Penetration Test - Jan Kahmen - December 1, 2021

What does the Coalition Agreement say about Cyber Security and Digital Civil Rights?

what_does_the_coalition_contract_say_about_cyber_security_04084b656d

The new coalition agreement aims to strengthen the law on the Internet and advance society in terms of cyber security.

Table of contents

Cyber Rights and the new Coalition Treaty

The new coalition agreement aims to strengthen rights on the Internet and move society forward in terms of cyber security. This step is necessary because since September 11, 2001, surveillance of citizens has been steadily intensifying. The traffic light coalition has set itself the goal of stopping this and - where possible - correcting it. To strengthen rights on the Internet, this new approach aims to adjust numerous factors: From data retention to user verification to state Trojans. Important: The new coalition agreement focuses on the law on the Internet. It is therefore not about enforcing laws that violate European law or reforming the Federal Intelligence Service. The traffic light coalition has refrained from these plans. Instead, the new measures are intended to provide greater security for private individuals and companies. This makes the treaty an important basis for the future legal situation on the Internet.

This is to come: Right to Encryption and Fast Closing of Security Gaps

The right to encryption is an important aspect for general law on the Internet. That is why the coalition agreement addresses this project, among others, and directs its focus more strongly on it. Also required is effective vulnerability management, such as is possible with the help of our pentests. The coalition agreement sees this task falling to the state itself, which must create the possibility of genuine and encrypted communication. To strengthen this area, one approach is to separate parts of the Federal Office for Information Security (BSI) from the Ministry of the Interior. This would ensure that advice or vulnerability research is in the hands of independent experts.

Another important point for the law on the Internet is to close security gaps as quickly as possible. Government agencies that are aware of just such vulnerabilities should contact the BSI directly. It would then be possible to have the IT systems subjected to an external audit by independent experts. The crucial thing, however, is that the BSI should pass on these reports to the companies.

Accumulating and slowly working through them is categorically ruled out for effective vulnerability management. Rather, according to the coalition agreement, the goal is to eliminate potential attack surfaces as quickly as possible. Buying security gaps and deliberately keeping them open is an obstacle to strengthened law on the Internet. This should no longer be the practice.

This is exactly what the Coalition Agreement says

The coalition agreement is a new approach to securing the law on the Internet. It aims to ensure data security as well as security for businesses and individuals. In doing so, it identifies numerous fundamental factors that will ensure greater IT security and support digitization in Germany:

  • Digital civil rights and security in IT: The aim of the new treaty is to strengthen online security and digital civil rights. This includes the right to encryption, but also effective vulnerability management. This is the only way to implement the "security-by-design/default" requirements. In principle, manufacturers are liable for IT vulnerabilities that could cause problems in their products. This aspect also includes the cybersecurity strategy as well as IT security law.
  • Data use and data law: with a basic and comprehensive data infrastructure, the collected data offer extensive potential. They support numerous tools in business, science and civil society. For this reason, it is important to create better access that promotes start-ups and SME companies in particular. Necessary for this are excellent cloud security and end-to-end data availability and standardization.
  • Digital society: Digital policy projects are also to be facilitated with the help of the coalition agreement. They form the basis for the law on the Internet and enable the desired freedom of communication. In addition, they support clear reporting procedures and the implementation of numerous research projects. However, it is important for law on the Internet to promote data security. And likewise, to take all measures for end-to-end security.
  • Key digital technologies: a strong technology location not only needs talent to be fit for the future. Rather, it needs to create the legal foundations to drive key technological innovations. Internet rights must go hand in hand with these new methods. Transparency and progress should be ensured through cooperation with other European countries.
  • So all of this content supports the EU AI Act. Importantly, however, a multi-level, risk-based approach is intended to help secure civil liberties on the Internet. In this way, innovation should be encouraged and discrimination minimized in order to strengthen digital civil liberties in the long term.

White Hacking and Security Vulnerabilities

According to the new coalition agreement, additional IT security research should ensure stable law on the Internet. This would make it far easier to identify security vulnerabilities in systems, report them and close them. This would mean that attack simulations such as pentests, which provide more security for companies, could always be carried out completely legally. Since such tests are currently in a gray area, the colloquial hacker paragraph in the penal code needs to be adapted. The same applies to uncovering security vulnerabilities on one's own. White hacking would thus be legitimate in the future. It could be usable without further concern to eliminate security vulnerabilities. The use of state Trojans should not be completely stopped in this context. However, the intervention thresholds are to be higher in order to guarantee the rights of all on the Internet. With this plan, online searches will continue to be possible in accordance with the requirements of the Federal Constitutional Court. At the same time, the coalition wants to create a legal basis for the controversial hacker authority Zitis. This would enable parliament and the data protection supervisory authorities to implement seamless monitoring. In the development of surveillance tools, on the other hand, everything remains unchanged.

Rights on the Internet - This is how Digital Civil Tights should Proceed

An important principle for the right on the Internet is to guarantee the right to anonymity, as in public space. At the same time, biometric recognition and an automated government scoring system are to evolve. In contrast to what was proposed in 2010, the storage of data should already ensure sufficient efficiency. The extent to which this form of data retention is possible depends, among other things, on a pending ruling by the European Court of Justice. However, it is important to note that data should always be stored on an ad hoc basis and not arbitrarily. With a high level of cloud security and regular checks for IT vulnerabilities, such a plan would be entirely desirable. Another interesting approach to protect civil rights on the Internet is the so-called login trap. It can serve as an investigative tool and identify both perpetrators and offenders in a way that protects fundamental rights and is freedom-oriented. As a result, it could support democracy and data security in equal measure and remain viable in the future.

Conclusion - The Coalition Agreement on Internet Law and IT Security sounds Promising

The new coalition agreement is an important step for law on the Internet. A uniform interoperability commitment for Europe is also to be part of it. The goals of this resolution are broad: they safeguard communications secrecy, increase data protection and IT security, and ensure end-to-end encryption. This makes the envisaged right on the Internet an important milestone, and not just for digitization in Germany. The many good approaches to better IT security law give us hope that the coalition agreement will live up to its claims in practice.

Contact

Curious? Convinced? Interested?

Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: