Workplace (2011)

Daimler AG

The BigBrotherAward 2011 in the “Workplace” category goes to Daimler AG in Stuttgart for requiring blood tests from their entire production workforce. This kind of modern-day vampirism is practised in disregard of personality rights and mostly without any such need in industrial law. Daimler had originally demanded these blood tests from their administrative employees as well, but this practice has been discontinued. Daimler receive this award as a representative for several German companies that require such blood tests – because the car manufacturer does not consider the blood tests themselves problematic, but the restrictions on medical practice imposed by data protection legislation.
Laudator:
Prof. Dr. Peter Wedde am Redner.innenpult der BigBrotherAwards 2021.
Prof. Dr. Peter Wedde, Frankfurt University of Applied Science

The BigBrotherAward 2011 the “Workplace” category goes to Daimler AG in Stuttgart.

Daimler receive this award as a representative for several German companies that require blood tests from their entire production workforce. This kind of modern-day vampirism was practised at Daimler until the end of 2009, in disregard of personality rights. In most cases, there was no requirement for such tests in industrial law.

No candidate wishing to gain a contract could avoid being tested. In theory, the blood tests should have been voluntary according to industrial and privacy laws. But effectively a “no” could mean the end of the dream of a good job at Daimler. How could that be voluntary?

Daimler responded to critical reports about the procedure by saying that taking blood samples had been practised in “good faith” for a long time. The company assumed the practice to be in conformance with applicable laws. They must have been unaware of the fierce legal debate about blood testing that had been going on for years. Company labour lawyers were apparently engaged in other activities than caring about the basic rights of employees.

Surprisingly, even the joint workers’ council at Daimler sided with the employer on the question of blood testing. In a statement after the accusations became public, the spokesperson of the joint workers’ council, Silke Ernst told the press that blood tests were permissible on the basis of a company agreement from 2004. This means that since 2004, blood samples had been taken from all new employees in administration and production, with the approval of the workers’ council. This is not how we imagine the protection of employees’ personality rights!

The Daimler AG has since stopped blanket blood tests in in response to the critical discussion. Applicants for jobs in production still have to endure the bloodletting, though.

Daimler must have had no choice but to reduce the practice in part, after the Data Protection Office of the state of Baden-Württemberg burdened the company's “good faith” with a critical assessment. The state's data protection officers found the blood tests to be completely unrelated to the job, and therefore deemed them illegal. So the point was not, for instance, to avoid the occupational hazard of a worker fainting on the job, or to protect co-workers from infectious diseases.

Instead of voicing their gratitude for the critical and constructive advice from the regulatory authority, as would have been common public relations practice these days, Daimler found the required changes very problematic. They deemed the regulators to be interfering with the medical duties of the company’s physicians. That’s what today you would call being immune to advice.

In any case, due to the clear-cut standards set by data protection rules, Daimler cannot currently continue with blanket blood tests.

Daimler is not alone among German enterprises in demanding such blood tests. According to a survey of the online edition of the daily newspaper “Die Welt”, the following companies or corporations, among others, performed indiscriminate blood tests at the beginning of 2010: BASF, Deutsche Börse (German Stock Exchange), K+S, Linde, Salzgitter Stahl, ThyssenKrupp, as well as some public broadcasters (Landesrundfunkanstalten) of the ARD (their working group).

There probably are many unreported cases at other companies. However, after critical voices have been heard in the public debate, employers are reluctant to discuss this. The same is true for urinalyses, which applicants have to face on a large scale. The practice of asking for urinalyses from trainees has already won the Bayer AG a BigBrotherAward in 2002. The motive was then, and is now, predominantly to detect substance abuse.

Both blood tests and urine tests are severe invasions of applicants' constitutionally protected personality rights. Companies are showing a profound disregard for the basic rights of citizens who are applying for a job, who therefore do not yet have a contractual agreement with the company, and of those already bound by a contract. Otherwise, they would only perform these tests where they are clearly necessary.

A look towards other business areas demonstrates the absurdity of blanket blood tests and urinalyses: Landlords and banks' credit departments have an interest in healthy and drug-free contractual partners, too. And so do car rentals, ski rentals, mail-order businesses, etc. If our employers are entitled to blood testing, why isn’t everyone else? Let us just hope that these lines will not put silly ideas in people's heads ...

The actions of companies such as Daimler have now attracted the legislators’ attention. A bill to regulate employees' privacy protection was drafted on 15 December 2010, it went through the first reading in the Bundestag (lower house of the German federal parliament) on 25 February 2011 and was delegated to the appropriate committee. When comes into force, this law will protect employees from the unlawful collection and use of person-related data.

The bill devotes a distinct paragraph (32a) to “health tests”. But hopes that company physicians will be slapped on their needle-wielding hands to at least prevent blanket blood tests are dashed: medical examinations, including blood tests, are allowed if certain health conditions constitute a “substantial and essential professional requirement before the start of employment”. In other words: if an employer wants to continue demanding blood tests, all they have to do is show plausibly that certain diseases are undesirable in the workplace for objective, factual reasons. The same applies to substance abuse tests.

Maybe Daimler were simply having bad luck. Had this law been in force a year and a half earlier, they could have continued their blanket blood tests without any problems. Time will tell.

Famished vampires should start writing applications to companies such as Daimler: all that blood taken by employers will have to go somewhere, after all.

Congratulations, Daimler AG.

Laudator.in

Prof. Dr. Peter Wedde am Redner.innenpult der BigBrotherAwards 2021.
Prof. Dr. Peter Wedde, Frankfurt University of Applied Science
Jahr
Kategorie
Consumer Protection (2011)

Coupons for books

The BigBrotherAward 2011 in the category “Consumer Protection” goes to the Verlag für Wissen und Innovation (“Publishing House for Knowledge and Innovation”, proprietor: Mr Horst Müller, Starnberg), for skimming pupils’ and parents’ address data in exchange for book coupons. This “publisher” – who has no books of its own to sell in stores, but engages in business relations to a manufacturer of vitamin pills and to financial investment advisers instead – makes schools distribute book coupons to children on its behalf. But to receive these “gifts”, the child's name and the name of at least one parent have to be supplied. The BigBrotherAwards jury finds this practice particularly reprehensible because schools should not be abused as data pools for business interests.
Laudator:
Sönke Hilbrans am Redner.innenpult der BigBrotherAwards 2012.
Sönke Hilbrans, Deutsche Vereinigung für Datenschutz (DVD)
Kärtchen mit der Aufschrift: "Book of treats". Darunter eine Grafil eines Geschenks in gelb auf grünlichem Grund.

The BigBrotherAward 2011 in the category “Consumer Protection” goes to Verlag für Wissen und Innovation, Herrn Horst Müller (Starnberg), (Publishing House for Knowledge and Innovation, proprietor: Mr Horst Müller, Starnberg), for skimming pupils’ and parents’ address data in exchange for book coupons.

Ladies and Gentlemen,

as you all know, personal data of pupils are protected by law in Germany. And with good reason: A school is not a commercial fairground, and parents should be able to entrust their children to the school’s care without losing control over their and their children’s personal data. On the other hand, names and addresses of pupils and their parents are quite attractive to providers of advertising and financial services, for which advertising company wouldn’t like to pick up tomorrow’s customers right at the school gate? Even better when the parents’ data are part of the package … Well, let’s hope many corporations can resist such a temptation.

But not our winner, Starnberg-based publisher Verlag für Wissen und Innovation, which is employing an utterly unpleasant data skimming scheme: they send out coupons to schools for books from publishers renowned for their childrens’ and youth literature, kindly asking for the coupons to be distributed in class. As an added benefit, the school receives a book gift and participates in a prize draw. Cooperating teachers get a free book as well. There is just one tiny catch for the pupils and their parents: to be eligible for a gift, they must hand over the name and address of the pupil and at least of one parent to the generous donor.

There’s nothing secret happening so far, not even the announcement of a telephone call for an interview on “learning – health – future” is hidden in the small print. What parents can’t recognize though: the generous publisher doesn’t produce its own books at all, but something it does do is to cooperate with financial investment advisers as well as with a manufacturer of vitamin pills. Here they are again, the three tribulations of young parents: learning performance, health and (financial) future. As they would put it at Amazon: “Customers who buy school books also buy insurance policies and health care products”.

Legal? Illegal? Either way: whoever attracts parents of pupils with books to get hold of the data of these little future consumers and their parents has earned a BigBrotherAward in the category “Consumer Protection”.

So why do we award a first prize today for a business practice known millionfold on the Internet as a “honeypot”? We decided on a first prize because there is a need for a reminder that in 2005, the Big Brother Award in the “Regional” category was not awarded for fun. Back then, laureates were the primary school Bünde-Ennigloh together with two local banks, the Volksbank (cooperative bank) and Sparkasse (savings bank) in Herford: for the banks soliciting and receiving pupils’ data from the school. And back then, just as today, book gifts to teachers and parents were the bait of choice.

It didn’t come to the jury’s attention at the time that institutions such as the school supervisory authority took up the affair. We don’t enjoy repeating ourselves, and if we do, it is only for the sake of educational impact. So watch out, all you supervisory authorities, headmasters, pupil representations and parents: beware of our 2011 laureate and of all those following suit. And you’d better start watching out tomorrow.

Congratulations to Mr Horst Müller and his Publishing House for Knowledge and Innovation in Starnberg!

Laudator.in

Sönke Hilbrans am Redner.innenpult der BigBrotherAwards 2012.
Sönke Hilbrans, Deutsche Vereinigung für Datenschutz (DVD)
Jahr
Workplace (2009)

Claas GmbH

The BigBrotherAward 2009 in the “Workplace” category goes to all those consumed by the delusion that you will get productive and motivated staff if you subject them to comprehensive monitoring and make their performance measurable by numbers. As a representative and winner on points, farm machines manufacturer Claas Landmaschinen (internationally known as Claas Group) receives the award for the bugged harvesting machines.
Laudator:
Portraitaufnahme von Karin Schuler.
Karin Schuler, Deutsche Vereinigung für Datenschutz (DVD)

The BigBrotherAward 2009 in the “Workplace” category goes to farm machines manufacturer Claas Landmaschinen (internationally known as Claas Group) as a representative for all those consumed by the delusion that you will get productive and motivated staff if you subject them to comprehensive monitoring and make their performance measurable by numbers.

How, do you believe, will staff behave if they are not constantly under strict surveillance? Are they all a bunch of deadbeats, stealing from their employer and boosting their income by selling company secrets? Quite a number of big German companies who made the headlines in the past year for disregard of their employees' personality rights seem to look at people in exactly this distrustful way. The German railway, Deutsche Bahn, tries to pass off dragnet investigation, down to its lowest ranks, as an anti-corruption measure. The German postal services, Deutsche Post, and the surveillance discounter Lidl take their staff’s wellbeing to heart so much that they decide to keep their own medical records on them. And the Deutsche Telekom, as we now know, got its BigBrotherAward perhaps a little prematurely last year – as their mass screening of bank accounts of employees and their relatives hadn't yet come to light at that time.

The conviction that nobody would do any work if they weren't monitored is apparently very widespread. But a study made in 2005 at the University of Bonn proves the exact opposite: Most people work more than they would have to – unless they are monitored at work. Then motivation and achievement go down the drain. Because excessive monitoring will be interpreted as mistrust and soon will demotivate even the most loyal staff member.

