamma laptop and rated the FinFisher software very positively.

In cooperation with Swiss company Dreamlabs, Gamma have offered a so‑called “Infiltration Proxy” from the FinFisher product family to countries such as Oman or Turkmenistan. With this software, thousands of computers can be equipped with snooping software en masse.

There has been a lot of discussion in Germany about how spyware is planted onto a suspect’s computer. We know from recent cases that the usual method is for agencies to choose direct physical access: a faked break-in to bug the PC at night, or a security check at an airport, where officers would be able to get their hands on a laptop for a few minutes under a false pretence. But there are more elegant solutions: Security holes in applications or in the operating systems can be exploited by agencies using so-called “man-in-the-middle” attacks to install spyware on the computer. The spyware vendor in this case obtains knowledge about software security vulnerabilities on the black market and offers wire-tapping services for the user’s internet connection, in most cases with assistance from the service provider. Whenever affected users run a piece of software with a vulnerability, for instance the iTunes music shop, they will unwittingly install the spy trojan on their machine. A presentation by Gamma explicitly names Apple’s iTunes as an intrusion path for their software.

Gamma Group offer their services in this specific market segment, known as remote intrusion. Their FinFisher product provides agencies with a comfortable tool to intrude into their target person’s computer and place the spy software on it.

Gamma are one of the main sponsors of international security shows such the ISS in Dubai, and there they also offer their FinFisher software to government agencies of countries where human rights are respected to a far lesser degree than here in Germany.

The German Federal Criminal Police Office (Bundeskriminalamt, BKA) has shown interest in Gamma’s FinFisher software and has purchased a test license, as confirmed by the federal government in response to an parliament inquiry.

Structures behind the internationally operating Gamma Group are less than transparent; their exports are handled via other companies. We do therefore not know if we have picked the correct recipient for our award: we do not know who really is behind Gamma in Germany. We have chosen Mr. Stephan Oelkers because he repeatedly appears in presentations and the trade register contains his name with general commercial power of representation.

Congratulations Mr. Oelkers, of Gamma Group.

The BigBrotherAward 2012 in the “Consumer Protection” category goes to Blizzard Entertainment, Inc., a division of Activision Blizzard, for turning a playful spare time activity at the computer into a battle for privacy with a seven-headed dragon. A first victory has now gone to the online role-players; but the dragon has only been lightly wounded, and it is rearming.

If you are familiar with fantasy literature and mythological figures, you will know: dragons, especially the multi-headed varieties, are often used to symbolise evil. Such as Hydra, the serpent-like beast Heracles had to slay as the second of his twelve labours. Now online role-players are getting to feel the might of the dragon, too – and not just while they are completing their tasks or “quests”.

There is a dragon that follows the players all the time, and whose presence they can not notice, because it is invisible. It hides away in the terms and conditions, successfully camouflaged under pages and pages of text, which (as we all know from experience) are swiftly clicked away so that one can finally get on with the game.

Just this once, we would like to examine closely what such a dragon looks like, and how it affects the players. A Hydra, for example, possesses nine heads, eight of which are mortal and one immortal. As soon as one head is cut off, two new heads grow in its place. The dragon deployed by Blizzard Entertainment and other online role-play providers, such as second market leader Electronic Arts, has rather similar features.

Once upon a time, around the year 2004 or 2005, online role-players would simply create a cool phantasy name and an enchanted password to open the gates to the dungeons of the virtual worlds. Today’s laureate, the Blizzard dragon decided in 2009 that this was no longer good enough. It wanted to register all users in its universal account system, encompassing several games at once. Since that time, all users are forced to register with an existing email address. Other game providers followed the example. The weapon which the dragon deployed for this assault on privacy was the first of its seven heads: a change of terms.

The Terms

In effect, terms are the immortal “chief” of the games. They force the user to accept all conditions, without exception. Without clicking the “accept” button, users are not granted entry to the “World of Warcraft” and other virtual game environments. By accepting, the users relinquish “all rights and title in and to the service (including without limitation any user accounts, titles, […] characters, character names, stories, dialogue, […] moral rights, […] transcripts of the chat rooms, character profile information, recordings of games)” – this is quoted from Blizzard’s “terms of service”, through which the provider is given wide-ranging influence over the users’ private data.

For example, users must consent to a permanent

Memory Scan

of the computer’s working memory while the game is running, carried out by the provider’s software (the software used by Blizzard is called “Warden”, Electronic Arts has “Origin”). The scan will register all processor activity. These programs were developed because many players were using so-called “bot” programs to collect “gold” or increase their character’s strength. This upset most other users, and there were calls on the providers to respond. The memory scan is meant to detect “bot” programs and prevent cheating. What the providers will do with the information they collect – not all related to gaming – is completely unclear. This led the Electronic Frontier Foundation and other civil rights groups to rate the scanning programs as “spyware”.

