[BlueOnyx:22111] Re: DSGVO (OT - general discussion)

[Michael Stauber]

Hi Ken,

> I find it strange that someone visits my website, using 
> an IP address from an ISP's allocated IP address space, and
> hypothetically I could through lawful means compel the ISP
> to reveal to  me account details like name and address of
> the ISP customer corresponding to that IP address at the
> time of the website visit.  And is the court worried that
> I can obtain those details, which are surely personal data?
> No, the court is worried that I retain a logfile showing what
> IP address visited my website.

Yeah, the whole issue is entirely absurd. The crux is: The
GDPR-regulation and the German DSGVO are really ambiguous. They don't
specify hard details, limits or present workable examples. Instead they
wallow in generalizations. It's not just this regulation or law, but our
lawmakers - in general - do it this way to prevent that a layman can
understand the full scope of them by himself.

It's then up to the courts to establish the cold and hard facts of what
is allowable and what is not. It keeps our lawyers supplied with bread
and butter, right? Not just this decade, but also the next.

Take this ruling about "are IPs personal data" and the other ruling
about the "7 day logfile retention". Both cases are entirely different
and unrelated and deal with very specific circumstances unique to the
respective cases. Each of the two court rulings apply to the specific
case only.

However: Any future court case with related circumstances will take them
as a reference and will orient their own court ruling along those lines
to avoid controversy.

Say you have a legitimate reason to keep unredacted logfiles for longer
than 7 days? If you can justify it, then you're welcome to try. But you
need to be ready to be challenged in court to make your point. And as
it's usually the case: It will not start and end at the district court.
It goes through revisions and contestations and might go all the way up
to the federal supreme court or even the European Supreme Court.

That's a risk nobody in his right mind is willing to take, correct? So
everyone is like "Ah, shit ..." and swallows the ridiculous 7 day rule
because it's the safest way out, as *this* boundary has already been
established. Not by law, but by court findings.

> Not sure if it mattered that the website in the court case was a government website.

I think it wouldn't have mattered if it had been otherwise. Except that
a semi-private blogger or a small business entity wouldn't have had the
cash to contest the district court ruling all the way up to the federal
supreme court. They would have taken the hit and would even have settled
out of court just to avoid the bother. We have law firms in Germany that
do nothing else but send warnings with penalties. Hoping the cases never
end up in court. They are dancing in the street because of this
ridiculous DSGVO will line their pockets without ends.

> Also I am in the US, and here the most likely reason for serving an 
> ISP with a court order to obtain customer account details
> corresponding to an IP address would be some sort of criminal activity
> like trafficking in child porn, soliciting minors online for sex,
> plotting a terrorist act, ....  And the entity wanting the information
> would be law enforcement.  I guess everybody has stuff like Facebook
> and Cambridge Analytica on the brain now, rather than kiddie porn or
> terrorists.  Or copyright trolls and bootleg music, that's ancient
> history.
>
> Germany seems to be an outlier in all this, I saw an article recently
> about Facebook "deletion centers" in Germany, with the largest one in
> Berlin employing over 1,200 "content moderators".

Yeah, I'm also shaking my head about all this, because these laws,
rulings and practices are horribly ill thought out and ridiculous.

Let's stay with the German example. Our "Grundgesetz" (which is our
Ersatz-Constitution and a leftover from the occupation after WWII)
regulates freedom of expression in Article 5:

---------------------------------------------------------------
(1) Everyone has the right to freely express and disseminate his opinion
in word, writing and image and to inform himself freely from generally
accessible sources. Freedom of the press and freedom of reporting by
radio and film are guaranteed. There is no censorship.

(2) These rights find their limits in the regulations of the general
laws, the legal regulations for the protection of the youth and in the
right of the personal honour.