And it’s not just the biggies, a lot of smaller companies also appear to be governed by mistrust. The cases that we are aware of only mark the tip of the iceberg. A few examples:

The drugstore chain Müller does not want to be outdone when it comes to caring for the health of its employees. Since the management, for reasons of doctor-patient confidentiality, unfortunately have no access to their employees’ medical records, they just set up their own files. And who will be the best informant? You guessed it: the patient himself, naturally. When the employee returns, having overcome his illness, the personnel office will receive him for a so-called “returnee interview”. For fear of losing their jobs, hardly anybody will refuse to show up for such exploration of personal affairs disguised as well-meaning care.

Public authorities want to see that their employees are healthy as well – and they especially don't want their employees to suffer from psychic ailments. In order to keep their ranks in good health, the district council of Schleswig-Flensburg applied the lever at a point where they can still make an active choice: the applicant process. During their job interviews, rather a kind of medical anamnesis, they demanded wide-ranging information about the applicants’ medical condition, emotional state and psychological well-being. Applicants were also required to sign a blanket waiver of doctor-patient confidentiality. The respective questionnaire, which also contained a section “fear of certain situations or places”, had to be withdrawn after outraged protests by the Data Protection Commissioner of the state of Schleswig-Holstein.

Another public body, the University of Kassel (in Germany, most universities are run by the state and therefore operate under public sector rules), holds a view that apparently becomes more and more acceptable by sheer habit: namely that an employer can make employees’ e-mails accessible by superiors – without informing the persons concerned or even adhering to employee co-determination laws, and arbitrarily, without specific cause. Really abhorrent in this case is the university's legal assessment of its approach: Aspects of data protection law were simply not taken into account.

More thorough, in a sense, was the Cologne-based insurance company HDI Gerling: They not only installed the technical paraphernalia for giving senior staff unlimited access, but also combed through the e-mails of their employees centrally. The purpose was to check whether anybody had had contacts with journalists in order to plug – unsuccessfully, by the way – possible information leaks.

This kind of institutionalised mistrust found in medium-sized companies differs little from that of the big ones – at most, the difference is how absurdly unprofessional the excuses are, as in the case of the bakery Sehne in the Swabian town of Ehningen. One might be tempted to laugh at the allegation that they positively had to install hidden video cameras in the staff locker room because it also served as the accounts office – if it were still possible to laugh about anything of that kind. Could this multiple room usage be just a specific form of the proverbial Swabian thriftiness? And how serious can a company actually take itself if it keeps posing as the loving-and-caring family business but at the same time is consumed by mistrust of its employees and follows them even into the changing room cubicle like a jealous peeping tom?

Now, may I ask you, did you repay the bank loan for your new kitchen? Oh, you think that that has nothing to do with me? Some employers think differently – and would rather not employ you if you are in debt. Because debts make you prone to taking bribes and selling information, to moonlighting and stealing from your employer, or even to asking for a pay rise. At least the tat-vendor KiK Textilien must have thought so when they decided to have all their employees checked for their financial status by the credit agency CreditReform every three months. The ultimate kick for the adventurous worker: no job when in debt, without a job no income, without income no way out of debt.

A country that has such employers also needs an employers' lawyer like Helmut Naujoks. Not every employer manages by himself to put so much pressure on objectionable employees through espionage, eavesdropping, mobbing and slander that they would be unnerved enough to leave the company. This requires a specialist: one who boasts in his seminars that he even made a complete works council of fifteen step down. A wide trail of traumatised employees whose health has been wrecked runs in the wake of this dubious service provider like a treacherous oil slick.

And some trends seem just a little strange. For instance: Have you ever made the journey to buy cigarettes by harvesting machine? You’d better not, for the threshers made by Claas Landmaschinen are equipped with a satellite-based tracking system. Through this, your boss follows you constantly via his Google Earth map on his monitor and registers every time you have a break (woah now, have you been peeing in the wheat?!), every uneven lane you make (still soused from yesterday's party, are you?) or every ineffecient route you take (again confusing the wheat patch with the corn field, right?). Now, one might be willing to assume that there were sensible, harvest-related reasons for such digital dog leashes. But no – somewhat coyly, the manufacturers advertise only one highlighted aspect of these surveillance practices on their website: They want to make you, “the good driver just that little bit better”. Honi soit qui mal y pense.

For this combination of obsession with control, total ignorance of personality rights, and the delusion that one could be most efficient by only employing slaves, the company well deserves the BigBrotherAward – as a representative, however, for all the aspirants that have been mentioned.

Our heartiest congratulations, Mr Claas. Your way here was very straight.

Laudator.in

Portraitaufnahme von Karin Schuler.
Karin Schuler, Deutsche Vereinigung für Datenschutz (DVD)
Jahr
Kategorie
Sport (2009)

World Championships in Athletics

The BigBrotherAward in the “Sports” category goes to the Local Organising Committee of the 2009 World Championships in Athletics, Berlin. It is given for their forcing journalists to agree to a comprehensive check of their personal data by the security authorities. Barely disguised under a cloak named “security”, they have committed a serious offence against a fundamental value of the free state: the freedom of the press.
Laudator:
Portraitaufnahme von Fredrik Roggan.
Dr. Fredrik Roggan, Humanistische Union (HU)

The BigBrotherAward in the “Sport” category goes to the Local Organising Committee of the 2009 World Championships in Athletics in Berlin.

This award is about the protection of press freedom – which is of no less than fundamental importance in a liberal democracy.

Let us recall the German constitution, which says in Article 5, Paragraph 1: “Freedom of the press and freedom of reporting by means of broadcasts and films shall be guaranteed. There shall be no censorship.”

It would be incompatible with this principle of press freedom if journalists were forced to undergo a security vetting process before being allowed to report on events. But that is precisely what our award winner has required from press representatives.

The journalists had to accept that the organising committee wanted to acquire intimate knowledge about those wanting to report on their event: in order to be accredited, journalists had to authorise Berlin police to collect information about them across the German Federal States’ criminal police authorities, and to pass on their personal details to the domestic and foreign intelligence agencies (the Verfassungsschutz and the Bundesnachrichtendienst) as well. If any records were found, the Organising Committee would be informed – not about the contents, but about the fact that a finding had been made.

