Protecting Victims Without Mass Surveillance
A Response to Joachim Herrmann
Mass data retention is on the rise: on the initiative of Hesse (governed by conservatives and social-democrats), the Bundesrat has called on the Bundestag to introduce a one-month retention period for IP addresses, North Rhine-Westphalia, Schleswig-Holstein and Baden-Württemberg (the coalitions of conservatives and greens in Germany) support a similar initiative, and here on the Verfassungsblog, the (conservative) Bavarian Minister of the Interior, Joachim Herrmann, is also calling for “More protection for victims through data retention”. In the current heyday of security packages in Germany, we are now also seeing a “super grand coalition” in favor of mandatory IP address retention.
Herrmann argues, on behalf of this “coalition of the willing” to store data, that the changes in Germany’s and Europe’s security is forcing constitutional courts to reconsider the proportionality standards of past decisions and, in particular, to allow the introduction of mass data retention. He paints a dystopian picture of the situation in Germany, a state of hate and violence. What he and his political comrades-in-arms overlook: The investigative capacities of law enforcement authorities have never been better, and the digital data pools that can be analyzed have never been larger.
The never-ending story of mass data retention
Mass data retention to combat Internet-related crimes is an evergreen in European security policy. The German Federal Constitutional Court and the European Court of Justice (ECJ) have by now issued (at least) eight different rulings on the permissibility and structure of a preventive obligation to store metadata (such as telephone numbers and times of telephone calls, the connection owner behind an IP address and location data of cell phones, see Art. 5 of the Data Retention Directive of 2006). Herrmann’s accusation that “data retention” is a “misleading term” of a certain “political camp” is not very convincing. As the European Directive repealed by the ECJ in 2014 was entitled “Directive […] on the retention of data […]”, the accusation can basically only be directed self-critically at the (conservative) majority in the Council and Parliament at the time, which adopted the directive with this name.
Data retention has been the subject of intense political and legal debate for almost two decades now. It was introduced in Germany in 2007, immediately restricted by a temporary injunction from the Feeral Constitutional Court, declared unconstitutional in 2010, passed again – in a modified form – by the Bundestag in 2015, declared unlawful under EU law and therefore inapplicable by the OVG Münster in 2017, an assessment that was finally confirmed by the ECJ in 2022. The coalition agreement of the (freshly divorced) “traffic light coalition” provided for regulations on data retention to be designed in such a way that they “can be stored in a legally secure manner on a case-by-case basis and by court order”. While former (liberal) Minister of Justice Buschmann sees this agreement as a mandate to implement the Quick Freeze concept (in which metadata is only “frozen” on an ad hoc basis following a criminal offense), the social-democratic Minister of the Interior Faeser – in contradiction to the coalition agreement, but in agreement with the opposition and the Bundesrat – is calling for the introduction of general IP data retention. It shows that the almost 20-year history of data retention in Germany is quite confusing and has been characterized by many agreements, terminations of agreements, judgments and civil society protests.
The problem of anonymity on the Internet
Data retention is more controversial than almost any other measure in German domestic policy. The current demands are limited to the introduction of IP data retention. Unlike, for example, the storage of location data, times and participants in telephone calls, this is not about the possibility of retrospectively investigating the life of a known suspect, but about identifying an unknown suspect. Thus, it is primarily a tool for de-anonymization, not for comprehensive profiling. Accordingly, the Federal Constitutional Court already emphasized in its 2010 decision (paras. 254-263) and the ECJ since 2020 (paras. 152-159) that the requirements for IP data retention are lower than for the retention of other metadata.
However, it remains the case, as critics repeatedly emphasize in various places, that the retention of data without reasonable cause puts citizens under general suspicion. From this point of view, anonymity is seen as a danger whose primary function is to provide a cover for crimes. As a result, citizens are generally seen as possible perpetrators who must accept interferences with their fundamental rights in order to be identifiable at the time when the suspicion is realized and a crime is committed. The possibility of identification is not a by-product of other data processing – such as the storage of IP addresses for commercial purposes or maintenance purposes – but the sole purpose of the state’s command to store data. This ignores that anonymity – both in virtual as in physical spaces – is a prerequisite for freedom. The mere existence of surveillance increases the pressure to conform and leads to chilling effects for the exercise of freedoms protected by fundamental rights, including stating (supposedly) controversial opinions.
The dependency on context of fundamental rights judgments
Herrmann is right to emphasize that the legal assessment of interferences with fundamental rights depends on the context. For example, new technological developments for alternative investigative procedures could lead to less intrusive, equally effective means to foster a legitimate goal, so that previously permissible interferences with fundamental rights are no longer necessary. In its 2010 decision on data retention, the Federal Constitutional Court also made it clear that the proportionality of an individual surveillance measure must always be assessed in the context of the overall state of state surveillance (“general surveillance account”):
“[…] the retention of telecommunications traffic data must not be understood as paving the way for legislation aiming to enable, to the greatest extent possible, the precautionary retention of all data that could potentially be useful for law enforcement or public security purposes. Regardless of how the provisions governing data use were designed, any such legislation would be incompatible with the Constitution from the outset. The retention of telecommunications traffic data without specific grounds will only satisfy constitutional standards if it remains an exception to the rule. It must not be possible to reconstruct practically all activities of citizens even in combination with other existing datasets.”
In order to effectively protect fundamental rights against the possibility to “reconstruct practically all activities of citizens” in today’s “Surveillance Capitalism” (Zuboff), a comprehensive analysis of all data collections available to law enforcement authorities is required. They often complain that the increasing use of encryption technologies makes it more difficult to monitor communication (often referred to as “going dark”). However, in the history of mankind, individuals have never produced as much personal data as they do today. That these data collections, which are held by private companies, are being used for other than their original purposes by law enforcement can be observed intensively in the USA. There, for example, law enforcement authorities have obtained information from Google about which users have used certain search terms or been to certain locations. A striking example of this misappropriation of even the most sensitive data is the well-founded fear that the data stored by female health apps will be accessed in the future to prosecute illegal abortions.
These are all contexts and social conditions that Herrmann seems to overlook. Instead, he emphatically emphasizes that “domestic security is endangered to a degree that would have been unimaginable only a few years ago” and classifies the notion that “surveillance inevitably restricts freedom” as something “inherited from the 1970s”. At this point, it should therefore be noted that life in Germany as a whole – despite some problematic developments in recent years – is safer than ever before. In a long-term view, there are fewer homicides, less violence, more rights for women and minorities and less terrorism than in the past. Therefore, labelling the idea of a society free from surveillance being considered “outdated” by Herrmann is at least not founded in any real-life decrease in security in recent decades in Germany.
IP mass data retention as a panacea
In line with this, Herrmann sketches the image of an internet in which “innumerable dangers” lurk, in which “serious crimes are being committed relentlessly” and “[u]nbridled hate and agitation are proliferating”. This is as (un)true for the internet as it is for physical spaces: where people come together, there is an exchange of knowledge and experience, creativity and inspiration, friendship and solidarity. However, as in any social context, norm violations, including the most serious crimes, are also committed (for the complex state of research on the effects of social platforms on democracy, see here). These must be prevented to a sufficient degree – also due to the state’s duty to protect its citizens – and otherwise be sanctioned. However, Herrmann’s panorama of cybercrime, from the exchange of child sexual abuse material (CSAM) to ransomware attacks, gives the impression that IP data retention is the only thing standing between this state of rampant violence and lawlessness caused by anonymity on the one hand and a good life in absolute security on the other.
This clearly exceeds the reasonably expectations for IP data retention. Firstly, it is already the case that, in practice, all German telecommunications providers voluntarily store IP addresses