The next dragon head with a license to spy is the permission for

Chat Recording.

This affects all the text communication that is typed into small chat windows during the game. At least Blizzard is not storing audio chat recordings, as an automatic analysis is technically unfeasible due to the variety of languages and dialects. At least for now.

A very rich source of spy fodder for our dragon, though, is

Game Recording.

This registers all of a player’s actions chronologically. To prevent users from realising that a data retention and movement profiling scheme is established here,

Player Rankings

were introduced. Honourable mentions will appear for fights, “player versus player” action, for completing “dungeons” and “raids”, for professional skills acquired by one’s character, its reputation, and its participation in so-called “world events”. Reading information about a character is not restricted to the owning player. Everyone who knows the name of a character in a gaming “world” can use the so-called “armory” to access the information on the Internet. This will reveal how often and how long players have been playing.

By observing the way a player has played over time, a

Personality Profile

can be obtained for every player. US patent 20070072676 – filed in 2005 and published in 2007 in the name of a Google researcher – describes in detail how recorded gaming characteristics, time spent in chats, behaviour in trading, territory exploration, decision-making in conflicts, a calm or aggressive style of playing or a player’s readiness to take risks can all be analysed for the purpose of targeted advertising.

Psychologists could well derive from this whether someone might join the military, who should have his credit rating downgraded, who possesses leadership qualities, who should be avoided because of rowdy behaviour, who is a potential game addict or probably unemployed. Some game tasks seem like they were written as a direct recruitment tool for special forces – players may have to carry out targeted killings of civilians, or force confessions by torturing with electric shocks. Tasks like this have a strong resemblance to the Milgram experiment of 1961, which tested ordinary people’s readiness to follow authoritarian orders even if these were clear violations of their conscience.

In the field trial labs of our “dragon creator” Blizzard, everything is recorded. It doesn’t take a lot of imagination to come up with organisations that might show great interest in these player profiles.

“This will not harm me as long as I operate my avatar anonymously”, many players may have thought – that is, until

Friend Lists

were going to be introduced. The friendship scheme would have compelled forum users to use their real name online, instead of a pseudonym. Again, this was prompted by players calling on the provider to act against trolling co players. “Fine, we will personalise our service then”, was Blizzards response, “and while we’re at it, why don’t we include Facebook accounts and their friend lists as well.” In the words of the company, this would “enhance the social-entertainment experience for our players”. At least this feature is optional: Players must actively allow Blizzard’s game “Starcraft II” to access friend lists on Facebook.

A co founder of the company praised the change with the claim that “removing the veil of anonymity typical to online dialogue will contribute to a more positive forum environment, promote constructive conversations, and connect the Blizzard community in ways they haven't been connected before.” But the players were not at all pleased that their employers or neighbours might suddenly be able to identify them as regular online players. Very soon, there were more than 12,000 complaints filling the German forums alone. A “shitstorm” broke loose on the dragon, on Blizzard and its “battle.net”.

The community manager in the US wanted to lead by example and blithely published his real name. Soon, this led to action: at lightning speed, his address, phone number, age, name and age of family members, personal preferences and more details were posted in the Internet forums. Capitulation was achieved within two days. It was announced that “at this time […] real names will not be required for posting on official Blizzard forums”. This was at least a partial victory won by players with their growing desire for protection of their personal rights and data.

Blizzard had already won an Austrian Big Brother Award in 2005, in the “communications and marketing” category, for spying on computer’s working memory and data.

Our reason to give today’s BigBrotherAward is the full interaction between numerous components, under the label “Real ID”. When players log on to, say, “World of Warcraft” and “Starcraft II”, using the same e mail address, they find themselves on Blizzard’s battle.net server and they can see if their friends are online in other Blizzard games. And of course they can be seen themselves, too. If players just want to have a good time in a colourful gaming world and not leave a character fingerprint on the network, they must be very well informed, use separate e mail addresses and take meticulous care to separate their game identities.

The dragon may have lost one head in the failed attempt to introduce real names via Real ID. But soon, two heads will grow back – what will they be? Blizzard’s partial withdrawal was not caused by insight, neither was it for the sake of players’ convenience: it was due to massive protests against a naive mistake in marketing. With comprehensive recording of players’ actions and behavioural patterns, Blizzard and other game providers are paving the way towards personalised in game advertising and character profiles that could easily be shared with third parties after a clandestine change of terms.