This simply amounted to treating sports journalists as if they were all potential criminals, or at least enemies of the constitution who were liable to threaten interior and exterior interests of the German state. It seems absurd and evocative of states in which the press must be regarded as “directed” and tame, rather than free.

Such security clearances are anything but new. During the Football World Championships that took place in Germany in 2006, security authorities had been giving information about press representatives to the organisers as well – before their requests for accreditations would be decided upon. And at the NATO summit in Strasbourg this year, journalists had to undergo security screenings, too. Those with records in a database, e.g. at the Federal Criminal Police Office (Bundeskriminalamt, BKA), could expect to be barred from reporting from the media centre. This fate befell a photo reporter for the German daily “Neues Deutschland”, who was labelled a “leftist offender” by the BKA – without having ever been finally convicted.

We therefore recognise that our winner is not alone at all with its desire to stop any critical reporting in its tracks. But considering that this summer’s events were sports championships, this desire for control seems particularly irrational. There have neither been revolutionary developments emanating from such events in the past, nor have press representatives earned a reputation of committing assaults on athletes, functionaries or anyone else involved.

But the signal sent to the journalists is loud and clear: we, the organisers, will know who wants to report about us. And in cases of doubt, it is our decision who is allowed to do their job and who isn’t. And that is exactly where the principle of press freedom is violated, because it protects not just the production and distribution of news and comment, but its acquisition as well – “without hindrance from generally accessible sources”, as the constitution expressly says.

The attitude shown here and the impression it creates are a blatant contradiction of the fundamental value of press freedom. This cloak named “security” is barely convincing, and through it, the rights of journalists are ever more restricted. Journalists should only need to show their press card in order to report on public events. It is high time to reiterate this rule in strongest terms and demand that it is recognised.

Congratulations for a severe violation of a basic value of a liberal democratic state: to the Berlin Organising Committee of the World Championships in Athletics 2009.

Laudator.in

Portraitaufnahme von Fredrik Roggan.
Dr. Fredrik Roggan, Humanistische Union (HU)
Jahr
Kategorie
Business (2009)

Surveillance Technology

The BigBrotherAward 2009 in the “Business” category is given to a handful of German companies that sell Internet and phone surveillance technology and earn good money that way, while preferring to stay unnoticed themselves.
Laudator:
Frank Rosengart am Redner.innenpult der BigBrotherAwards 2021.
Frank Rosengart, Chaos Computer Club (CCC)

In the last few years, the German Government’s newly introduced or tightened security laws have tremendously expanded options as well as obligations for surveillance to be carried out by telecommunications operators and Internet service providers. One only has to think of data retention of telephone connections or online searches of private computers. Consequentially, a lucrative market for technical solutions has emerged that seeks to assist the authorities in their surveillance efforts.

This year’s BigBrotherAward in the Business category is not given to one single winner. It goes collectively to the most avid solution providers in the area of surveillance, and we would like to introduce some of them here.

The company Quante Netzwerke GmbH, for example, offers Internet providers support with the technical implementation and legal assessment of public surveillance regulations. Their product “Lawful Interception Center” is the private sector’s equivalent of the “Federal Wiretapping Centre”, or as some people call it, “Schäubles’ Service Centre for Communications Surveillance” (Wolfgang Schäuble was Germany’s Interior Minister in 2005–2009). The “Lawful Interception Center” works as follows: The authorities send their surveillance orders to Quante, who then carry out the wiretapping using a direct link to the provider’s network. This requires the “outsourcing” provider to establish privileged access to their systems for Quante, so that they can divert the monitored connection to the eavesdropping authority. As alarming as this “outsourcing” appears to be, it is understandable from the providers' point of view. They would otherwise have to upgrade their technical equipment and employ more qualified personnel with every new surveillance law that is being put in place.

The “Data Retention Suite” is a product of Utimaco Software, a company situated in Oberursel that specialises in implementing data retention. The vast amounts of data thus accumulated every day are stored in so-called “Data Warehouses”, and requests for these data are served within seconds. As in the case of Quante, this product is designed as a “pool solution” that allows the system to be used by different clients simultaneously. However, collecting the data in this centralised way is problematic. Requests by the authorities could be served automatically through standardised interfaces, which might make it impossible for the client to have a legally trained person conduct a formal assessment as to the admissibility of the request – which clients are interested in as they could be penalised for sharing communications data without legal justification. The automatised query is stipulated by law and defined by a “Technical Directive for Telecommunications Surveillance (Technische Richtlinie Telekommunikationsüberwachung)“.

Internet eavesdropping is the speciality of Datakom in Ismaning. They are, in their own words, a “market leader in crime-combating technologies for network operators and investigation authorities”. Its subsidiary company for snooping technologies is aptly called “GTEN” – an allusion to Article 10 of the German Constitution (Grundgesetz), which is about restrictions of the privacy of correspondence, posts and telecommunications.

The company Sybor has been in business for 18 years and has now been taken over by Verint/Comverse, an American-Israeli company. Syborg primarily supplies audio recording systems to be used by the authorities for “acquiring and rerouting data”.

The Hessian company Digi-Task could be described as the “top dog” of the German eavesdropping business. Just last year they made headlines when the Bavarian State Criminal Office were looking to commission a spyware, in short, a “Trojan”. The software was going to be available for 3.500 Euros per month. According to the offer, the spyware would enable eavesdropping on encrypted Skype telephone calls. Using figures from published tender documents, it can be found that Digi-Task received more than five million Euros from German authorities for such surveillance equipment and systems. In cooperation with the company Reuter electronic, Digi-Task develops specialised bugging devices for police forces and secret services.

