I skimmed through that law draft. Translation: They want you to face jail, if you provide an "internet based service", which "accessibility is restricted due to specific, technical precautionary measures", and which "purpose is to allow or encourage specific illegal actions".
They refer in particular to the Tor network and its abuse by serious crime, but how I read this law, you could apply it for all kind of things. For instance if somebody runs an encrypted IRC channel or email service. This is yet another attack on freedom in Germany thanks to the Christian Democratic Union.
There is a huge discrepancy between the described motivation and the actual proposed section 126a. The proposal from January that I have here[1] only applies to a couple of explicitly enumerated potential crimes like propagation of child pornography and money forgery. Plus, the prosecution would need to prove that you created the service with the purpose of furthering these crimes. Also, the service must have some kind of access control. I do not see how a Tor exit node would fall under these criteria. A site hiding behind an onion URL would be a completely different matter.
Thanks for pointing this out! Wow... this is something else.
I'm confused by the fact that the document you linked to is labeled "recommendation". The recommended changes are indeed much, much broader than the original draft and have me worried. However, I must admit that I do not know if these recommendations are changes that will be applied unconditionally or not. I am not familiar enough with the procedures within the Bundesrat.
On the other hand, the amended draft adds a fourth paragraph that explicitly excludes cases where commiting crimes is of only secondary importance (I guess the Zwiebelfreunde lobbied for this addition to protect TOR) and also actions of authorized personnel (to keep police honeypots legal, I presume). So the law is broader in some ways, but more specific in others.
But was still restricted to only "Betreiben von
internetbasierten Handelsplattformen für illegale Waren und
Dienstleistungen".
=> Operating
Internet-based trading platforms for illegal goods and services.
i.e. a illegal darknet platform, not a tor exit node itself, if it's not created to help for illegal purposes.
They mention the darknet and tor, but this doesn't made it the sole target of this law.
Otherwise they would outlaw bitcoin scramblers also, which is mostly used for illegal, not privacy purposes.
What is bonkers is now the recommendation of the lead legal council and some committee on internal affairs to broaden the wording to "facilitating access" which could be interpretated as anything, and thus will not pass any critical review by law. Those guys just need to be fired.
The motivation section of the proposal you linked to contains the very illuminating sentence
Der Entwurf zielt darauf, das Betreiben von auf die Förderung illegaler Zwecke ausgerichteten Plattformen unabhängig von dem Nachweis der Beteiligung an einzelnen konkreten Handelsgeschäften unter Strafe zu stellen.
My translation:
The draft aims to penalize the operation of platforms directed at supporting illegal activities, independent of proof of participation in individual specific trades.
I.e. the law is drafted to close a loophole where you can open a black market site, lovingly curate illegal goods into categories and offer your escrow services to potential customers, but you can only be prosecuted once the police can find someone who actually used your service. Instead, they'd prefer to be able to shut it down beforehand.
All in all, I'm not too worried that the law will be passed in a form that outlaws operating Tor nodes.
No, not any service. Read the actual proposed section 126a. The service must be related to one of the listed criminal activities to be illegal. In essence, this law is aimed at dark net sites like Silk Road.
Why are you trying to nit-pick the law based on the words the GP used in their gloss of it, rather than reading what the text of the law actually says?
The whole point of legal jargon is to say things in an airtight way. You cannot summarize legal jargon without removing the airtight-ness—lawyers really do use as few words as they can manage to get a concept across (in a loophole-less manner), so removing any single word further usually reintroduces a loophole. This implies that there is no point whatsoever in trying to poke holes in a law you only understand through summary, since it is vanishingly unlikely that the holes that appear in the summary appear in the law. You have to read the actual text.
Yes, the body of text in law is usually nearly burdensome with all the flowery language that makes it seem like they're trying to cover edge cases (and sardonic comment aside, I'll grant your assumption legislators want to cover as many edge cases as possible to prevent loopholes).
But at least in the United States, very many of the sentences in our laws end with weasel phrases like "or similar uses" and "or other software" and "or related activity", which is exactly where the problem arises, and where interested parties are inserting their own special loopholes. And sure, we hope that these loopholes get hammered out in the courts in our favor some years later -- that is, if there happens to be a good and willing samaritan that is more "invested" in taking the issue to court to try for an outcome which is favorable for the public versus one favorable to corporations or the police or the wealthy. But I'll just go ahead and continue supporting the option where the stupid law isn't created in the first place. Even if that means the police don't get their bogey man running a dark market.
Many of these things that look like loopholes are actually invocations of standing case-law. I.e., lawyers are relying on an implicit layer of interpretations for these jargon phrases, that have already been "hammered out" in previous litigations.
(Admittedly, some are not. But law written by teams of legislators with centuries of combined legal experience—and passed through dozens of third-party QC checks + redraftings before being submitted for consideration—usually does not have this problem. Or, if it does, then usually it is an "out-of-context problem" nobody could see coming—an interpretation that wouldn't have even made sense to consider at time of drafting—and the first time anyone hits the relevant snag, we get some equally-good lawyers [e.g. the US Supreme Court, for US-Constitution out-of-context problems] in a room to re-interpret the law.)
The problem is that this isn't legislation about the proper manufacture of bicycles. This is exactly the kind of legislation that governments and the police are looking for, to cut into civil liberties and fortify their own positions of power. This is exactly the kind of law in which the NSA specifically went looking for loopholes, in order to conduct its dragnet warrantless surveillance of American citizens -- and then shielded its exploitation and abuse of the loophole using its secret rubber-stamp court system, effectively making it impossible for the loophole to be actually hammered out in the courts. When a proposed law bumps up against civil liberties and so clearly has the potential for abuse, it's not right to treat it with the same sort of irreverent attitude changes to the tax code or military spending are treated. This is one of those laws where people need to stop and think about what an authoritarian political outsider would do with this kind of power if they were to end up winning the right election. Generic language doesn't belong in laws like this.
My point was essentially that the people who draft laws are very, very smart—smart enough to allow for devious things they want to allow for like NSA warrantless surveillance, fully as a consequence of the text of the law (without that being obvious to your average lawyer), rather than by using "generic language" to provide a loophole to the law (which will be obvious to any pre-law student, and thus to the lawyers working for the opposition when the law is tabled.)
Again, read the text. Is there "generic language" or "a loophole" you could find with ten minutes' close scrutiny, that can't be explained away as "fully pinned down in meaning by case-law" by an average civil lawyer from that country? I doubt it. But might it somehow allow for the trampling of your civil liberties anyway, for reasons that only become clear when you know all the case-law required to macro-expand the law out to its fullest reading, and the totality of the body of law and statute of the relevant country, and the case-laws of their individual interactions? Maybe.
I think, I am smart when it comes to web and software, but I know little about electricity or cooking or 1000 other things. The people, you call smart, proposed to place stop-signs in the web - which sounds good and familiar to general public, but stupid to people who knows how web works. It is not enough to be smart.
Maybe the word I should use is clever. The people who draft laws are very, very clever. This means that they know exactly how to manipulate language and the courts to get the effect they want.
Whether the effect they want is a sensible effect—that has nothing to do with whether they're clever.
A person with a genie in a bottle is normally just "doomed", because genies exploit loopholes. If the person is an experienced, clever lawyer, though, then they're not doomed; they're actually quite powerful. That doesn't mean they'll use their wishes to accomplish anything good for the world, or even good for them personally. They're still a regular, irrational human being with irrational desires—desires for status among their peers, for adoration and worship by the public, for renown and legacy. Etc.
I'm pretty sure that the people who proposed to "place stop-signs in the web" knew what they were doing, and knew what it would accomplish, and wanted to accomplish exactly what the law-as-drafted would accomplish if signed into law. "But it would just make everything worse!" Not for them. Not for their voter-base, at least from the perspective of voting for them again. Not for their lobbyists. Etc. It might make the Internet work objectively worse—but whoever said that politics was about making things better? Regulation mostly serves to make various processes more inefficient and to give those processes higher barriers-to-entry—in a way that makes them safer, or less prone to abuse, or whatever else. Politicians are always thinking in that mode: "something might get worse, but it's a compromise for everyone else—some good, some bad—and a win for me personally!"
> explicitly enumerated potential crimes like propagation of child pornography and money forgery
Clarification: "money forgery" would refer to counterfeiting, where I might print up a bunch of notes that look like $100 bills and spend them as if the government had printed them. "Money laundering" would refer to disguising the origins of some money, where I might report a pile of cash that came from illicit drug sales as cash receipts from the convenience store I conveniently (see) happen to own.
It's hard for me to imagine how you'd use Tor to forge money, although I guess it might be involved in your scheme to hack into your bank and increase the value of your account(s) there. What kind of money-related acts are enumerated?
The original draft lists counterfeiting (sorry, I used the wrong term originally) and "computer fraud" (loose translation) which means defrauding someone by technical means. Hacking a bank and altering account balances would be an example.
I think the list covers trading in counterfeit money as well. This is something that you can totally do over the internet.
But see the reply linking to the newer recommendation document. This one recommends to remove the restriction to a set list of crimes and is generally much looser.
> "purpose is to allow or encourage specific illegal actions"
And who's to determine what the purpose was? The creator of a new technology has no way to force a particular use for their creation. One can invent the cooking knife to help with all sorts of cutting tasks in cooking, and now they'll be held responsible if people decide to use those knives for murder? That's silly.
One can invent the cooking knife to help with all sorts of cutting tasks in cooking, and now they'll be held responsible if people decide to use those knives for murder? That's silly.
That's the problem with outlawing tools and tech instead of directly going after evil people. One ends up inconveniencing, penalizing, or even making criminals out of law abiding people, while the criminals just keep on circumventing.
Hey, all Internet kiddie porn is distributed using networks and computers. Time to outlaw those! Think that's silly? I don't think we're that far away from outlawing human driven cars. There are probably tons of people in government and law enforcement who would be all for it. If we're not careful, we might end up in a world only consisting of locked down DRM-laden devices. Oh hey, we're not that far away from that either!
>I don't think we're that far away from outlawing human driven cars. There are probably tons of people in government and law enforcement who would be all for it.
It will be a great day when human drivers are banned. Humans can't handle driving, and they cause 40,000 deaths per year in the US alone. Computers will be able to do this far better.
But your analogy isn't very good. Assuming we have driverless cars in the future that really are extremely reliable and safe, then I don't see what argument you can possibly make to allow human drivers, other than "I like driving". The interest of public safety clearly overrules your interest in being in control of your own car like in the "old days", just like the interest in public safety prevents you from flying your private airplane in controlled airspace without proper radio equipment, transponder, ATC clearance, etc.