To make one thing clear: we do not think that online gaming is evil as such. Blizzard in particular offer some very creative games. We would wish that this BigBrotherAward – and the publicity that comes with it – will make Blizzard rethink its privacy settings, and that players will take the trouble of actually reading the terms. Our hope is to set a signal for the whole gaming industry, for the benefit of consumers.

In that spirit – congratulations, Blizzard Entertainment, on the 2012 BigBrotherAward.

The BigBrotherAward 2012 in the “Politics” category goes to the Federal Minister of the Interior Dr. Hans-Peter Friedrich (CSU, the Christian democrats of Bavaria) for establishing a cyber defence centre without authorisation from the German parliament, for establishing a joint defence centre against right-wing extremism also without consulting parliament, and for the plan to soon create a centralised, joint database on “violent right-wing extremism”.

The plans for the joint database and the new defence centres cause police, secret services and the military to be networked and integrated in a troublesome way. This is a violation of the German constitution’s historically rooted imperative that these security authorities must work independently and in strict separation.

The full text is not yet available in English, sorry.

The BigBrotherAward 2012 in the category “Government and Administration” goes to the Saxon Minister of the Interior, Mr. Markus Ulbig, for 28 mobile phone cell queries in the area of Dresden.

The original events leading to this prize date back more than a year, and had we known at the time, the beautiful little statue would have been in Dresden for a year now. But the scandal from February 2011 started trickling through to the public only last summer.

But let us start at the beginning: On 19 February 2011, 20,000 people demonstrated in Dresden against the annual Nazi parade. Our laureate’s police started investigating some of these demonstrators for 23 criminal offences within a known timeframe in 14 exactly known locations.

Encouraged by the police and the Saxon’s Criminal Police Office (Landeskriminalamt), the prosecution authority in Dresden submitted a request for cell phone connection data to the local court. What followed was a veritable data landslide. On behalf of the Criminal Police Office, cell data for three locations in the Dresden area was requested for a timeframe of several hours. Additionally, connection data for a 12-hour timeframe was requested for the entire southern city centre, where the demonstration had taken place, and for the vicinity of a building housing a youth convention centre, party offices and lawyers’ offices for a full 48 hours. Shortly afterwards the mobile phone service providers transferred a staggering 1,000,702 records for 323,503 subscribers to the investigating authorities.

This wasn’t kept under cover for long: as early as summer 2011, data from these requests surfaced in inappropriate places – investigations for which a phone cell query would certainly have been denied. The investigated persons were surprised to read that they had made a phone call during the demonstration, at a given place and time. This raised some questions.

Scrambling for answers, the state government initially only admitted to having obtained 460 records, but by July 2011 40,732 subscribers had been identified, and by the end of the year that number had risen to 55,000. At the same time the acknowledged number of connection records rose steadily and on 23 November 2011 reached 1,067,433.

The large majority of these records were collected on 19 February 2011 between 7 a.m. and 7 p.m., in an area with several hundred thousands of residents, some 20,000 protesters according to police estimates, and 6,642 police officers. This is what people call a data tsunami, and it has later been called a “Saxon Fukushima”.

So what was it all for? Only a tiny fraction of the records had been requested to assist in criminal investigations. The major part was intended to be used for investigations against suspected members of what was probably a small suspected criminal organisation. What is the point of attempting to find a group of maybe one or two dozen people in a database of more than a million records? Apparently the Saxon police, headed by the laureate, Interior Minister Markus Ulbig, had the ambition to search for the proverbial needle in the haystack. Unfortunately, Mr. Ulbig, this is not a haystack which your officers are searching, but private communications of tens of thousands of citizens, which enjoy special legal protections. Most of these citizens were not in the city centre of Dresden just for fun, but because they live and work there. What makes this matter particularly juicy is that there were also tens of thousands exercising their constitutional right to freedom of assembly, in order to give publicity to an important social matter and voice their disgust over Nazis running wild.

In passing, the laureate’s Saxon police obtained mobile phone connection data for an entire large demonstration, with which they can now determine: who was there? For how long? Who called whom? What were that movements of individual groups?

What the Saxon police achieved with these phone cell queries amounts to an “impromptu data retention”. Didn’t the Federal Constitutional Court reject Germany’s data retention law just one year earlier?

The Saxon data protection commissioner – the state’s voice of reason, in a way – had to assert, rather shocked, that nobody seemed to have asked questions about the measure’s proportionality.

