LaForge's home page (Posts about politics)

Ramblings on German battery law

Harald Welte — Mon, 05 Sep 2011 19:00:00 GMT

Germany has laws for everything, including batteries (Batteriegesetz).

In order to be able to e.g. import products with batteries from outside the EU and sell them inside Germany (or the EU), you need to be registered as a battery manufacturer/importer. You also need to become member of one of the registered/accredited companies that take care of recycling the batteries (i.e. put small boxes in supermarkets where people can put their old batteries).

What's funny is that there is absolutely no lower boundary for that for small businesses. What that means for my company: I need to pay 1 Eurocent for each LiIon powered mobile phone to that recycling company.

I guess at current estimated volume, we will have to pay something like 1 to 2 EUR every year. The recycling company won't even send us an invoice if the amount is < 20 EUR total.

So all this comes down is an exercise in buerocracy. We need to send a monthly report on the quantities every month, and there's a hard deadline that needs to be followed.

Furthermore, we need to put fancy stickers on each of the battery, covering at least 3% of the battery surface. That means opening every box, removing the battery from packaging, putting the sticker on it and re-packaging the box. Modern batteries normally have the symbol printed by the manufacturer, but we're talking about Motorola C1xx phones that have been produced from 2005 to 2008 here.

I certainly don't object to manufacturers or importers having to pay for the recycling. But if recycling is actually that cheap, and we're talking about single-digit EUR amounts per year, the administrative overhead (time needed for making the monthly reports, putting stickers on the batteries, etc) costs something like 100 times the actual recycling cost. Is that really worth it? Why not have a lower threshold for small businesses?

US government closing data centers and give up their independence

Harald Welte — Wed, 20 Jul 2011 19:00:00 GMT

Sometimes I really think I must be dreaming. Who in their right mind would propose something like closing something like 800 government-owned data centers and outsourcing all the data to the cloud?

As a government, you

make yourself dependent from a private company to supply essential infrastructure
introduce single points of failure (technically, administratively)
previously, you had 800 data centers, maybe each of them not as reliable as the advertisements of the cloud provider - but it is unlikely that all of them go down at the same time
give up control over who physically owns and has access to the data
In fact, you will have a hard time even finding anyone at all who can tell you where your data is physically located. Maybe even out of the country?

Now you can argue that all those things can be put down in contracts as service level agreements (SLAs). That's true, but as we say around here: Paper is patient, meaning no paper is going to help you after data has been copied or was lost, and if you suddenly fail to provide basic services of the public administration.

The distributed nature of self-hosting your data and applications has key advantages in terms of security and reliability. Why would somebody give that up without a broad discussion? And we're not talking about some private company where nobody but their shareholders care if they loose data or go out of business. We're talking about the public administration here.

People seem to have lost perspective on the overall advantages of a heterogeneous, distributed setup.

PTB kann nicht nur Wahlcomputer nicht prüfen, sondern auch Spielautomaten

Harald Welte — Mon, 18 Apr 2011 19:00:00 GMT

To my non-german-speaking blog readers: Deep apologies, this one makes more sense in German. It will remain an exception in this blog.

Eine Gruppe von namhaften öffentlich bestellten und vereidigten Sachverständigen hat ein 25-seitiges Positionspapier herausgegeben, das erläutert, wie die Untätigkeit oder Unfähigkeit der PTB (Physikalisch-Technische Bundesanstalt) dazu führt, daß die gesetzlichen Bestimmungen zur Spielsuchtbekämpfung unterlaufen werden.

Die von der PTB herausgegebenen technischen Richtlinien entsprechen nicht dem Stand der Technik. Nicht nur das, sondern es werden auch noch Sachverständige zugelassen, die sich nicht auf dem Gebiet der Informationsverarbeitung (IT/EDV) auskennen.

Das erinnert mich 1:1 an die extrem peinliche Rolle der PTB im Bereich der Wahlcomputer. Zur Erinnerung: Eine Behörde, deren Vorschriften nicht im Entferntesten geeignet sind, die komplexen informationstechnischen Systeme in adäquater Weise zu prüfen. Eine Behörde, die ihre Prüfvorschriften nicht herausrücken wollte, und deren Prüfberichte nicht veröffentlicht wurden - schließlich wiegt das Geschäftsinteresse der Hersteller schwerer als das Interesse der Bürger an transparenten Wahlen, nicht wahr? Erfreulicherweise hat uns das BVerfG bis auf weiteres von Wahlcomputern befreit, und damit auch die Frage erübrigt, ob die PTB qualifiziert ist, Regeln in diesem Gebiet zu erlassen und/oder Geräte zu prüfen.

Man sollte einfach eine Abteilung für die Prüfung der Spielgeräte beim BSI einrichten. Man kann vom BSI halten, was man will - aber man arbeitet dort einfach auf einem ganz anderem Kompetenzniveau. Man sehe sich die umfang- und detailreichen technischen Richtlinien zur De-Mail an. Da hat jemand über Nachvollziehbarkeit und Sicherheit von IT-Systemen nachgedacht, der wirklich Ahnung hat. (ganz unabhängig davon, ob das System an sich für den Bürger nützlich ist)

Die PTB mag sich ja mit der Eichung von Messgeräten und ähnlichem auskennen - zumindest als es noch um mechanische Waagen oder so geht. Der Name sagt ja schon technisch-physikalisch, nicht etwa Soft-und Hardware von Informationssystemen. Aber genau um letzteres geht es bei den Spielgeräten heutzutage: Moderne Computer, mit komplexer Hardware und Software.

A US professor who was warning the Indian Government about lack of IT security in Voting machines is being deported from India

Harald Welte — Sun, 12 Dec 2010 19:00:00 GMT

According to news reports, J Alex Halderman is refused entry into India and will be deported from the country upon entering. He is one of the authors of the study India's EVMs are vulnerable to fraud which a number of international experts on electronic voting machine security had published in order to warn the Indian government about the flaws in their voting machines.

This is outrageous. Instead of trying to keep those researchers out of the country, the Indian government should invite those experts (who are giving free advice about IT security problems) and have them do a detailed analysis and start an official investigation into why and how the existing machines could ever be used for election purposes.

It seems like the authorities in question have absolutely no clue on how proper incident response is being done. You don't get people to trust your system if you jail activists who outline flaws in voting machines and try to keep foreign experts out of the country. Trust has to be earned. And if there is some serious incident, a public investigation should be started, open to all experts in the field. Trying to cover up by ignoring results of IT security research (academic or otherwise) will not make the system more secure. All this will help is to further undermine trust in the system.

I would like to use this opportunity (and my upcoming trip to FOSS.in/2010) to call upon all my Indian friends: Don't just sit there idle and allow your government to get away with this. The public needs to know how trustworthy the voting machines are. If there are serious objections by academic experts in the field, the system needs to be updated/upgraded or even abolished altogether. Elections are the foundation of a democracy, their results cannot be entrusted to technology that has never received public and independent scrutiny.

UPDATE: It seems that according to indianevm.com, he was only held for 18 hours and later permitted entry into the country. While this is good news in general, it remains unclear why they held him for deportation in the first place, and why the Indian Electoral Commission is so nervous about anyone doing legitimate research on the security of electronic voting in India.

India jails activist doing research on weak voting machine security

Harald Welte — Sat, 21 Aug 2010 19:00:00 GMT

According to several sources such as indianevm.com, Hari Prasad was being arrested. He is part of a team of IT security researchers that gathered evidence to demonstrate how incredibly weak the security of India's voting machines is. For more details, read the indianevm.com article linked above, and the various quotes/links in it.

This is very upsetting. They should jail those who have authorized the deployment of such an insecure system in the first place. Those are the people responsible - not some researchers who go out of their way to uncover the technical problems to warn the general public about the inherent risks of this technology.