However, all kinds of valid arguments can be made against a DRM-laden internet with devices you don't control. There's tons of things people simply wouldn't be able to do (such as write their own software) in such a world. The actual harm caused by the present state of things really isn't very much, if anything (can it be quantified?), the proposed solution doesn't really seem like it'll fix the supposed problems (they had drugs and stuff before the internet after all), and the proposed solution would impose giant costs on society. By contrast, driverless cars (at least the hypothetical ones assumed above) would fix a big problem, and would have very few downsides I can see.
It will be a great day when human drivers are banned. Humans can't handle driving, and they cause 40,000 deaths per year in the US alone. Computers will be able to do this far better.
Sure!...if we all actually owned our machines and the government wasn't using the mechanisms through large corporations to spy on us and control us. The thing is, many people in the government and large corporations are going to try and do just that, because it is in their short term interest to do so.
Assuming we have driverless cars in the future that really are extremely reliable and safe, then I don't see what argument you can possibly make to allow human drivers, other than "I like driving".
"I like driving," should be enough. Maybe there should be certain regions where you can still do it, but busy city highways would be restricted. In any case, it's not so much driverless cars that are the problem, so much as cars that are controlled by powerful organizations with interests that aren't the individual and individual autonomy and freedom of movement being taken away in a practical sense.
The actual harm caused by the present state of things really isn't very much, if anything (can it be quantified?)
This is how tyranny generally goes. At first, the Soviets were bright eyed and idealistic about the project of building a new society. Heck, even Germany in the late 1930's was like this, with progressives in the USA singing the praises of the "progressive" policies and energy of the new regime.
By contrast, driverless cars (at least the hypothetical ones assumed above) would fix a big problem, and would have very few downsides I can see.
No disagreement, again. The question is, will this eventually be implemented in a way where everyone is going to report in to Big Brother and ask permission to take a trip?
At least in the US, the police departments are reliant upon traffic tickets for funding. Just saying, get rid of human drivers, cops aren't gonna get paid!
I am going to laugh the day AI drivers need to get a license and or can get points from their license taken for traffic violations :D and the human has to pay for it
>I don't think we're that far away from outlawing human driven cars.
I don't know about that. Human driven cars provide police an excuse to stop and question almost anyone they want, as well as lots of revenue from traffic tickets.
Your argument does apply to some other objects though.
New legislation and regulations happen at glacial speeds. Even if everyone was on board and the tech was ready today, which is not the case, I would not expect it to happen very soon.
While that's perhaps an interesting question in the general case, for Tor, we know the purpose was to protect US covert intelligence communications overseas, which is very much about enabling illegal (by local law) activity.
And actually, purpose requirements in law are not uncommon and, in systems with meaningful proof requirements that benefit they accused, since they provide additional facts which must be established by evidence before punishment can be imposed.
> While that's perhaps an interesting question in the general case, for Tor, we know the purpose was to protect US covert intelligence communications overseas, which is very much about enabling illegal (by local law) activity.
Made all the more problematic by the question of whose purpose should be used. It's a piece of open source software with multiple contributors, one of which may or may not be the node operator. So whose purpose do we use? The US Navy? The EFF? The node operator? They may each have a different purpose.
> And actually, purpose requirements in law are not uncommon and, in systems with meaningful proof requirements that benefit they accused, since they provide additional facts which must be established by evidence before punishment can be imposed.
Purpose requirements are typically sentence intensifiers for things that are already illegal. Illegal entry is trespass but illegal entry with intent to commit a separate crime is burglary.
The problem here is that the other requirements are completely normal behavior and it's the purpose requirement which is doing all the work. If you take it away you don't have a sensible prohibition on something wrong which the purpose requirement only makes harder to prove, you have a nonsense law that prohibits ordinary upstanding behavior. In other words, without the purpose requirement there would not sensibly be any law against this to begin with, and that is what would really benefit the accused.
> we know the purpose was to protect US covert intelligence communications overseas, which is very much about enabling illegal (by local law) activity.
Says who? According to the torproject.org homepage[1], the purpose is:
> [to help] you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
That includes stuff like preventing your ISP from knowing private personal details like how one was fired, or is secretly gay, or likes to write or draw porn, etc.
Also, if you own a big business and you just bought a supplier to eliminate the costs of a middle-man, you might also want to keep that confidential from your competitors for whatever business strategy you have.
The US Naval Research Lab that developed onion routing, patented it, implemented it in the form of Tor, and released it under a free license, which is how the outside-of-government (though founded by some of the same people who had developed the tech and implementation at the USNRL) Tor project was able to build on it.
> for Tor, we know the purpose was to protect US covert intelligence communications overseas
While it's possible that Tor's stated mission was a smokescreen, I think it's much more probable that it as created just as its creators said, as part of information assurance (i.e. allow dissidents and journalists to get information out of repressive regimes).
...states the early generations were created by Navy R&D. The purpose was protecting U.S. government assets with widespread use providing a smokescreen for them, letting them get lost in the crowd. It also took funding from Navy CHACS, which does high-assurance security. The CIA also wanted to protect foreign dissidents in their efforts to change regimes. So, it was getting funding from State Department or a CIA front last time I checked that works on stuff like that. Majority of its funding. It would probably go into legacy mode with layoffs if U.S. military and intelligence stopped using it. They'd have no need to pay the developers' salaries.
So, anyone telling you it was designed for something other than supporting U.S. military and intelligence operations is either ignorant of its history or lying to you. That said, it did evolve to help all kinds of people who have nothing to do with such operations. I always give out the "Who Uses Tor?" page for people wondering about legitimate uses for online anonymity. It's an awesome page.
"So, anyone telling you it was designed for something other than supporting U.S. military and intelligence operations is either ignorant of its history or lying to you."
> as part of information assurance (i.e. allow dissidents and journalists to get information out of repressive regimes).
Even so, that's just as much facilitating illegal (under local law) activities as protecting US overseas intelligence activity is, and actually overlaps substantially with protecting US overseas intelligence activity. (US intelligence assets often being dissidents, if not always overtly so.)
Not a lawyer, but this reads like an intent-based law, which aren't too uncommon in Europe. There are some other laws that are phrased in a similar way, like the so called "hacker paragraph".
To stick to your analogy, unless you market your knives as "murder knives" you are good.
I'm writing this as a German developer who's involved with the cjdns project, which matches "accessibility is restricted due to specific, technical precautionary measures" but obviously not "purpose is to allow or encourage specific illegal actions".
That puts a lot of faith in government not to abuse their right to change opinion. It's trying to make "common sense" law, and I'm not sure I'm comfortable with current "common sense" regulating the Internet.
On the flipside, common sense would state that maybe 8chan shouldn't exist.
It’s more like if you participate in package distribution system that involves you willingly passing along anonymous packages, some or many of which you _know_ are used for criminal activity. It’s not about outlawing packages. But about participating in this network that facilitates organized crime.
The prosecution will have to comb through your email history and prove that your intention was to enable criminal actions. If you build a network to help people escape tracking by their ISP and it just so happens that others abuse it for illegal purposes, then that's not really your fault.
It's not exactly a knife, but German weapons law does have an intent-based loophole: If you want to carry pepper spray to defend yourself against rapists, you need a lesser weapon's license. If you want to carry pepper spray to defend yourself against animals, you don't need any license. If you get attacked by a rapist, and it just so happens you have anti-animal pepper spray, then of course you can use it for self-defense.
Yeah that seems to be the key phrase and very very vague.
Terrorists for a while used email accounts where they'd write drafts, share username and password and read those drafts.
Obviously email isn't "for" terrorism but they used it .... but exactly where that line is is confusing.
If I provide a privacy focused service, it stands to reason criminals would like that ... I don't like it, but that's just me saying that, but is that "purpose"?
Accountable for users giving it a malicious use? What, like if people sell drugs through it? I haven't seen that. There are probably people that want better moderation from Facebook, but that also risks being seen as censorship.
What I have seen people try to make Facebook more accountable for is the under-the-table handling of data of their users, but that's not users making a malicious use of Facebook.
>"internet based service", which "accessibility is restricted due to specific, technical precautionary measures", and which "purpose is to allow or encourage specific illegal actions".
That's technically what youtube and liveleak do in Germany.
But you would be facing a government arguing that Tor doesn't have any legitimate legal uses... after being put through the process of being raided, having all your equipment confiscated, and being arrested.
In the currently proposed revision, the law applies to anyone facilitating access to an internet-based service "unless the criminal use of the service is of insignificant importance".
tbh, having read the draft, I am still not clear whether running a node/the browser is to be made illegal.
that's what the Zeit article says, too: the worst interpretation is, yes it will be made illegal. another, more benevolent reading is that there should be harder punishments for providing a concrete platform for illegal activities.
so how can you make a draft that is so vague? make no mistake, this is not incompetency. as per Zeit, and I agree, this is intentional to scare those who run the browser/a node.
also, consider Günter Krings' proposal to make the entire 'dark web' illegal. his reasoning: that an open democracy has no need for such a structure. so, because germany is an 'open democracy', he thinks germany can abolish the open internet altogether?
To me this seems to target specific illegal sites (which makes sense) rather than operating a service which may be used for illegal stuff while not being explicitly designed for it (so Tor should be fine given it has possibility for legitimate usage, and so do Tor hidden services as long as they're not used for anything illegal).
I disagree. The law in most countries already allows for prosecution for services that exist primarily/solely to aid in the commission of crimes. For example, torrent websites are periodically taken down and seized based on laws around conspiracy to commit copyright infringement.
Therefore, the law already allows websites or services to be shut down if their primary purpose is to enable illegal behavior. The Silk Road is a perfect example of this. They were basically and eBay for drugs and other things. While they didn't actually possess or sell the drugs themselves, no one anywhere considered the site to be legal.
I was disagreeing with the stated use of the law that the OP claimed. I was saying that I am pretty sure all developed countries have laws that already serve the stated purpose, thereby negating the need for this.
That shows that Germany can already prosecute nefarious sites which may even have legitimate purposes (i.e. "file sharing") but are used predominantly for illegal purposes. Thus, the need for this saw seems suspect.
Agreed, while both the proposal and the article contain lots of the usual dark net FUD, the proposed law seems pretty constrained on the platforms themselves.
I honestly fail to see the larger point of that legislation, if a platform is as clearly targeted towards the crimes specified in the proposal it should already be covered by a plethora of German and EU wide law.
Thats just the point, these services are already outlawed. There are numerous laws that regulate the sale of drugs, weapons etc., which makes these onion-services already illegal. The wording of this proposal is made deliberately weak so that even Exit nodes will be covered, if it gets through the Bundestag.