Our laureate is no security apparatchik, but an administrative civil servant. On the Ministry’s website he prides himself on his local origins, and on having been mayor of a district town: “His ear close to the local people’s hearts”. But unfortunately he has shown a lack of sound footing, or sense of proportion, in his tenacious defence of his subordinates’ actions. His behaviour exposed Saxony to an undignified debate, which further revealed that there are accomplices in this data madness. The laureate absolved his officials of all culpability on the grounds that the phone cell queries had been initiated by prosecutors and ordered by judges. The prosecutors and judges to whom the blame had been shifted declared that they saw no need to answer to some data protection activists’ criticisms. The buck kept being passed around – the data records are still not deleted.

We must also hold against our laureate that he and his accomplices have not shown any sign of regret in the past 14 months. Phone owners are still being identified, while the intention is that most affected people will never know that they were devoured by the big investigator’s suction device.

Congratulations, Minister Markus Ulbig!

The BigBrotherAward 2011 in the category Technology goes to the fashion brand Peuterey, represented by the Düsseldorf fashion agency Torsten Müller.

This negative prize is awarded to Peuterey for covertly deploying RFID tags in clothes. These tags are remotely readable, unnoticed by the customer. The tab containing this “spy chip” is imprinted “Don't remove this label”, without any information about the hidden chip. This is a massive violation of the customers' rights to informational self-determination.

The full English text is not yet available, sorry.

The BigBrotherAward 2011 in the “Workplace” category goes to the German Federal Customs Administration.

They allow themselves to be exploited by the Russian state as they require German companies to cross-check their employees against Russian anti-terror lists. These lists are compiled by the Russian secret service FSB (formerly KGB) pursuant to a confidential Russian law. In consequence, energy companies, for example, that comply with the obligations of the Federal Customs Administration will subsequently be favoured by GASPROM for energy supplies. There are now several hundred German companies participating in the process. – Attention: April Fool's Day! – It is not GASPROM that is favouring customers, but European and American companies. To participate in trade facilitation agreements, companies are asked to agree to voluntary security checks. These involve cross-checking employee data against European and sometimes US anti-terror lists, even though this practice is prohibited by German data protection legislation.

The full English text is not yet available, sorry.

The BigBrotherAward 2011 in the “Communication” category goes to Apple GmbH in Munich for taking their customers hostage by way of expensive hardware and subsequently blackmailing them into accepting a questionable privacy policy.

An iPhone is a fancy piece of hardware and costs a few hundred Euros. And once you bought it, of course you will want to actually use it for a wide variety of tasks. After switching it on for the first time, the device welcomes you with the request to enter your “Apple ID”, or at least to give your user account details for iTunes (Apple's online shop for music, films and software). Without entering these data, you can only use the gadget for telephony. For nothing else. You won't be able to use any of the functions for which you actually chose to buy the iPhone. Eager to fully use the device, hardly any customer will be prepared to delve into the small print – as much as 117 pages on the small screen. But you'd better read it all – in particular the chapter called “Privacy Policy”.

In this chapter, the company reserves the right to “share this personal information with [Apple's affiliates] and use it consistent with this Privacy Policy.” This is not restricted to credit card numbers to process music purchases, but includes “occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used”. Apple wants to “better understand customer behavior and improve (its) products, services, and advertising”. Additionally, Apple and its “partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device.”

Whenever a company wants to collect such data, the German Federal Data Protection Law requires the user's explicit consent. A simple checkbox “I agree” during the phone's update procedure will probably not suffice here. Also, it is completely unclear how one might declare one's dissent to the sharing of data. The Federal Data Protection Law explicitly requires the consent to be voluntary in §4a. But imagine you just bought a device for several hundred Euros and might not be able to use it unless you declare your consent to the “Privacy Policy” – it is questionable, to say the least, that your consent will be voluntary.

More generally, you might wonder what you actually bought into when you acqured such a gadget. Which customer rights apply? Could you claim for a “defect” when the terms and conditions are modified, possibly even at a later date, to the customer's disadvantage? Apple seems to be very confident – and most customers will reluctantly bite the bullet.

Other manufacturers prove that it is possible to offer such a product without compulsory assimilation of customer data. With Apple, though, the customer has no choice. To add software, he is forced to use iTunes or the AppStore, and therefore consent to Apple's conditions. It's a matter of sink or swim.

Apple's corporate strategy seems to be focused on gathering as much user data as possible, similar to social networks. In particular, users’ localisation or positioning data is highly coveted by Apple's advertising partners for the purpose of personalised, location-based advertising.

Since evidently not enough customers are complaining against Apple's use of customer data, we hereby raise this complaint by presenting a BigBrotherAward in the category “Communication” to Apple GmbH in Munich.