There is a product that no German telecommunications provider can do without: Every surveillance device has to be equipped with a “SINA Box”, which is supplied by the company secunet. The “SINA Box” encrypts the transmission of the tapped communication on its way to the authorities. There are no competitors: only this one product currently has the appropriate certification.

The “Service Control Engine” by Cisco is not a German product, but it is used by Internet providers in IP networks around the globe. It enables “Deep Packet Inspection”, i.e. detailed analysis of data packages including full-text searches for terms or for specific data at a speed of up to 10 gigabytes per second – thus removing any doubt that all-encompassing monitoring of the Internet is easily possible, even as data volumes are growing.

Nokia Siemens Networks, in short NSN, used to be active and successful internationally with surveillance technology. Last year they delivered equipment for recording mobile phone conversations to Iran, for which the company was publicly criticised. In March 2009, NSN sold its surveillance section to a holding company in Munich (Germany), which now runs the business under the name Trovicor. The truly dodgy deals with surveillance technology are probably conducted via this company by now.

We are going to end our list at this point and allow for a concluding remark: Surely there are lot of instances where communications surveillance can be used to solve crime. But the large increase in surveillance measures indicates a dangerous trend. Ultimately, the reason why it is so easy for ministers and authorities to turn surveillance fantasies into reality is that for every new surveillance idea, however absurd it may be, there is a supplier ready with a technical solution. Conscience only comes after profit.

Some of these companies earn good money exporting spying technology to countries with poor democratic records. Through places such as Dubai, the technology can be delivered anywhere in the world. German export control authorities are unable or unwilling to take a closer look.

Our opinion is this: Dear laureates, even if you have not been named here, it is with the “help” of your products that our basic rights are being undermined and gradually unhinged. Technologies that allow for the surveillance of whole societies create a climate of distrust and fear. We would like to remind you of this by giving you this BigBrotherAward in the Business category.

Laudator.in

Frank Rosengart am Redner.innenpult der BigBrotherAwards 2021.
Frank Rosengart, Chaos Computer Club (CCC)
Jahr
Kategorie
Politics (2008)

BMWi

The BigBrotherAward 2008 in the category “Politics” goes to the Ministry of Economy and Technology, represented by Minister Michael Glos, for passing the law about the ELENA procedure und the associated forced introduction of the electronic signature.
Laudator:
Frank Rosengart am Redner.innenpult der BigBrotherAwards 2021.
Frank Rosengart, Chaos Computer Club (CCC)

The BigBrotherAward 2008 in the category “Politics” goes to the Ministry of Economy and Technology, represented by Minister Michael Glos, for passing the law about the ELENA procedure und the associated forced introduction of the electronic signature.

A central file for storing all data about the income of every employee in Germany – unthinkable? So one would like to think, but the new registration procedure for the “electronic income statement” (elektronischer Entgeltnachweis, ELENA) makes it a reality.

This June the federal government decided to introduce an electronic registration procedure, requiring all employers to transfer all their employees’ salary data to a central location. The registration procedure is called “electronic income statement.” This is accompanied by the introduction of an admission card for state benefits, which had been planned since 2002 by the then Social-Democratic/Green government under the name “Jobcard”.

The goal of the project is to reduce bureaucracy and costs. It is to be achieved by requiring employers to transfer all their employees’ salary data to a central storage location, where it can be accessed by the relevant government agency when an employee applies for certain social benefits. This eliminates the previous need for paper salary slips and their manual processing by the agencies.

Seen from a privacy perspective, this procedure has the advantage that the employer does not necessarily know about his employees applying for social benefits, since the employer no longer needs to write out salary statements specifically for this purpose. On the other hand this will create an extensive central database, of which only a small fraction will eventually be used for the intended purpose. This is large-scale data retention. The records will include name, address and date of birth; the salary, the amount of social contributions and of income tax and church tax; and additionally the social security number (Rentenversicherungsnummer), duration of employment, the employer’s address and standard company number. Even though many employees will never receive social benefits or register as unemployed, all employees’ data is retained for at least one year. This will create a data pool which is not only interesting to the social agencies, but will also  create a desire for access e.g. in the tax authorities. The case of the German highway toll data has shown how quickly such an appetite may arise once the data is available.

What kind of protection is there against unauthorised access?

The legal provisions for such protections are weak: a passage allowing for the possibility of further use of the data by regulation (Rechtsvorschrift) is cause to worry that other agencies may gain access to the data “by acclamation” of the ministry in charge, without the complications of the legislative process.

There is a complex technical procedure for gaining access to the data, requiring the electronic signatures of both the applying citizen and the agency official. The electronic signing is accomplished via a chip card and associated PIN. This chip card has been called the “Jobcard”. The applicant uses the Jobcard to unlock the salary data in the central database for use by the inquiring agency. The catch is that there will be a backdoor for accessing the data without the citizen’s signature. Although this backdoor is only supposed to be used when a citizen has lost his Jobcard, no-one can assure that this will always be guaranteed. From a data protection point of view this is a severe weakness.

There is another cause for concern: the procedure assumes that all recipients of social benefits have a chip card with signature functionality. Beginning in 2012, there will be no more paper forms for applying for benefits such as unemployment compensation (Arbeitslosengeld I), child-raising support, and housing subsidies. Making this kind of chip card de-facto compulsory will probably be the crucial step towards the large-scale introduction of a digital signature in Germany. The card will also allow signing other electronic documents or conduct legally binding business electronically. This makes the “Jobcard” a mosaic piece in a potential strategy of the government for advancing the use of the electronic signature when dealing with government agencies and doing private business. But has this really been thought through?

Undoubtedly the electronic signature has its advantages for business. Its digital nature, however, is also its dark side: every single signature contains a globally unique certificate identification number. Little effort is required to use this number for an automated retrieval of all documents and contracts signed by an individual person. It is technically feasible to match this certificate number across various agencies and companies. It thus becomes imaginable that “with the increasing spread of signature procedures, these numbers will be used as sorting criteria in many areas of everyday life

In plain language: the nationwide introduction of the electronic signature opens up the possibility that the state will use this technological backdoor to obtain a comprehensive overview of all documents ever signed by a person with his signature card.

This is not as far-fetched as it may sound. By using the federal government’s standardised programming interface, the so-called eCard API, agencies will be able to read the electronic signature not only from the Jobcard, but also from the electronic ID card. According to the federal government, the ID card is set to become a universal access card for all public services. This will make correlation of data easier still.

Mr. Glos, the ELENA procedure is probably well-intentioned, but do you really want to create such a data collection, literally pre-programming abuse?

For introducing yet another central collection of highly sensitive information, and for the compulsory use of a signature chip card for applying for social benefits, your ministry today receives the BigBrotherAward.

Congratulations, Minister Glos!

Laudator.in

Frank Rosengart am Redner.innenpult der BigBrotherAwards 2021.
Frank Rosengart, Chaos Computer Club (CCC)
Jahr
Kategorie

Health & Social Services: DAK

The BigBrotherAward 2008 in the “Health and Social Services” category goes to Deutsche Angestellten-Krankenkasse (“German Employees’ Health Insurance”, DAK, a statutory health insurer), represented by their CEO, Prof. Dr. h.c. Herbert Rebscher, for the unauthorised sharing of 200.000 chronically ill patients’ data with a private company, without giving information to the insurance customers or asking for their consent.

Laudator: Werner Hülsmann

The BigBrotherAward 2008 in the “Health and Social Services” category goes to

Deutsche Angestellten-Krankenkasse

(“German Employees’ Health Insurance”, DAK, a statutory health insurer),

represented by their CEO, Prof. Dr. h.c. Herbert Rebscher

for the unauthorised sharing of 200.000 chronically ill patients’ data with a private company, without giving information to the insurance customers or asking for their consent.

Imagine this: you’re having a quiet evening in front of the TV. The phone rings, you answer it. A friendly voice tells you that you have been selected for a special offer. So far, the story seems just like one of so many cold calls for a lottery or a newspaper. So what’s this all to do with that German health insurance company? Quite a lot, actually, because this particular call is not about a lottery, but for a health support programme by DAK. Tens of thousands of chronically ill people who are insured with DAK have received these calls since January this year, and the callers have been from a company called Healthways International GmbH (Ltd).

It’s not just the name that sounds American, the company is actually a subsidiary of Healthways Incorporated, seated in Nashville, Tennessee. A public company founded in 1981, they call themselves “the largest and most experienced provider of Health and Care Support services in the United States”, with 15 so-called “Care Enhancement” centres. Since 3 Dec 2007, their German subsidiary is operating such a centre in Henningsdorf, Brandenburg (near Berlin), modelled after its American counterparts. As Healthways announced at the last “German hospital meeting” (Deutscher Krankenhaustag, an annual event), the goal of their “systematic telephone contacts” is to “support sustained changes in behaviour” in patients. This is intended to lead to significant cost reductions for health insurers. Of course Healthways are in it for the money, too. In 2007, the US company achieved a turnover of 600 million dollars.

So Healthways in Germany are now promoting a health programme for DAK. Again, this is not without self-interest, as the contract with DAK contains “performance-related” factors, according to DAK press spokesperson Jörg Bodanowitz. The programme is targeted at chronically ill patients. The stated aims of the project are to increase quality of life for the insurance members and reduce costs for the insurer. The medium is health advice over the phone. It sounds good at first, but there is more than one catch.

Healthways are not just calling insurance members who have previously agreed to participate in the programme, they are calling selected members to canvass for their participation. This requires information about the insurance members. Indeed, 200.000 records of DAK members, complete with names, addresses, diagnoses and hospital and medication data have been shared, without the patients having any chance to know about this, let alone prevent the transfer.

These items of data are under specific protection (“secrecy of social data”) according to the German Social Code (Sozialgesetzbuch I, § 35). Volumes V and X of the Social Code regulate exactly how health insurers are to treat such sensitive data in special health advice programmes. Health insurers may acquire and store these data themselves to promote these programmes to their members. But in order to share the data with third parties — Healthways, in this instance —, members must be informed. The bottom-line is: Before transmitting DAK data for the purpose of promoting their advisory service, DAK had to obtain the affected members’ consent. This was not done; the above-mentioned calls were actually an attempt to get members to participate in these health advice programmes.

If that were not enough, a second omission suggests that DAK are not taking their information duties towards their members very seriously. If members are persuaded by the Healthways campaign and agree to participate in the advisory programme, the paperwork they then receive still does not indicate that a commercial company is carrying out the consultation. As affected insurance members have told us, there is no mention of Healthways or of personal data being shared.

How DAK are dealing with these issues is interesting: During a June 2008 “action day” of “Hausärzte Plus”, a family doctors’ association, Gerhard Eiselen of Healthways Ltd confirmed that they had received data from DAK, an incident that Germany’s Data Protection Commissioner, Peter Schaar, called questionable with regard to data protection laws. He also communicated his concerns to DAK on 10 June.

But DAK insists, according to their head of IT services, Dieter Schütt, that what they did was not an illegal transfer of personal data. Healthways, he said, had received the data for a commission of “data processing by proxy”, making Healthways what is called an “equal party” in data protection law. An act of verbal hair-splitting, because the conversations in which Healthways promotes their advisory programme to would-be participants are surely more than just data processing, often actually involving some initial medical consultation.

For that reason, the Federal Data Protection Commissioner Peter Schaar is not going to buy these excuses. He sees the calls as “influencing the insurance members’ behaviour” and not an act of automatic data processing on DAK’s behalf. But that does not bother DAK one little bit. They don’t believe it is the Data Protection Commissioner’s job to pass judgment on their actions with respect to data protection law. This statement by Dieter Schütt is not just brazen, it is simply wrong. While it is true that general supervision of health insurers is the task of a different authority (the German Federal (Social) Insurance Office, Bundesversicherungsamt, BVA), data protection issues still are in the remit of the supervisory authorities for data protection as well.

In any case, there is no way of changing the facts: DAK’s unauthorised sharing of 200.000 insurance members’ records with Healthways is a violation of the secrecy of social data. And the fact that they have tasked a commercial third party with the operation of an advisory programme, and the affected insurance members are not informed about this, even is a grave violation of the secrecy of social data!

Congratulations, Professor Rebscher.

 

Consumers (2008)

ADM

The BigBrotherAward 2008 in the “Consumers” category goes to the Work Group of German Market and Social Research Institutes (Arbeitskreis Deutscher Markt- und Sozialforschungsinstitute e.V., ADM), represented by its chairman Mr Hartmut Scheffler, further representing the Work Group of the Association of Social Science Institutes (Arbeitsgemeinschaft Sozialwissenschaftliche Institute e.V.), the Professional Association of German Market and Social Researchers (Berufsverband Deutscher Markt- und Sozialforscher e.V.) and the German Association for Online Research (Deutsche Gesellschaft für Online-Forschung e.V.) — for their recommendation in a guideline to have consumer interviews by telephone monitored secretly, and to continue propagating this illegal guideline even after protests from the data protection authorities.
Laudator:
Portraitaufnahme von Karin Schuler.
Karin Schuler, Deutsche Vereinigung für Datenschutz (DVD)

The BigBrotherAward 2008 in the “Consumers” category goes to the Work Group of German Market and Social Research Institutes (Arbeitskreis Deutscher Markt- und Sozialforschungsinstitute e.V., ADM), represented by its chairman Mr Hartmut Scheffler, further repesenting the Work Group of the Association of Social Science Institutes (Arbeitsgemeinschaft Sozialwissenschaftliche Institute e.V.), the Professional Association of German Market and Social Researchers (Berufsverband Deutscher Markt- und Sozialforscher e.V.), and the German Association for Online Research (Deutsche Gesellschaft für Online-Forschung e.V.) for their recommendation in a guideline to have consumer interviews by telephone monitored secretly, and to continue propagating this illegal guideline even after protests from the data protection authorities.

You may remember your maths lessons in school. In my times, when I was supposed to solve a problem and couldn’t, my teacher used to say: “Why don’t you write down what should come out in the end — and then look if you can work your way backwards.” Sometimes this method did actually come up with logical loopholes to prove an equation.

In a bizarre way I felt reminded of this when I got hold of the above-mentioned recommendations for telephone interviews that the ADM gives to their members: Their “guideline for telephone surveys” (Richtlinie für telefonische Befragungen).

The Work Group of German Market and Social Research Institutes (the ADM) is the professional association of the biggest and most influential German market and social research institutes. The declared objectives of the ADM include: to protect the anonymity of the people interviewed, to set standards in cooperation with purchasers of market research, and to contribute to the development of data protection norms in market and social research.

The said ADM guideline for telephone surveys describes some correct procedures for such interviews. The guideline explains, for instance, measures to maintain the privacy of the people molested via the phone — such as choosing appropriate times, or immediately ending a call in case the person called refuses to be interviewed.

But this guideline also addresses quality management, and some of the suggestions are somewhat idiosyncratic: To enable monitoring of such calls by a superior is typical for call-centres; but the ADM’s recommendation that monitoring by the external commissioner of a survey should be allowed does seem perplexing. That this should be possible without letting interviewer nor interviewee know — leaves one utterly speechless!

The ADM reasons thus: The aim of the interview can only be achieved if the interviewer behaves “normally”. Therefore it is permissible not to inform him about occasional eavesdropping, particularly as he has been informed about this practice when signing his work contract. The concerns of the person interviewed are also unharmed: After all, he consents to taking part in a survey that will be scientifically evaluated, so he can’t expect a confidential conversation anyway.

One may assume that ADM, who according to their own assertions even want to play an active role in making new laws, should at least know the existing ones. Therefore they should be familiar with data protection, criminal and labour regulations, which allow listening in on telephone conversations only, but only, if both partners in the conversation know about this and have given their consent. Should ADM have any doubts about the interpretation of such laws, they might turn to the Berlin Commissioner for Data Protection and Freedom of Information (Beauftragter fuer Datenschutz und Informationsfreiheit) whose very clear words in a press statement should have removed any uncertainties. As he explained, all institutions within his area of responsibility that secretly monitor telephone conversations will have to face monetary fines and penalty payments. Ever since this press release, the ADM actually could not have ignored the state of the laws any longer and would have had to amend their guideline accordingly.

But obviously the ADM is not one to be stopped by such trifles. If need be, one can always redefine one’s statements until one’s actions seem acceptable. This approach, though, has nothing to do with the above-mentioned constructive principle of backwards logic — it is a case of downright spin doctoring.

What kind of contribution to the development of legal norms on data protection can be expected from an institution that consciously misinterprets existing laws? After all, an overall statement in a labour contract does not effectively constitute the interviewer’s consent to be eavesdropped upon, nor does the consent of the interviewee to being interviewed constitute waiving the right to confidentiality of the spoken word. Or else one might assume, using ADM’s line of argument, that broadcasting an interview live on the radio were permissible, as long as no immediately identifiable attributes, such as name or address, were mentioned. Such an interpretation is of course untenable — and as it certainly goes against the expectations of the people concerned, it is highly unfair as well. No interviewer can be sure when and for how long he will be monitored; nor does the interviewee — who has been assured of anonymity — reckon with further listeners. Both partners in such a conversation lose control and oversight of who will become aware of their utterances in the end.

Let me remind you of last year’s winner of the BigBrotherAward in the “Workplace” category. Novartis had commissioned interviews of their employees by an institute for market and social research. The employees had been tricked into giving statements they were later sorry to have made: that is, when the allegedly anonymous statements turned up — complete with names and all — in the human resources department.

Although ADM may not believe this: even in market and social research, the existing legal prescriptions about the protection of personal rights do apply. The recommendations for clandestine monitoring must therefore be withdrawn immediately and the member institutes have to be made aware of the illegality of the guideline. Violations need to be severely sanctioned, as Berlin has already made clear, by the data protection authorities.

For the imaginative but, in terms of data protection, hostile use of a principle of mathematical proof — heartfelt congratulations to the BigBrotherAward, Herr Scheffler.

Laudator.in

Portraitaufnahme von Karin Schuler.
Karin Schuler, Deutsche Vereinigung für Datenschutz (DVD)
Jahr
Europe/EU (2008)

EU Ministers Council

The BigBrotherAward 2008 in the “Europe/EU” category goes to The Council of the European Union (EU Ministers Council) in Brussels, represented by the Council’s President, Bernard Kouchner / Secretary General, Javier Solana. The EU Ministers Council receives the BigBrotherAward for the EU terror list.
Laudator:
Portraitaufnahme von Rolf Gössner.
Dr. Rolf Gössner, Internationale Liga für Menschenrechte (ILFM)

The BigBrotherAward 2008 in the “Europe/EU” category goes to the Council of the European Union (EU Ministers Council) in Brussels, represented by the Council’s President, Bernard Kouchner / Secretary General, Javier Solana.

The EU Ministers Council receives the Big Brother Award for the EU terror list, which is in their jurisdiction. In this list, numerous organisations and individual persons have been labelled as “terrorists” and placed under strict sanctions, leading to severe violations of human rights. There has been neither a democratic mandate for establishing this data collection, nor is it administrated with any democratic control. For a long time, the people affected have not even been given a legal hearing, let alone legal protection against this stigmatisation by the authorities.

Reacting to the 9/11 terrorist attacks, the EU passed a directive prohibiting all its member states, its public and private institutions and all EU citizens to give money or any other financial support to terrorist suspects and their organisations, or to engage in business with them. Since then, the EU Ministers Council keeps and continually updates a “blacklist” of suspected terrorists or alleged supporters.

The EU terror list is maintained by a secret committee at the EU Ministers Council. Decisions are made by consensus, while the evidence for a listing is mostly based on dubious intelligence provided by individual member states’ secret services. In any case, there is no independent assessment of cases on a basis of established facts — which is why the special investigator appointed by the Council of Europe, Dick Marty, has expressed with repulsion that he had “never experienced something as unjust as the compilation of these lists”, and called the procedure “a perversion”.

Marty has called the sanctions caused by a listing a “civil death penalty”, and in a 2007 report he explained in graphic terms what it means if somebody is placed on the EU’s (or the UN’s) terror list. These people are not notified, but as soon as they try to cross a border or access their bank account, they feel the consequences. There is no indictment, no official warning, no legal hearing, no time limit and no legal remedy against this measure. People who find themselves on the list are left with almost no chance of a normal life. They become almost outlawed, are politically outcast, economically ruined and socially isolated. Their complete assets are frozen, all accounts and credit cards suspended, cash seized, work and business contracts practically annulled. Neither wages nor social benefits are allowed to be paid, passports are cancelled, cross-border travel is refused, and state surveillance and investigation measures are put into practice.

All EU member states, all banks, business partners and employers, in effect every EU citizen is legally obliged to implement these drastic measures — otherwise they would be liable to prosecution themselves. To avoid that, many authorities and businesses use expensive special software to compare their records of customers, suppliers, and staff with the current terror lists.

EU special investigator Dick Marty finds the listing procedure very fallible. Out of mere suspicion or even mistaken identities, completely innocent people could end up on the lists, and then have to prove their innocence under the most adverse circumstances.

By using these terror lists in its “fight against terror”, the EU employs what could itself be called an instrument of terror out of the arsenal of so-called “enemy justice” — a special justice against alleged “enemies of the state” that violates human rights, deprives its victims of their legal position and isolates them in society. The draconian penalties are executed as a measure of prevention and outside the legal process, without law or verdict. A serial killer, says Dick Marty, has more rights than a person named on a terror list. The Parliamentary Assembly of the Council of Europe and the Advocate General at the European Court of Justice have now realised this, too.

Although listed persons are systematically deprived of their rights, some have now taken legal action at the European Court of Justice in Luxembourg. And there are cases where the court has ruled in favour of people or organisations, declaring their inclusion in the terror list and the freezing of their assets null and void. Their rights to a legal hearing and an effective defence have been severely violated, so the judges have found.

These people have now had their legal hearing, but this is being treated as an empty formality, since they have not had any actual remedy. They have not been taken off the terror list, nor have their assets been unfrozen or the sanctions withdrawn. In other words: the secret committees of the EU Ministers Council are continuing with their listing procedure, which remains undemocratic, they are not showing the slightest awareness of wrongdoing, and stubbornly insisting on their original assessment. The outcasts remain outcast — with all ensuing losses of liberty, in violation of the presumption of innocence and the European Convention of Human Rights. And without any expectation of redress.

Congratulations, EU Ministers Council, for this anti-terrorist masterpiece.

Laudator.in

Portraitaufnahme von Rolf Gössner.
Dr. Rolf Gössner, Internationale Liga für Menschenrechte (ILFM)
Jahr
Kategorie

About BigBrotherAwards

In a compelling, entertaining and accessible format, we present these negative awards to companies, organisations, and politicians. The BigBrotherAwards highlight privacy and data protection offenders in business and politics, or as the French paper Le Monde once put it, they are the “Oscars for data leeches”.

Organised by (among others):

BigBrother Awards International (Logo)

BigBrotherAwards International

The BigBrotherAwards are an international project: Questionable practices have been decorated with these awards in 19 countries so far.