(3) Art and science, research and teaching are free. Freedom of doctrine
does not release us from loyalty to the Constitution.
---------------------------------------------------------------

This sounds good on paper, but it didn't stand the test of time. For
example the criminal law (StGB, especially §130) defines heavy penalties
for racist, religious and ethnic defamation, attacks against human
dignity, holocaust denial, calls for violence against individuals or
groups and a whole host of other things. In theory this might be OK, but
the problem is always the interpretation in court and often these days
people are strung up for things they said that were perfectly acceptable
a decade or two ago.

Penalties range from 3 months to 5 years and include heavy fines. This
leads to situations where rape of a minor might be charged with two
years on probation and (actual example) a case where a 89 year old lady
who denied parts of the holocaust just got four years in the slammer.
I'm not defending her views in the least, but I wonder why "mental
illness" and "sensitivity to incarceration" (yes, that is an actual
thing!) is often used as an excuse to lower sentences, but in her case
it's not. Here the state is willing to let someone die in prison because
she's having an 'uncomfortable' or outright wrong opinion.

In Germany Merkel's policy of unrestrained, unvetted and unlimited
immigration of unqualified and even entirely undocumented "refugees"
(which most of them are not) has lead to far spread dissent and the rise
of a new political party who's actually the only one now in parliament
that's actually against this madness. The "political" discourse has
descended to levels of name calling and established parties are using
methods against the new opposition which are right out of the handbook
that the Communists and Nazis used against their political opponents,
who aren't entirely free of blame either.

So Facebook, Twitter and the comment section of online publications
became battle zones between regime-supporters and the opposition, but
also between neighbours, relatives and people without even a nodding
acquaintance.

Enter the "NetzDG"-law which is supposed to be directed against
agitation and fake messages (Fake News) in social networks. And
'deletion centers'.

> Having "deletion centers" seems very  Orwellian.

It sure is! It's right out of the Nazi or Communist handbook if you ask me.

> I'm not sure which is more disturbing, the fact that we have
> government mandated deletion centers, or that social media
> has so much objectionable content that we need deletion centers.

Indeed! Now here is the total absurdity of this NetzDG-law that did lead
to these deletion centers:

Imagine someone says something that *might* be illegal or criminally
punishable on Facebook. What would the normal and 'intelligent' way be
to deal with that?

How about this: Someone calls the police, the police investigates,
collects the evidence, hands the case to the prosecutor and it goes to
court. The court decides if it's a criminal offense or covered by free
speech and the offender also gets his right to 'habeas corpus' and the
opportunity to defend himself with the help of a qualified defense
council.

How the NetzDG made it: Outsourced hired help at some subcontractor of
Facebook now scans Facebook comments and posts. Within 2-5 seconds the
hired help (on minimum wage) has to decide if that message or comment is
"OK" or not. If it's not, it's deleted and/or the "offender" is punished
with a ban ranging from a 24h suspension to a complete suspension from
the platform. If *you* as a user have a problem with that, then you can
sue Facebook on your own time and dime.

Now *IF* someone really said something illegal? In *that* case Facebook
just aided and abetted a criminal by covering up evidence, hiding the
offense from public view *and* from prosecution.

Someone please tell me why *that* is the new 'normal', as I don't get it.

German federal law says: "There is no censorship" and that we do have
the right to freely express ourselves. Both are thinly veiled lies,
devalued in subordinate criminal laws or government demanded and
corporately enforced censorship.

Same with the DSGVO: You are being criminalized for sharing client data
with third parties - even if it was an accident. Local governments still
retain the ability to share all your data with commercial third entities
such as the GEZ (television billing provider), Schufa (commercial credit
rating agency) or collecting agencies.

Likewise: Google and Apple still track every move our smartphones make,
Amazon.de (the German subsidiary) still has my *entire* shopping history
since 2002 stored (including for items whose warranty expired 16 years
ago) and nobody has a problem with *that*. But every
mom-and-pop-coffee-shop now has to sanitize server logfiles after seven
days and has to pro-actively document their full GDPR/DSGVO compliance.

Why is that so? The book "Animal Farm" has the answer: "Some pigs are
more equal than others." /shrug

-- 
With best regards

Michael Stauber