The new coalition agreement aims to strengthen the law on the Internet and advance society in terms of cyber security.
The new coalition agreement aims to strengthen rights on the Internet and move society forward in terms of cyber security. This step is necessary because since September 11, 2001, surveillance of citizens has been steadily intensifying. The traffic light coalition has set itself the goal of stopping this and - where possible - correcting it. To strengthen rights on the Internet, this new approach aims to adjust numerous factors: From data retention to user verification to state Trojans. Important: The new coalition agreement focuses on the law on the Internet. It is therefore not about enforcing laws that violate European law or reforming the Federal Intelligence Service. The traffic light coalition has refrained from these plans. Instead, the new measures are intended to provide greater security for private individuals and companies. This makes the treaty an important basis for the future legal situation on the Internet.
The right to encryption is an important aspect for general law on the Internet. That is why the coalition agreement addresses this project, among others, and directs its focus more strongly on it. Also required is effective vulnerability management, such as is possible with the help of our pentests. The coalition agreement sees this task falling to the state itself, which must create the possibility of genuine and encrypted communication. To strengthen this area, one approach is to separate parts of the Federal Office for Information Security (BSI) from the Ministry of the Interior. This would ensure that advice or vulnerability research is in the hands of independent experts.
Another important point for the law on the Internet is to close security gaps as quickly as possible. Government agencies that are aware of just such vulnerabilities should contact the BSI directly. It would then be possible to have the IT systems subjected to an external audit by independent experts. The crucial thing, however, is that the BSI should pass on these reports to the companies.
Accumulating and slowly working through them is categorically ruled out for effective vulnerability management. Rather, according to the coalition agreement, the goal is to eliminate potential attack surfaces as quickly as possible. Buying security gaps and deliberately keeping them open is an obstacle to strengthened law on the Internet. This should no longer be the practice.
The coalition agreement is a new approach to securing the law on the Internet. It aims to ensure data security as well as security for businesses and individuals. In doing so, it identifies numerous fundamental factors that will ensure greater IT security and support digitization in Germany:
According to the new coalition agreement, additional IT security research should ensure stable law on the Internet. This would make it far easier to identify security vulnerabilities in systems, report them and close them. This would mean that attack simulations such as pentests, which provide more security for companies, could always be carried out completely legally. Since such tests are currently in a gray area, the colloquial hacker paragraph in the penal code needs to be adapted. The same applies to uncovering security vulnerabilities on one's own. White hacking would thus be legitimate in the future. It could be usable without further concern to eliminate security vulnerabilities. The use of state Trojans should not be completely stopped in this context. However, the intervention thresholds are to be higher in order to guarantee the rights of all on the Internet. With this plan, online searches will continue to be possible in accordance with the requirements of the Federal Constitutional Court. At the same time, the coalition wants to create a legal basis for the controversial hacker authority Zitis. This would enable parliament and the data protection supervisory authorities to implement seamless monitoring. In the development of surveillance tools, on the other hand, everything remains unchanged.
An important principle for the right on the Internet is to guarantee the right to anonymity, as in public space. At the same time, biometric recognition and an automated government scoring system are to evolve. In contrast to what was proposed in 2010, the storage of data should already ensure sufficient efficiency. The extent to which this form of data retention is possible depends, among other things, on a pending ruling by the European Court of Justice. However, it is important to note that data should always be stored on an ad hoc basis and not arbitrarily. With a high level of cloud security and regular checks for IT vulnerabilities, such a plan would be entirely desirable. Another interesting approach to protect civil rights on the Internet is the so-called login trap. It can serve as an investigative tool and identify both perpetrators and offenders in a way that protects fundamental rights and is freedom-oriented. As a result, it could support democracy and data security in equal measure and remain viable in the future.
The new coalition agreement is an important step for law on the Internet. A uniform interoperability commitment for Europe is also to be part of it. The goals of this resolution are broad: they safeguard communications secrecy, increase data protection and IT security, and ensure end-to-end encryption. This makes the envisaged right on the Internet an important milestone, and not just for digitization in Germany. The many good approaches to better IT security law give us hope that the coalition agreement will live up to its claims in practice.