Alas a small word on the legislative procedure. This is "only" a draft of a proposal of the Bundesrat (what in most states is called the Senate). The 'Bundesrat' has no legislative authority, so in essence this is a paper that 'calls the Bundestag (House of representatives)' to initiate a legislative procedure -- on itself it is pretty meaningless but has the chance to become a problem.
> I honestly fail to see the larger point of that legislation, if a platform is as clearly targeted towards the crimes
the problem with wide legislation is that it's got a chilling effect.
Would bitcoin or crypto currency be targeted? it's a fully anonmyous payment system which could circumvent anti-money laundering laws, and be used to conduct illegal activities.
I think platforms should never be charged as illegal. Only acts that are illegal should be charged, and the platform where it takes place should be deemed a neutral utility or carrier.
Who knows what's going to be illegal tomorrow? Who knows if a fascist gov't comes into power, and starts targeting specific groups, using such laws?
Facilitating crime is generally illegal as well as performing it. That's where you get things like (for example) conspiracy and aiding and abetting charges.
The Internet facilitates a great many crimes. New forms of crime previously unimaginable. New scale of crime previously the stuff of nightmares. New reach of crime previously to the most innocent.
Is the purpose of this infrastructure to facilitate all this criminality? Certainly not the sole purpose. Perhaps it was purposely build in a way that would allow scale and prevent censorship which enables many forms of criminality which a different architecture would have suppressed.
Typically the law is written quite differently. If there is a uncoincidental legal purpose, then infrastructure must be legal. Because many times the purpose of a specific technical measure can serve both a legal purpose and a criminal one. To ask merely of a technical measure serves a criminal purpose without regard to a greater purpose is to criminalize any censorship resistant network.
>Is the purpose of this infrastructure to facilitate all this criminality?
>To ask merely of a technical measure serves a criminal purpose without regard to a greater purpose is to criminalize any censorship resistant network.
There's two vastly different talking points here, a) the Tor network and similar tech that could get caught in legalese crossfire and b) specific websites that utilize the above. I agree on your sentiment that a) should never be outlawed but the German text seems rather specifically worded to address b). Please be assured that I'm not trying arguing that these people have enough technical understanding to not make it unnecessarily broad and throw a) under the bus as well.
I believe my main point still stands, b) is the equivalent of me opening a corner shop advertised as "illegal arms deals" and pretty much legislated enough.
> I honestly fail to see the larger point of that legislation, if a platform is as clearly targeted towards the crimes specified in the proposal it should already be covered by a plethora of German and EU wide law.
Based on my understanding of Czech law (which is alike German law, but not that much), the point lies in process issues. Having specific laws allows the government (meaning the executive branch) to form law enforcement units, establish government offices dedicated to the issue etc.
> They want you to face jail, if you provide an "internet based service", which "accessibility is restricted due to specific, technical precautionary measures", and which "purpose is to allow or encourage specific illegal actions".
So does this mean that they will forbid email encryption as well?
- internet based service / check
- accessibility restricted by technical measures / check
- purpose is to allow just about anything, including illegal actions / check
Good laws are clear, straightforward, and apply to citizens in equal measure. If you can't know if you are following the law or not, you might as well not have law and instead rely completely on arbitrary judgements.
From the wording I can't really tell but would this target more operating a Tor website vs. a Tor node? What about VPN providers? From what I understand the law would target the sites by taking away the operator's defense that they were just providing a platform. But it could be interpreted also as targeting node operator.
This could cover even encrypted messaging services like WhatsApp or Telegram and would certainly conflict with the pretty privacy laws Germany has.
If this is the case then by the wording clearer we'd know what exactly is being targeted. The current principle behind the proposed text would make even a taxi driver responsible for assisting a criminal by transporting them anonymously.
That's the problem. The draft is vaguely formulated. They seem to concentrate and take down Tor websites and "darknet admins", but the difference is nowhere mentioned, let alone acknowledged in the draft.
I always want to imagine these drafts as a request for information (although they mostly aren't). I doubt too much technical know-how was involved when drafting this and I hope before going to the next step they actually call on someone who can accurately depict exactly what each concept is and how to clearly differentiate them.
That is not the version of the law that is being voted on. The amended version is much broader, doing away with the restricted access condition, and now applies to all crimes rather than a specific list. But the worst part, the text has been changed from "provide" to "facilitate access to", meaning this could also apply to ISPs and free software contributors.
> purpose is to allow or encourage specific illegal actions
You know how kids used to pass paper notes in class? Well, yesterday I learned that kids still do this. Except now they do it through the comments and review section on Google Docs. Shared Google Docs that they are supposedly taking notes on for class, or collaborating on an assignment. And if a teacher or parent comes by, they hit "resolve all", and everything disappears.
Well, it is not only the "Christian" "Democratic" Union that is attacking on freedom in Germany, "Social" "Democrats" are in a Grand coalition with them (for the uninformed: "Grand coalition" is a term used in Germany to describe a coalition of two major parties).
I assume the "Greens" and the "Liberals" are opposing the law, but do it out of pure opportunism. Because, as the past teaches us, if they'd be in a coalition with one of the major parties, they would be for such a law.
Just look at the diverse police laws (Polizeiaufgabengesetz) in states where the Greens are part of the administration. It's really appalling and many members of the Green party in the Bundestag I deem absolute hypocrites.
The Liberals at least opposed data retention (Vorratsdatenspeicherung) when in coalition with the CDU. They are appalling in other ways.
> They want you to face jail, if you provide an "internet based service", which "accessibility is restricted due to specific, technical precautionary measures", and which "purpose is to allow or encourage specific illegal actions".
So they are making it illegal trying to hide your illegal activity?
No, they are making it illegal to aid other people's illegal activities through web services. I think it's more of a clarification of what constitutes aiding criminal activities in the internet services context.
Hold your horses a bit, cowboy. You realize this tool was created by NSA and helped countless dissidents, journalists etc in highly oppressive regimes to express their voices. Something a German citizen should still be concerned about when trying to learn from history...
Yes there is illicit usage of this in crime world (even though some small portion can be morally justifiable, most is not), but there should be at least a discussion about pros and cons if we want to call ourselves a just and fair society (which I realize is not what everybody craves for, but I hope vast majority does).
>and which "purpose is to allow or encourage specific illegal actions".
The purpose of tor is not that, which makes it a weird clause. Perhaps something like "knowingly facilitates illegal activity" would fit, still not great wording, writing legislation is hard.
>"accessibility is restricted due to specific, technical precautionary measures"
Maybe it's a translation issue but having years of reading legal-technical documentation I can't quite parse this: all access to computer services are technical and specific, so far just leaves 'precautionary' to carry any meaning -- who is taking what precautions in setting up tor exit-nodes [in the view of this phrasing?].
Bullshit. It’s literally saying “if your goal is to allow criminal activities”. Per TMG §8ff any service provider providing a free service whose traffic is neither filtered nor inspected bears neither responsibility nor is required to keep logs. [1]
This law cannot be applied in practice as there would need to be non refutable proof that the operation of the nodes would be used to facilitate illegal activities. That’s already illegal if they can prove it, or else it wouldn’t be illegal.
Source: my lawyers. I’ve been running massive exit nodes for years in Germany.
AFAIK this is a draft for a new police law in North-Rhein Westfalia (NRW), so it would affect “only” that province. NRW was also the province that made the draft for the infamous new police law.
The article says the draft is beeing discussed in the Bundesrat. The draft is mainly targeted on dark net market places, but its formulation is broad enough that one could argue TOR exit nodes could be affected by it (its forbids platforms that enable criminal behaviour, which is arguably nearly everything if you squint your eyes the right way).
German privacy activists are mainly suspicous here because there is no real reason for the draft to exist. Running illegal black market sites is already illegal under german law, because the stuff you sell there is illegal — it doesn’t matter if you do it online.
Fight "herd anonymity" provided by a large tor network? Ironically(?) that'd make the original purpose for Tor (covert channel for covert operatives) less viable too.
Broad, redundant overreaching legislation with ample room for "discretionary" enforcement seems a prime way to enable tyranny in a country otherwise democratic/ruled by a normal three-way powersplit (executive, legislative and judicial branches).
National powers want to filter the contents circulating on the net, but the application of the rules is subject to the limitations of enforcement capabilities. And I'm not only thinking to espionage, terrorism, money laundering and child porn, but to article 13 and copyright violations too.
The government would like to push for overly broad regulations, but they realise that the application of such creates incentives to adopt and democratise radical technologies.
Platform operators who do not want to comply with the regulations can move them beyond national / European borders, or use darknets and decentralization to resist the capacity of police forces.
The article actually details that the proposal on the table is to make it a crime to run sites whose access is restricted by specific technical measures and whose purpose or activity is oriented towards the goal of aiding crime.
The notion that it would become a crime to run a tor exit node is actually speculation on the part of the authors of this article.
But is not apparent to me how that would follow from such a law: For example, since anyone can access tor, and, by implication, any tor exit node, access to a tor exit node is not restricted in any way, so it would not seem to fall under this law in my opinion.
As for running a tor hidden service, this would seem to apply but still: How do you draw the line between running a service where it just so happens that criminal business is conducted over that service, versus running a service whose purpose or activity is actually directed towards aiding crime?
The problem with laws like these is just as you say... How do you draw the line? Vague laws allow the government to draw the line wherever they want to achieve their goals. It's speculation yes, but abusing and reinterpreting vague laws is something governments do quite regularly when it suites their needs.
Unless you specifically clarify things, even the part you seem to think is clear can be interpreted differently. You say that a Tor node does not meet the criteria that "access is restricted by specific technical measures". But one could easily argue that Tor is a "specific technical measures" and access is to a Tor Node is restricted because you need to know what software to install and how to install it in order to access the Node.
It could also be argued that any encrypted communications is "restricted" in that it's private. It's restricted to the parties involved and not visible to outside observers.
Wouldn't an unencrypted website also fail the same test? You need specific software (web browser) to access a website. And if you allow that, encrypted websites (TLS) would probably fail because you further need a browser that supports TLS.
If those don't fail, I don't see how Tor would fail, since Tor requires similar software (Tor browser) that if freely available, just like a web browser.
Likewise, wouldn't other services, like video games and chat applications also fail because you can only access those through a specific app?
Honestly, this seems completely unenforceable. If there's proof you've done something illegal, you can already be charged with that. If there isn't, then this law is too vague to add anything. This law should go straight to the dumpster...
As I understand it it targets people hosting darknet markets and aims to allow for longer sentences for just making the market available independent from having to proof individual crimes committed through it. If i had to guess its a law as a reaction to the last two big busts of darknet markets/Forums in Germany. DeutschlandImDarkweb and Elysium. In both cases, the admins were largely sentenced for crimes unrelated to hosting the site. DeutschlandImDarkweb for aiding a murder by allowing the weapon sales to the munich shooter and Elysium for actually raping kids.
With this law it will no longer be necessary to proof that individual sales through the platform actually happened. Not great, but (still) far away from outlawing tor exit nodes.
That sounds like a reasonable explanation for the reason behind the law, but vague wordings are still problematic, more so when it comes to any complex technology. You don't want a vague law that could be reinterpreted as making it illegal to provide end-to-end encryption for non-financial or other legally protected data (the argument being that if there is no need for it from a business or legal perspective, then it must be encouraging illegal activities as why else would it need to be encrypted).
But you're giving a tool to the people who want to ban it. Just because it's not an exact fit doesn't mean that someone can't use it to achieve their specific goals. Plus vagueness like this can create chilling effects that limit the establishment of things like Tor, and further serve to solidify the view that things like Tor and End-to-End encrypted chat are inherently bad/illegal.
Does anyone familiar with German politics know how likely it actually is to be ratified? Politicians here in America love to draft soapbox bills that they know will never get ratified, just for the publicity.
It would not be the first time, that such a law finally passes the parliament. And it would not be the first time, that such a law is invalidated by the Federal Constitutional Court after that.
We cannot always hope that the Constitutional Court comes to the rescue and is the final straw that will invalidate these laws.
First, last year a very conservative constitutional judge has been appointed, which probably will be more common, especially now that a reactionary party has become part of the House of representatives.
Second, the court has made problematic rulings in the past -- even under more liberal judges.
Nothing, I just wanted to use another word for the Budestag, since it is an equivalent institution and not everyone is familiar with the german political institutions. Especially the Bundestag and Budesrat (equivalent to the Senate) is often mixed up. The reactionary party I was referring to is of course the AfD, not the GOP.
> Nothing, I just wanted to use another word for the Budestag, since it is an equivalent institution and not everyone is familiar with the german political institutions.
House of Representatives is not another word for the Bundestag, its the name of the lower house of the US parliament. Which Im sure does not have exactly the same role as the Bundestag.
> Budesrat (equivalent to the Senate)
It isnt. For example, Senators are elected as senators, the Bundesrat is a representation of the state governments. Their roles also differ. You cant just map political institutions 1:1 like that.
Of course not, I never said they were equal, but 'equivalent'. In order to facilitate a discussion some simplifications are helpful sometimes. You are right in the regard that on the level of a formal academic discussion this would be a false equivalency. But on an informal level (with that level of simplification in mind) they are similiar enough to make a comparison.
The most striking similiarity of Bundesrat and Senate for example is that both are institutions that represent political subdivisions (States, Bundesländer), not the population as such. Another similiarity is the role in the ratification and oversight [of the federal Budget (https://www.bundesrat.de/DE/bundesrat/ausschuesse/fz/fz-node...) especially and generally laws that concern federal and substate-level interests].
Also, I made that comparison especially because both houses of the german parliament are regularly mistaken with one another -- even in serious publications.
I doubt that this is anything to do with a soapbox, since most members of the general public in Germany probably don't even know what the darknet is, or what tor is and how to use it. Also: It's coming from the ministry of justice. So this seems like technical lawmaking, where the judiciary is probably taking the opinion that there is a "hole" in existing laws versus what they believe should be the spirit of the law that should be plugged.
This is a proposed bill. The title posted here suggests that it has been ratified and is going to implemented but that has not happened. The translated (and paraphrased) title is "Those Who Make the Darknet Possible Could Soon Be Offenders."
Is this specific to Tor, or would it also affect CDN's? I am not a fan of commercial CDN's (for my own hobby sites) so I set up haproxy+strongswan VPN nodes in various VPS sites around the world, that cache and relay traffic to/from a few nodes in another VPS. For all intents and purposes, my websites are actually hidden, despite having public IP addresses and names. I've had front-end caching nodes in Germany before.
I think CDN's would be harder to argue as being included. The vagueness seems to put things more like Tor and end-to-end encrypted chat at risk. Any service could be involved with illegal actives, but if there is a clear and primary business/legal need, then it gets harder to argue that it's main purpose is to "encourage illegal actives".
The front end caching nodes are just haproxy 1.9 (which has very simple caching now) which precluded my need for nginx. Those nodes have strongswan in transport mode using a simple pre-shared key. The backend is just a simple apache 2.4 server.
DNS is just NSD with multiple IP's in some of the A records. I don't do any GSLB or Anycast, nothing exciting there. The browser will use whichever IP answers which means the end users could end up on any nodes. I could get fancy and use GeoIP mapping to keep most requests on the same continent. Maybe I should set that up this weekend.
I can't argue with that and unfortunately for the UK. Due to our leaders being so weak, incompetent and impotent. They will be falling over themselves to implement this to its fullest.
The current Prime Minister introduced the Investigatory Powers Bill (now Act) when she was in the role of Home Secretary. This act requires all ISPs to record which domains users visit for one year, and provide access to that data without a warrant to a large number of government bodies including the Welsh ambulance services.
This act has been ruled incompatible with EU law.
The UK is much worse than the EU when it comes to this sort of thing.
ECHR membership is a prerequisite for EU membership, and May is on record wanting to leave the ECHR.
Additionally, scope creep has turned Brexit from “Leave the EU” to “Leave all the European institutions which have power over the British government”, or at least that was the rationale given after the surprise announcement that the UK was leaving Euratom.
Therefore, while it is correct to say the Council of Europe is different from the EU, it is sadly also not an important point.
I hope not.
As a German I'm really happy that we're in a federation with countries like the Netherlands and Sweden which have much more tech literate governments because they provide at least some checks and balances to the email printers that we have.
This is the same problem we've seen in most countries, especially the US, where technologically illiterate lawmakers make overly-broad laws that can capture all sorts of perfectly decent behaviour, which then allows law enforcement latitude to prosecute who they will, when they will. This is a deliberate ploy in Russia, of course, but in the West, it happens, especially with terrorism and technology laws. IT's really important to stop these and reverse them with literate lawmakers.
In China they banned all stores from selling butcher knives simply because it was commonly used as a weapon in a fight or to kill someone. If you happen to need to chop some meat at home then you are out of luck as this knife just cannot be purchased legally in store. This case here is pretty much using that same stupid logic.
Aye yay yay this is where government gets scary with the internet. Guess what this will not prevent (much) crime, but it will allow the government and their affiliate corporations to track the crap out of you.
If something like this goes through, I consider it my duty to run tor nodes myself. There are multiple cheap VPS services that support you running a node and will have your back if something happens.
actually the situation in germany in getting hotter as years pass.
last year it was reported that on numerous occasions german police were using cell-tower data and cross referencing burner and real mobile phones just to get some guys who were doing graffiti. wonder what data they acquire for everyone involved in more serious crime cases
That seems implausible given that everyone I’ve talked to about graffiti since moving to Berlin regards it as “not a crime” (unless its removal necessarily causes damage to the property).
It is indeed a crime. Just because your friends don't think so, doesn't make it legal. It's an act of vandalism, anywhere but clearly marked zones that are meant for street art.
> that German health care is superior compared internationally.
Their healthcare is very cost inefficient [1]. Poorer post-Communist countries have more efficient healthcare as it might be bad but as well is rather cheap there.
How effectively would they able to enforce this? Aren't those nodes precisely designed to evade detection? I perversely welcome such surmountable hindrances to liberating technology -- it feeds the antifragility of the target
I'm pretty sure Tor exit nodes in particular are very public and easy to spot by ISPs and VPS providers, which is why they're very difficult to host at all even now.
Traffic on the Tor network itself is designed to evade tracking or interception but exit nodes are required for communications to reach outside Tor.
I am a foreigner living in Germany, and my diagnosis is that Germany is one of the lesser fascist nations in the western world. The UK is more fascist, certainly Austria and many eastern europe nations. Italy. Maybe even the US.
Germany has a weird divide. It is the one nation earth that REALLY tried hard to deal with its past — on the other hand it didn’t reach all the people. Especially not the eastern Germans who grew up under Soviet rule and who (much like many other ex soviet states) developed a weird nostalgia for the strong hand of the state — they are aware that comunism is dead, so they go for something else.
I don’t think German society is especially fascist in any way. Not more than other nations, it might be a little less so.
However especially CDU politicians are kinda hardline and they got many of their laws revoked by the constitutional court, as many acrivists predicted. Public surveilance is nowhere close to UK levels tho.
isn't it a global phenomenon at this point? it is trendy to call for a smaller world/craft anti-populace measures lest it get "out of control". the internet is basically the wild west and just like the wild west it will be tamed for profit
It's not just Germany. It's human nature. Look at the current media and political environment in the US. People with influence want to push us towards fascism or its equally aborrent flip-side - socialiam. And people are naturally drawn to it. There is an excellent book called "Escape From Freedom" by erich fromm which deals with people and their relationship with authority.
Antisemitism? I think you mean Marxism? I'm not sure how one would construe a clear statement about sosio-economic theory to be an ethnic slur?
That was certainly not my intention.
[ed: or clear opinion. A statement might be more along the line of: the build up of anti-democratic and anti-labour power structures arise naturally in a saturated marked that see a higher and higher concentration of wealth, and growing inequality - the state increasingly becomes a tool for safeguarding the wealth of the few against sharing with the many]
I STRONGLY encourage everyone not to come to Germany, especially if you are an entrepreneur or a developer. Horrific laws like GDPR, Hackerparagraf, Upload Filter etc. are passed every week. Even the north Korea is more business and IT friendly than Germany.
As a counter-opinion, I strongly encourage people to consider Germany where the law ensures your rights as individuals are respected by corporations, regardless of where they are domiciled, and protects people in all circumstances (public health insurance, generous jobless benefits, good work/life culture). It's really nice as an entrepreneur not to worry about getting sick, or how I will feed my family, even in lean times.
> public health insurance, generous jobless benefits, good work/life culture
What a surprise when foreigners learn that they cannot opt-out from their monthly healthcare contributions (while debt is accumulating proactively already), the jobless benefits are a minefield and they don't qualify for them, the miserable startup they got job in prays on people depending on visas and stay permits while big industry hire only "doctors" and those from "good families".
They refer in particular to the Tor network and its abuse by serious crime, but how I read this law, you could apply it for all kind of things. For instance if somebody runs an encrypted IRC channel or email service. This is yet another attack on freedom in Germany thanks to the Christian Democratic Union.
EDIT: The original law draft can be found here:
https://www.bundesrat.de/SharedDocs/TO/975/erl/10.pdf?__blob...