I sincerely hope that the authorities will understand the grave mistake they're doing here. Don't shoot the messenger. It's not his fault that engineer, engineering management and/or regulatory government authorities have permitted such a system in the first place.

German regulatory authority spectrum auction fails achieving its goals

Harald Welte — Tue, 13 Apr 2010 19:00:00 GMT

Right now as I am writing this, the German federal regulatory authority for networks (Bundesnetzagentur) is running an auction for many frequencies in the 800MHz, 1.8GHz, 2GHz and 2.6GHz spectrums.

Officially they claim that the purpose for those frequencies is to improve broadband coverage and close the white spots on Germany's map where no broadband Internet access coverage exists today.

And how do they think to achieve this? By giving nation-wide licenses on that spectrum to the existing cellphone operators.

That's nothing but a contradiction in terms. If they were really serious about closing the so-called white spots on the broadband coverage map, they should give licenses not on federal, not even on state but on municipality level.

The large operators have no interest in bringing coverage into areas that are only sparsely populated. They want to get the largest number of subscriber with the least investment in their (overpriced) infrastructure.

Only small, local or regional companies have an actual interest in improving the broadband coverage in their own region. They understand their local market, they are in contact with the population and regional businesses. They can use much cheaper equipment since they are not part of a large inflexible traditional operator.

However, without providing smaller-areas licenses in any part of the useful spectrum, the German regulatory authority fails to even give a chance to such small/regional companies.

It all smells like the regulatory officials have been bought by the existing carriers/operators. There seems no reasonable other explanation to me.

German constitutional court hearing on data retention

Harald Welte — Mon, 26 Oct 2009 19:00:00 GMT

On December 15, there will be a court hearing by the German Constitutional Court (Bundesverfassungsgericht) on the law on data retention which was enacted in 2007 and has been valid since January 1st, 2008.

This law requires any communications network operator to keep digital records of every voice call and e-mail, including sender and all recipient addresses.

This law was required by the European Union Directive 2006/24/EG, one of those paranoid reactions against the perceived threat of terrorism. Laws implementing this directive in the EU members Romania and Bulgaria have already been invalidated by their respective constitutional court.

In Germany, more than 34,000 (I'm not kidding) people have filed a constitutional complaints against this law. This is the first time that such a significant number of individual citizens has ever made constitutional complaint. Only the documents about power of attorney have filled 12 large boxes, each with many folders. As you could probably guess by now, I'm one of those plaintiffs.

As an interim solution, the constitutional court has already decided on March 19, 2008 that such data can only be used under special circumstances, such as only certain criminal offenses, and only if there is already a very strong initial suspicion, and if there is close to no other way to prove or deny the allegations brought forward by the prosecutor.

I hope the court hearing on December 15 will bring the court closer to actually ruling on this case. This has been dragging on for a long time now.

Just like when the constitutional court had a hearing on voting computers, I am planning to be in the audience and want to see live what the constitutional court does with regard to matters that I strongly care about. I hope my registration will make it in time... given the number of plaintiffs I suppose there will be many more people interested in attending the hearing than they have space. Which raises another interesting issue: I suppose if you are an actual plaintiff, it would be weird if a court refuses you to be at the actual hearing. But which court would hold > 34.000 plaintiffs? ;)

True heroes at the German constitutional court

Harald Welte — Mon, 16 Mar 2009 19:00:00 GMT

For many years, especially ever since 9/11 in 2001, German governments have been pushing very hard for so-called security legislation, removing civil liberties and enhancing the surveillance capabilities of the various government agencies.

The only sensible response is not coming from _any_ political party in the opposition. Neither the self-proclaimed civil liberties friends of the FDP nor the Green party are cutting it.

This, by the way, extends beyond just security/surveillance related legislation, but also e.g. with regard to the use of voting machines in federal elections. Only recently the constitutional court decided that the legislation as well as the actual devices used in the last election were unconstitutional.

The only people involved in the public debate who show a lot of reason are the judges of the German constitutional court (Bundesverfassungsgericht). Particularly the president of the court, Hans-Juergen Papier is a true hero to me, constantly fighting for the values of our constitution - not irritated by the general mood of the day or any hectic political activism by the government.

What is even more surprising: Mr. Papier is himself from a conservative political background: The Bavarian CSU party.

In recent times, there is an actual fight between Mr. Papier and our ultra-conservative home minister (Schaeuble). Mr. Schaeuble is now going as far as to publicly stating things like 'those who want to be part of legislation should aim for becoming of parliament' or 'i have doubts on how far it is constitutional what the constitutional court is doing'.

This is just unbelievable. How can the government afford to have a minister who openly doubts the legitimacy of the decisions of the highest body of justice in this country? If people really cared about justice and our constitution, it should be immediate grounds to dismiss this minister.

Hearing of German Constitutional Court on voting machines

Harald Welte — Mon, 27 Oct 2008 19:00:00 GMT

Today was a public hearing of the German Constitutional Court (Bundesverfassungsgericht) on the subject of the use of voting machines in elections of the German parliament.

I've been anticipating this for quite some time. The plaintiff, Dr. Ulrich Wiesner, has been investigating the subject for a long time, just like the CCC has been doing a lot of theoretical analysis as well as practical hands-on hacking of the respective voting machines (actually, rather, Voting computers).

As most readers of my blog will be well aware, voting using electronic devices, or even more so computers driven by actual software, raises an almost unlimited number of concerns. Both software and hardware manipulations could have tremendous effects on the final result, no regular citizen or even most IT security experts can actually observe the counting of votes and guarantee the correctness of the results.

The hearing of the constitutional court was for clarification of further questions of the judges to both the plaintiff, the defendant (the German parliament and Ministry of Interior) as well as three independent expert witnesses. While the CCC has earlier been asked by the court to provide an expert study, it was not officially invited to be questioned at this hearing.

Nonetheless, three senior members of the Berlin CCC (me included) were present in the audience and following the hearing with great anticipation. It was my first 'live' experience at the constitutional court, and I have to say I am no less than impressed. Intellectual discourse on a very high level. The judges were asking very thoughtful and precise questions, were asking for explanations without mercy ;)

I think the legal representation of the plaintiffs (including a senior legal scholar) was excellent. Good arguments, very eloquent. The various defendants (ranging from representatives of parliament, ministry of interior, the government agency in charge of certifying the voting machines (PTB), as well as the senior election official of the state of Hessen) were making much less impressive performance.

And at the end of the day, I still cannot get why about every consumer electronics device, from mobile phone to digital TV receiver to game console has about one lightyear more security architecture than the machines that are used to count the votes. No hardware-crypto engine, no encrypted JTAG, no signed bootloader and software (plus automatic mask-rom based signature verification). Plus officials in the public administration who think the trade secrets of the vendor of the machine is more important than the public interest..

I think the judges very well got that point. You could literally see their disbelief in situations like when it was outlined to them that only the vote-counting machine has to get type approval, but not the PC + software that is used to program the particular election into the vote-counting machine, neither the software used to read out the memory modules and summarize the votes of multiple voting machines. So not even those insufficient small amount of testing and certification that exists does extend to the entire system, rather just to the input unit.

We'll probably have to wait for some more months (at least weeks) to see the result. I definitely remain very optimistic that the constitutional court will prevent the worst problems of the current situation. I don't think they will completely close the door for voting machines, but at least raise the bar for any such future system very high in order to achieve a level of transparency and trustworthiness similar to that of the traditional paper ballot vote.

To me, for a long time, the constitutional court is the single remaining still functional and trustworthy entity in the Federal Republic of Germany. It is the last bit of hope against the constant battle of the government administration[s] against civil liberties, post-9-11-security, surveillance/intelligence particular in 'new' technology.

Flying from Berlin to Brussels without showing any ID

Harald Welte — Thu, 21 Feb 2008 19:00:00 GMT

It was really surprising to see that there was absolutely zero control of any ID on the flight between Berlin and Brussels. I'm well aware of the marvels (and data protection nightmares) associated with the Schengen agreement. However, zero form of identification on air travel was really a big surprise to me. Not even my flights inside Germany had this 'feature'

How did this work? First of all, I booked the tickets through a travel agent quite some time in advance. No form of ID required (though he has my banking details). Next, I did a Lufthansa online check-in from my home, printed the boarding pass. On the airport, used the self-service luggage drop-off counter. Then directly went to the security check, and then to the gate. During the entire time, nobody asked for any form of ID.

So if I did buy the tickets on cash rather than with bank transfer, it would actually still be possible to travel under false name and thus anynomously. Amazing. Am I missing something?

Disrespect for election observers in Hessen

Harald Welte — Sun, 27 Jan 2008 19:00:00 GMT

My fellow friends from the CCC have tried their best to observer the elections in Hessen (Germany) yesterday. The amount of resistance they've met is more than shocking. If you want to read more about this (in German), I'd suggest reading Frank's blog entry, Holger's blog entry and the official CCC release on this subject.

In fact, in some of the municipalities the election supervisors have received official statements warning them about the CCC's intention to disturb the elections. What nonsense is this ?!?

Having been part of a CCC election observer team in the past, I can only state that this is beyond anything that we've seen before. Why would there be any resistance against quiet and peaceful observation of the elections?

The CCC election observers have absolutely zero history of ever having disturbed an election in any possible way. I'm sure you can ask about any municipality that has had first-hand contact about this. We know the laws and regulations very well, and want to do nothing else but to _observe_ the

Securitization

Harald Welte — Sat, 19 Jan 2008 19:00:00 GMT

As a friend of mine (who has studied political science) recently told me about the process of securitization. Finally I know a word for the process that seems so commonplace in todays politics: Framing something that is actually a minor problem with some criminals into a question of essential survival, thus eliminating any rational debate about it.

Overwhelming participation at Demonstration against Germany's new surveillance laws

Harald Welte — Sat, 22 Sep 2007 19:00:00 GMT

On Saturday, I attended the Freiheit statt Angst demonstration in Berlin, which aimed at protesting against the various new laws and regulations increasing the surveillance of the German government on its citizens. I assumed it would be again one of those niche events like the demonstrations against software patents, with some 200 people. To the contrary! The organizers counted 15,000 demonstrators, and even the police's initial estimate at the beginning of the demonstration was 8,000.

This really is a big step forward. Apparently it's not only the "generation Internet" that is sick of the ever increasing cut down on civil liberties, data protection and privacy. That being said, 15,000 is still a too small number for a topic that effects everyone in this country. But even a demonstration of that size doesn't happen every day in Berlin, so it's not that easy to completely ignore either...

Don't miss the photos of the demonstration

becoming a self-proclaimed election observer

Harald Welte — Fri, 20 Apr 2007 19:00:00 GMT

Today I will leave to the German state of Sachsen-Anhalt, as part of a CCC group that will observe the use of electronic voting machines (rather: voting computers) at the elections there.

Our main focus is to witness and collect evidence of the many shortcomings in even the current (by no means sufficient) rules and laws on the security of those devices.

As a Dutch hacker group in cooperation with the Berlin CCC has demonstrated before, the voting computers in question are by no means safe against manipulations - neither are the corresponding safety procedures and measures.

Voting Machines: Complaint against last German Bundestag elections turned down

Harald Welte — Sat, 16 Dec 2006 19:00:00 GMT

As several sources have reported, the German Bundestag just decided that the formal complaints of voters against the use of insecure voting machines in the last Bundestag elections are void.

The Bundestag decided to reject those complaints by using pre-worded statements from the Ministry of Interior, some of which can be technically proven to be wrong. It is a real pity - but what do you expect if you ask those people who got elected, whether they accept that election ;) It's also quite embarrassing to see such complaints to be dragged on for more than one year. We're talking about complaints about the Elections on September 18, 2005. I think this says a lot about the state of democracy in this country, and the carelessness of those in power towards a fair and equal election process.

This is why the original plaintiffs now are preparing a lawsuit in front of the federal constitutional court. In order to be filed, some 100 signatures of German voters in support of this lawsuit are required. This shouldn't be a problem, since a petition against the use of voting machines has drawn some 48,000 supporters without any trouble. You can find more information about how to support this complaint of unconstitutionality on the Homepage of Dr. Ulrich Wiesner.

Nedap voting machines in Europe

Harald Welte — Wed, 04 Oct 2006 19:00:00 GMT

The regular reader of this weblog might have noticed that for more than a yearI've had an interest in the use of voting machines in elections, specifically Germany.

While my many other interests and projects have not allowed me to look into this subject as much as I wanted, some of my friends of the Berlin CCC have collected a lot of information on voting machines (German) and also actually had a chance to do some hands-on security research together with our Dutch hacker friends

Yesterday, their joint activities became public. First in a TV show that has been aired in the Netherlands. German media reports are catching up today. Expect some more coverage following-up the CCC press release, such as this one.

Now what was actually discovered? In short,

There are many possibilities for manipulations
That a proof-of-concept firmware for election manipulation on a Nedap machine has been developed
That the Nedap machine can be re-programmed just like any other computer, e.g. to turn it into a chess computer
That the Nedap machines actually have spurious emissions that can be used to detect which party / candidate is currently being voted from a range of at least a couple of meters distance by using a small radio receiver with earphones.
That any contemporary cell phone or Digital TV set-top-box has employed more security mechanisms than those voting machines. Cryptographically signed boot process? Signed applications? Trusted Computing? Such technologies are only employed for the protection of important data, such as commercial audio and video recordings. Unimportant matters such as democratic and free elections do not require any such secure technology, but use 1980's home computer technology.
That the legal requirements on the technology of voting machines in the Netherlands and in Germany do apparently not even come close to identifying (and preventing) the most basic IT security threats.

Therefore, the use of such voting machines must be halted immediately, at least until an independent board of renowned international IT security experts has been drawn to specify new technical requirements on their security, and until all old machines have been upgraded or replaced by such machines that follow those requirements.

Because any reasonable set of security requirements will inevitably lead to machines that are by far more expensive than those currently in use, it becomes even more questionable to build and use them in the first place. Why should a few hours quicker election results ever be worth even only the slightest increase in risk of election manipulations?

Experiencing China's Internet censorship

Harald Welte — Fri, 07 Jul 2006 19:00:00 GMT

I've always wondered how China actually implements their Internet censorship, and how effective it is. I could have probably found out by doing some online research, but as with many things it just never happened.

Since I'm now using it every day here in Shanghai, I think I have a pretty clear picture on what is going on. Apparently all they do is some URL based HTTP filtering, and black-holing those requests. I'm not sure whether they actually filter all traffic to the black-holed IP address (which could shadow thousands of other virtual hosts on the same address), or actually only filter individual requests.

So apparently they're just blocking the technically unsophisticated regular user. Anyone with some basic network knowledge could easily work around those restriction - though it probably would be highly illegal.

So basically all the websites I want to access - including those that definitely contain content that the Chinese government would dislike. The only thing that is lacking from the web for me is wikipedia. But well, if you google for the term that you're searching in wikipedia, then Google will happily give you the Google cache of that page ;)

But there's definitely no filtering on ports such as SSH or IMAPS. I can transparently access my IMAPS-secured mail server, I can ssh to my machines in Germany, everything working quite fine. Obviously any kind of tunnelling would give me access to the free world.

So all in all, (luckily!) not very effective, from my point of view.

Now I hope that the Chinese authorities don't see that posting before I leave the country, interpreting it as a 'censorship protection circumvention technology', or actually put my blog into their filters ;) This page is uploaded via HTTPS, so at least they won't see this message _leave_ the country.

Data retention is no solution

Harald Welte — Wed, 21 Sep 2005 19:00:00 GMT

One year after Germany decided not to have a national law on data retention, the European Union moves towards data retention legislation.

Apparently now the European Commission and the European Council are both competing with proposals for a directive on mandatory data retention of all telecommunication meta-data for up to three years. Meta-data includes MAC addresses, IP addresses, Email addresses, phone numbers, IMEI numbers, location of the base station from which a mobile system initiated the call, and many more (it's a two page listing!).

If you are a EU citizen and think that data retention is invasive, disproportionate and violates the European Constitution on Human Rights, please sign this petition at dataretentionisnosolution.com.

No legal basis for voting machines in Germany?

Harald Welte — Sat, 17 Sep 2005 19:00:00 GMT

According to press coverage, in todays parliament elections (Bundestagswahl) some 5% of German voters will be forced to cast their vote on electronic voting machines.

However, those voting machines have no paper audit trail, and in fact seem to have no audit trail at all. The ministry of interior does not want to disclose the certification procedures or certification reports of those machines, allegedly to accommodate the trade secrets of the vendors.

Since when has a trade secret (if there is any involved, I doubt it) become more important than the citizens' right to a transparent election process?

After a quick read through the respective laws such as the Election Verification Act (Wahlprüfungsgesetz) and the Federal Election Act (Bundeswahlordnung), there is not a single mention of any kind of electronic voting machines. To the opposite, they go into every tiny detail of how the ballots have to be formatted, what color of paper they are printed on, etc.

Apparently there is already at least one person who wants to challenge the election results in those counties where electronic voting machines are used. I'm more than motivated to join such action and/or start an initiative for transparency of electronic voting. Stay tuned.

Increasing nuclear security by jamming GPS ?

Harald Welte — Fri, 16 Sep 2005 19:00:00 GMT

It's quite amazing what kind of bogus ideas government agencies and operators of nuclear power plants have. According to this article, the German federal environmental agency has negotiated with the operators of not airplane crash safe nuclear power plants to install GPS jammers.

The idea is to make it harder to automatically guide a passenger airplane into such a power plant (as part of a terrorist attack). It follows the same awkward logic as the already-proposed "artificial disguise in fog".

It's incredible to see what to what extent they're willing to compromise the security. Either you think an attack to such plants is a danger that needs to be avoided, then you have to shut down those (three, I think) plants. Or you think all that terrorist panicking isn't worth such a measure.

But I don't think that anyone honestly believes that a bit of fog and some GPS jamming will prevent any such attack. At aircraft speeds, it doesn't really matter whether you have GPS 1 or 2 kilometers in front of the power plant. And in a country with a population density like Germany you cannot jam the signal for 100 or even 50km - especially since the highway toll system for tracks operates on the basis of GPS ;)

Apart from that, according to the Bundesnetzagentur (formerly RegTP, similar to the FCC), it is at this point not legal to operate any such jamming devices.

Data Retention is No Solution

Harald Welte — Wed, 27 Jul 2005 19:00:00 GMT

EDRi and XS4ALL have started an online petition against the recent European Commission proposal on mandatory 12 month data retention of all telecommunications meta-data.

Much like the software patent issue, we again have a situation where the European Parliament (those who are directly elected by the public) is against the proposal, while the commission and some national governments are pushing it.

With your support (and at least your signature), there are chances that this data retention directive - like the proposed software patent directive - can be turned down. Please take your time and sign, thanks.

Please also consider supporting the EDRi. They recently announced that they're short of funding.

Demonstration against Software Patents at the German Ministry of Justice

Harald Welte — Tue, 15 Feb 2005 19:00:00 GMT

Yesterday, I was attending the demonstration against software patents at the ministry of justice in Berlin.

This demonstration had to be called in on very short notice, because the European Council has yet again tried to quietly pass the legislation on software patentes (2002/0047 COM (COD)) as so-called 'B-item' on the agenda of the council (toe be more precise: the agriculture and fishing council). A B-item is one that requires no further discussion - which is absolutely wrong. The European Union has new member states that didn't participate in the previous discussion, and several member countries' parliaments have made decisions against patentability of software meanwhile...

Chaosradio about Biometric Information in Travel Documents

Harald Welte — Wed, 27 Oct 2004 19:00:00 GMT

Yesterday I've participated in a Chaosradio show about the recent international push towards biometrics in travel documents such as passports.

Our focus has been on the flaws of biometric systems, the current plans of the ICAO about MRTD's (Machine Readable Travel Documents), the risks involved and why they are not an applicable tool to prevent terrorist attacks.

If you're interested in listening to a recording of the show, it is available at the usual location, ftp.ccc.de.

Upcoming Chaosradio episode on software patents

Harald Welte — Tue, 17 Aug 2004 19:00:00 GMT

The next Chaosradio radio show will be about the ongoing debade on software patents, especially the recent development within the European Union.

Being part of the anti software patent movement for about 4-5 years now, I am more than happy to help with the radio show on this subject.

The radio show will be on air on Sept 01, 10pm GMT+2. If you understand german, there's a MP3 live stream available on the homepage.

Initiative for Freedom of Information Act in Germany

Harald Welte — Mon, 21 Jun 2004 19:00:00 GMT

As I became aware today, there is a new initiative for something like a Freedom of Information Act in Germany at pro-information.de.

Surprisingly, this apparently has not been communicated a lot, considering the small number of about 2000 signatures so far.

If you feel like Germany should enact a FOIA in order to give citizens, journalists and historians access to all kinds of files of the administration, please support support the pro-information campaign by signing it.

Lecture on "Data protection and Security on the Internet"

Harald Welte — Wed, 28 Apr 2004 19:00:00 GMT

I'll be presenting the CCC's point of view on that subject at this event.

It's going to be a non-technical introductory talk about the various methods and of data collection and data processing of person-related data on the Internet.

Discussion on "How much Security can Freedom tolerate"

Harald Welte — Mon, 26 Apr 2004 19:00:00 GMT

Yesterday evening I spend listening a discussion on that subject (organized by a member of parliament of the green party). Unfortunately the spokesperson for the conservative party didn't show up, and there was not too much discussion but consensus between the panel and the audience.

A black day in the history of EU legislation

Harald Welte — Tue, 09 Mar 2004 19:00:00 GMT

In an undemocrating manner and without public discussion, the European Parliament has passed a "IP rights enforcement directive" to "counter intellectual property piracy".

How can it happen that the wife of the head of one of Europe's biggest Media Companies (Vivendi International) can propose a Directive in January, that passes the Parliament in early march, when usually this process takes half a year to years?

This makes me sick and angry. I start to completely loose faith into European lawmakers. While fighting another EU directive on the patentability of software for years, another directive gets proposed and passes so quickly, that no public reaction can take place, nobody can even contact their representative MEP's.

For more information, see

German Constitutional Court rules in favour of privacy

Harald Welte — Tue, 02 Mar 2004 19:00:00 GMT

According to this article (in German) the German constitutional court ruled in favour of privacy and declared some recent changes in law as illegal. The respective changes made it much easier for law enforcement agencies to wiretap.

"Parlamentary Evening" about software patents

Harald Welte — Wed, 28 Jan 2004 19:00:00 GMT

Yesterday I was invited to a parlamentary evening organized by FFII e.V., a non-for-profit organization lobbying against the introduction of software patents in the European Union.
As you may know, they've been quite sucessful during the last year, since the European Parlament passed a directive that prevents any patent on computer software. However, due to the strange way the EU works, this directive has to be approved by the EU council before it gets enacted. The council is composed by representatives of the executive government, not by directly elected members of parliament.

The purpose of this event was to raise awareness about the dangers of software (and pure algorithmic/logic) patents. