Jusletter IT

Understanding e-Democracy and Privacy – Reflections on Landmark Decisions of the German Constitutional Court

  • Author: Marie-Theres Tinnefeld
  • Region: Germany
  • Field of law: Legal informatics and administration informatics
  • Collection: Festschrift Erich Schweighofer
  • Citation: Marie-Theres Tinnefeld, Understanding e-Democracy and Privacy – Reflections on Landmark Decisions of the German Constitutional Court, in: Jusletter IT 22 February 2011
Der Beitrag befasst sich mit der eWahl-Beteiligung von Bürgern im Internet, insbesondere in sozialen Netzwerken. Gleichzeitig wird eine Entwicklung aufgezeigt, wonach Bürger ihr Grund-Recht auf Privatheit, das demokratisches Handeln erst ermöglicht, durch die freiwillige Preisgabe von persönlichen Daten im Internet gefährden. Seit 9/11 ist die Privatheit in Verbindung mit den politischen Grundrechten der Meinungs-, Informations- und Pressefreiheit auch durch eine zunehmende (heimliche) e-Überwachung der Bürger bedroht. In diesem Kontext stellt sich die Frage, ob die Enthüllungen bei Wikileaks, «the people´s right to know» staatliches Handeln in Krisenzeiten unterstützt oder gefährden. Auf der Folie internationaler und supranationaler Menschenrechtserklärungen, im Spiegel wesentlicher Entscheidungen des deutschen Bundesverfassungsgerichts werden die neuen Informations- und Kommunikationsbedingungen in der e-Agora untersucht und mit der Frage verbunden: «Ist Politik wirklich stark, wenn sie maßlos reagiert und den Kern der Privatheit und demokratische Grundrechte zugunsten einer (vermeintlichen) Sicherheit missachtet?»

Inhaltsverzeichnis

  • 1. Introduction and Background
  • 2. Landmark Decisions of the German Constitutional Court
  • 2.1. International Standards of Human Rights
  • 2.2. Constitutional Law in Germany
  • 2.2.1. Volkszählungsurteil
  • 2.2.2. «Großer Lauschangriff »
  • 2.2.3. Secret Online-Search
  • 3. Final Remarks

1.

Introduction and Background ^

[1]
Citizens of modern information societies have become reliant on modern communication technologies and the «always-on» mode of their daily life through the Internet. Individuals can now put themselves across publicly via MySpace, YouTube, Facebook and, soon, MyWorld as well. They can regain justification for their existence as political individuals in this way.1 This development has been recognized by President Obama during the US election process. Obama linked his practical political work with the virtual networks, such as Facebook.2 Jeffrey Rosen, a famous law professor at George Washington University (Washington D.C.) argues: «Facebook has more power in determing who can speak and who can be heard around the globe than any Supreme Court of Justice, any king or any parliament» Up to a certain extent citizens as individual Internet users have the opportunity to participate in free and fair elections; of course this opportunity is fundamental to democracy.
[2]
The Internet changes the way in which democracy operates. Information distribution becomes cheep and powerful. Of course some countries are still behind the others in terms of their information and communication technologies (ICT), but on the whole the internet becomes part of an e-Agora-Democracy, strongly related to freedom of speech and expression as well as to freedom of information. This model would seem to re-affirm democracy.
[3]
However, it is well known that anyone who puts himself into the media is exposed to observation and monitoring. For example Ars Electronica in Linz has focused strongly on the «goodbye privacy» theme in 2008. The «market value» of privacy, particularly among the younger generation, who are «digitals», it seems practically from birth (born digitals), seems to be falling.3
[4]
As a result of this change, The activities, opinions and habits of digital-citizens are generated as a result of this change and stored in the databases of the service-providers of Internet-communication. The citizen as a data subject will often lack the technical ability to comprehend the extent to which and the way in which his personal information is collected and how this information is stored, linked with other information and then disclosed to third parties.
[5]
Since 9/11 it has become apparent that trust in fellow citizens is progressively being eroded. Personal information is collected and mined. Citizens are sorted into different risk categories for the purpose of national security. All this has been used for preventive telecommunications surveillance.
[6]
Initially the supranational institutions of the EU were divided on the issue of preventive surveillance. They cited in particular the general Data Protection Directive (95/48/EC). However, in 2006, the prevention, detection and investigation of crime and terrorism led to the adoption of a Data Retention Directive (2006/24/EC), which is in force since January 2009.4 In the case when disaggregated personal communication information is centrally collected by providers for the purpose of defending terrorism, private citizens run the risk of being treated like criminals. The danger of mistaking information for knowledge is illustrated by the phenomenon of terrorism.
[7]
It is therefore essential to look at civil liberties, especially the right to privacy and self-determination on which freedom of opinion and speech depend. The value of privacy is instrumental in underpinning democratic institutions and practices. According to Spiros Simitis, loss of informational self-determination will always constitute loss of «democratic substance».5 That means that the digital-citizen must be in a position to recognize any restriction of his rights. He must be able to access its consequences. Privacy and its protection support an individual´s responsibility. In essence, no one can be denied access to civil rights. This right to access is not related to persons with a justified claim to citizenship or any other form of legal residency.6
[8]
The greatest gift of the classicaland contemporary ideas of democracy and human rights remains: the core values of the personality are inviolable. In several landmark decisions the German Federal Constitutional Court has addressed this question, particularly in the light of modern methods of automated data processing.7 In February 2008, the Court established a fundamental right to the «confidentiality and integrity of (personal) IT-Systems».8
[9]
The view of the Court took into account that the right of informational self-determination and privacy does not sufficiently protect the individual against the secret infiltration and search of «his” IT-System by the state or by third parties. Already in the famous census decision in 1983 the Court claimed that a certain degree of privacy is necessary to enable citizens to develop their own personalities and to participate freely without fear of prosecution in democratic politics.9
[10]
In 2009, the Court dealt with the question of admitting electoral computers and e-Voting in Germany. It was decided that the use of this technique in its present state is not allowable.10 This paper will outline briefly the basic concept of the Court´s decisions. It will analyse the consequences of increased privacy intrusions by the state or by third parties in regard to democracy and human rights.

2.

Landmark Decisions of the German Constitutional Court ^

2.1.

International Standards of Human Rights ^

[11]
Every known law culture is based on general statements about human beings, although these vary according to the society. The recent history of standards of democracy on the global level started with the Universal Declaration of Human Rights (UDHR) in 1948. Article 21 UDHR points out:«Everyone has the right to take part in the government of his country, directly or through freely chosen representatives. Everyone has the right to equal access to public service in his country. The will of the people shall be the basis of the authority of government; this will shall be expressed in periodic and genuine elections which shall be by universal and equal suffrage and shall be held by secrete vote or by equivalent free voting procedures.”
[12]
Democracy is strongly related to principles of human rights and cannot function without assuring full respect for human dignity. This is particularly true with regard to the right to privacy as a basic law for personal data use, especially on the Internet. Will we be passive in the face of technological development and even «determination», or do we have the vision to insist on rebuilding the privacy-sphere we started to lose in the information age?
[13]
Freedom of opinion and expression, including the freedom of information involves:«freedom to receive and impact information and ideas through any media and regardless of frontiers» (Art. 19 UDHR). This is one of the basic civil and political rights which plays an essential role in shaping anopen society.11 Both rights have the purpose of producing an«informed public» capable of«self-government» , as we see in the First Amendment to the US-Constitution. The U.S. Supreme Court stated:«The interest in encouraging freedom of expression in a democratic society outweighs any theoretical but unproven benefit of censorship.»12 In this sense the German constitutional Court stated that «enlightment» of the public needs the wide spread transmission of information. «Information is the oxygen of democracy.»13 In a democracy the press has a special function of informing the public.14 It is clear that undemocratic structures impede human rights. In regard to this, it is necessary to discuss the Wikileaks crisis.
[14]
The website of Wikileaks concerns information about the content of many thousands of secret diplomatic cables of the U.S.15 This website is hosted by several servers in the Internet. Amazon has annulled Wikileaks connections, as have the credit card companies MasterCard and Visa, all of them fearing support off illegal activity.
[15]
When informations are stored in centralized databases, they become more accessible to civil servants, to colleagues as well as strangers. This is just the case of Wikileaks: Government files were copied by a civil servant and given to the operator of Wikileaks. It is said that confidential government information could be accessed through the central data bank by 2,5 million civil servants. At this point former state secrets are being reported and commented on by such mayor newspapers as The New York Times, The Guardian, Der Spiegel, etc).16 Is the U.S. government justified in silencing media? Is there a transformation of state embedded public powers in power embedded states?
[16]
In the Information Age the concept of an informed public17 is not only connected to freedom of the press, but also involves the right to privacy. This right is anchored in the European Convention of Human Rights and Fundamental Freedoms (ECHR) of 1950 and, later on, in the basic law of the European states. Jochen Abr. Frowein, the renowned specialist on Human Rights comments thus on the privacy norm (Article 8 ECHR):«Since the second half of the twentieth century the right to privacy is the essential challenge to constitutional law in free countries.»18 In reference to the protection of personal data in private life the European Court of Human Rights points out in Article 8 ECHR: that«the term private life must not be interpreted restrictively. It includes the right to establish and develop relationships with other human beings […]».19 Article 8 corresponds with the special constitutional norms in the Treaty of Lisbon´s Charter of Human Rights (Article 7 and Article 8) Especially Article 8 points out:

(1) Everyone has the right to the protection of personal data concerning him or her.
(2) Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
(3) Compliance with this rules shall be subject to control by an independent authority.
[17]

Originally this article was supposed to start with a right to anonymity:«Everyone has the right of protection of her or his identity.»20 In this context the members of convention discussed the right of anonymous access to the Internet.21 There is no doubt that the protection of anonymous speech is vital to democratic discourse. As the U.S. Supreme Court already stated:«Anonymity is a shield from the tyranny of the majority […] It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation – and takes ideas from suppression – at the hand of an intolerant society.»

2.2.

Constitutional Law in Germany ^

2.2.1.

Volkszählungsurteil ^

[18]

The German Federal Constitutional Court defined informational self-determination (informationelle Selbstbestimmung) as a basic right.22 In its pathbreaking decision «Volkszählungsurteil» in 1983, the court postulated this in respect to human dignity (Article 2 (1) in connection with Article 1 (1) of the German Constitution (Grundgesetz). The court pointed out that the «new» fundamental right is essential for private live and for democracy.

[19]
The court´s decision was based on arguments in the article «The Right to Privacy» by Samuel D. Warren and Louis D. Brandeis23 and the input of Alan F. Westin. Westin defined in 1967 «information privacy » as«the claim of individuals, groups, or institutions to determine for themselves how, when, and to what extent information about them is communicated» .24
[20]
The German court demands basically that
  • personal data shall be processed only for a certain purpose and
  • that individuals have a right to know to what extent their data is processed (requirement for transparency),
  • that every interference by the state must be proportional.25
[21]
Human rights often collide with each other, for example the right to privacy with the right of free expression. Within this conflict the principle of proportionality plays a crucial part.
[22]
According to the court, the best way to protect privacy is to reveal only personal information really needed for a special purpose.26 Although there are many ways to identify a person, especially an Internet user, there are also several possibilities to stay anonymous or make identification significantly more difficult. The ways in which people try to provide for anonymity are very different. The most popular of this approaches seems to be the Tor (The Onion Router) Network.
[23]
«Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allows organizations and individuals to share information over public networks without compromizing their privacy.»27
[24]
With Anonymity there is the possibility that a person is able to protect and control her or his privacy. Personal freedom can thus be protected online and offline.28

2.2.2.

«Großer Lauschangriff » ^

[25]
In 2004, the court emphasized in the so-called decision «Großer Lauschangriff» (Great Eavesdropping Offensive)29 the fundamental nature of an individual´s right to be informed that he or she has been placed under (telecommunications) surveillance, even in times of terrorism. Part of this decision rests on:
  • the role that one´s home and its physical place plays in insuring «the right to be let alone.»
  • Information privacy as a basic right is necessary for the free development of a personality and of a liberal democracy.
[26]
In its decision on the «Großer Lauschangriff» the German Court emphasized that the constitutional protection of human dignity extends broadly to any situation, in which an individual «communicates with others».30

2.2.3.

Secret Online-Search ^

[27]
Information technique, now widespread and increasingly effective, enables secret online-surveillance and search of IT-systems (Trojan horses) by intelligence agencies. On individuals´ PC and portable devices can be found diaries, love-letters, health-data, accounts-data, mailing-lists and business reports, thus, key files to the person`s intimate sphere. Since the Volkszählungsurteil the German Court has been responsive to problems of the new technologies. On February 26, 2008 it created a new human right of the «confidentiality and integrity of IT-systems » under Article 2 (1) and Article 1 (2) of the German Constitution (Grundgesetz).31
[28]
The German Court wrote: ”The right of informational self-determination does not sufficiently take account of the dangers of a violation of an individual´s personality right resulting from the fact that individuals depend on the use of information technology systems for the development of their personality and therefore entrust to those systems and are even forced to populate those systems, with personal data. A third party with access to such a system is able to procure a substantial amount of crucial data and will no longer need to rely on further data-retrieving or data- processing measures. The impact of such access on the individual´s personality exceeds by far that of specific data collection as protected by the right to informational self-determination.”32
[29]
In its decision regarding e-voting, the court also reinforced democracy. When the citizen uses his PC to vote over the Internet to the special election-server, he must have protection from the so-called «drive-by -infection». Malware and Trojan horses are dangerous. The fundamental IT-right must be kept in mind.
[30]
As a result, security technology must guarantee:
  • Transparency (the use of security technology has to be apparent to the data subject.
  • Openness (Requirement for truthful information about the pros and cons of security technology in special contexts).
  • Careful Treatment (In cases where the identification of a specific individual is not necessary for security purposes, it must be avoided.
  • Respect for legal requirements (Security technology has to comply with legal requirements. For example, security technology must support the person´s rights of rectification, erasure or blocking the data in an e-democracy).
[31]
Consequently, security technology must be embedded in good privacy practice.
[32]
From the beginning, the court has pointed out the core value of private life based on human dignity, which may not be abridged. State and Society must respect a core area within which the individual can make decisions about his private life.33 In practice, of course, problems arise. Technical surveillance can unintentionally reveal personal data.34

3.

Final Remarks ^

[33]
Human dignity became a prominent legal term after World War II, and, according to the German Court, the highest legal and constitutional value binding state and society. However, in cases relating to terrorist acts are personal data subsumed under this core value? Are we speaking of an absolute right or a relative right?
[34]
Democracy cannot function without assuring full respect for human dignity. This is particularly true with regard to the right to privacy, especially on the Internet. To the degree that the Internet makes it hard for everyone to escape from the digital records of a person´s missteps in the past, it increases the susceptibility to being described out of the context in the future. In Cyberspace, the possibilities that personal information may be taken out of context continue to increase.
[35]
The right to privacy and freedom of expression have the purpose of producing an«informed public» capable of e-democracy.
[36]
In a lecture titled « The purpose of the state is the protection of freedom », Hans Jürgen Papier (former president of the German Constitutional Court) quotes the Dutch philosopher Baruch Spinoza (1670):«The final purpose of a state is not to rule nor to keep the people in fear nor to submit them to external violence but to free the individual from the fear so that he can live as securely as possible and so that he can fully assert his natural right to be and to act without damage to himself or to others.”35


Marie-Theres Tinnefeld, Professor; University of Applied Sciences München, Germany,tinnefeld@hm.edu

  1. 1 See, for example Doesinger, Virtually Home, in Eberspächer/Hertz (Eds.), 2008, pp. 29-37.
  2. 2 Cited after Miguel Held, Delete it or leave it?, Internationsla Tribune, December 13, 2010, p. 14.
  3. 3 Palfrey/Gasser. Generation Internet (2008), pp. 63-101. For a similar conclusion regarding the absence of privacy on the Internet, see Schwarz, Privacy and Democracy in Cyberspace, 52 Vanderbilt L.Rev. 1647 (1999).
  4. 4 See critical comments by Leutheusser-Schnarrenberger, ZRP (2007), p. 9.
  5. 5 Simitis, KritV 83 (2000), p. 365.
  6. 6 See Sakia Sassen: Digital Networks and the State: Some Governance Questions, Theory, Culture & Soc`y, Aug. 2000, pp. 19-34; Sassen, Das Paradox des Nationalen (2008), pp. 523-60.
  7. 7 BVerfGE 109, 279; W. Hassemer, EuGRZ (2005), p. 300 and p. 302.
  8. 8 BVerfGE 120, 274 -350= NJW (2008), p. 822.
  9. 9 BVerfGE 65, 1 (75).
  10. 10 See under:www.bundesverfassungsgericht.de/entscheidungen/cs20090303_2bvc000307.html . The decision is published under: K&R (2009), pp. 255-260 , DVBl (2009), pp. 511-516, MMR (2009), pp. 316-321, JZ (2009), pp. 566-572 and NVwZ (2009), pp. 708-715 For a further discussion about E-Voting and E-Security see Oppliger, digma (2008), pp. 82-85.
  11. 11 Popper, Karl: Die offene Gesellschaft und ihre Feinde, Band I, 6. Auflage, München (1980).
  12. 12 Osen, Janet: In the Battle of the Bits – Final Score: Internet I, Congress O, Network Security (1997) pp. 12-16.
  13. 13 See Article 19 – Global Campaign for Free Expression.
  14. 14 BVerfGE 20, 162 (174 f.) – Spiegel; BVerfGE 117, 244 – Cicero.
  15. 15 http://wikileaks.org ; seehttp://en.wikipedia.org/wiki/Wikileaks ;www.lawblog.de/index.php/archives/2010/12/07/kriegsgerat-serverplatz/ .
  16. 16 See par example Der Spiegel, Enthüllt. Wie Amerika die Welt sieht (2010), pp. 21-27.
  17. 17 Rossnagel, MMR (2007), p. 16.
  18. 18 Frowein, in: Frowein/ Peukert (Eds.), Europäische Menschenrechtskonvention, EMRK-Kommentar, 3. Aufl. (2009), Art. 8 Rdnr. 1.
  19. 19 ECHR, 16.02. 2000, Amann vs. Schweiz, § 65 (OJZ 2001, p. 71).
  20. 20 See CHARTE 4123/1/00 REV 1 Convent 5.
  21. 21 See Bernsdorff/Borowsky, Charter der Grundrechte der Europäischen Union. Aufzeichnungen und Sitzungsprotokolle (2002), p. 155.
  22. 22 BVerfGE 65, 1.
  23. 23 Warren/Brandeis: The Right to Privacy, 4 Harv. L. Rev. (1890) pp.193-197.
  24. 24 Westin: Privacy and Freedom (1967).
  25. 25 BVerfGE 65, 1 (43).
  26. 26 BVerfGE 65, 1
  27. 27 Tor: anonymity online:www.torproject.org/ .
  28. 28 See Brunst, Anonymität im Internet – rechtliche und tatsächliche Rahmenbedingungen (2009), pp. 225-234..
  29. 29 BVerfGE 109, 275 (314); BVerfGE 65, 1 (46).
  30. 30 BVerfGE 109, 275 (279).
  31. 31 BVerfGE 120, 274-350.
  32. 32 Id. Part. 200. See Hoffmann-Riem, JZ (2008), p. 1009 (1010); Petri DuD (2008) p. 443; Rogan (Ed.): Online-Durchsuchungen – Rechtliche und tatsächliche Konsequenzen des BVerfG-Urteils vom 27. Februar 2008 (2008). Uepmann-Wittzak (Ed.), Das neue Computergrundrecht (2009).
  33. 33 BVerfGE 6, 31 (41); BVerfGE 109, 279 (311).
  34. 34 See Papier: Das Volkszählungsurteil des Bundesverfassungsgerichts, in: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, Dokumentation, 1. Auflage (2009), p. 15 and p. 22; Tinnefeld, DuD (2009), pp. 490-494.
  35. 35 Spinoza, Theologisch-politischer Traktat (1670), p. 20.