The German Informatics Society (GI) has come out against a draft bill which would require all providers of telemedia services (telcos, ISPs and social media platforms) to breach the password security of their users. 

The Federal Ministry of Justice and Consumer Protection has published changes to the German Telemedia Act in order to “combat right-wing extremism and hate crime” which would require all providers of telemedia services to transmit confidential passwords of their users, “with which access to terminals or storage devices […] is protected”, to law enforcement agencies, danger prevention agencies and intelligence services without a court order.

GI’s Presidential Working Group “Data Protection and IT Security” believes that the proposed regulation on password issuance irreparably endangers Germany’s IT security and rejects any softening of the confidentiality of passwords.

GI Vice President, Alexander von Gernler, said: “We are expressly committed to consistently fighting right-wing extremism and hate crime on the Internet and to prosecuting them under criminal law. However, the draft law presented disproportionately softens our basic values: Confidential passwords, private keys and similar mechanisms are fundamental to data protection and IT security. There is a consensus among experts that such highly sensitive data must not be allowed to leave the sphere of influence of the respective user without exception, because otherwise its use and disclosure can no longer be controlled and the door is opened to misuse,” he said.

The Bureau’s working group stresses that the new rules should not jeopardise the security of data and communication processes in and with authorities, companies and private individuals. 

“If passwords were accessible or researchable, as provided for in the planned regulation, criminals would also be able to read passwords at any time and read and manipulate files and communications at will (e.g. sensitive health data). This would immediately create a black market for passwords. The damage to society as a whole and to individual citizens would thus be far greater than the unclear benefit for law enforcement of the inappropriate regulation,” he said.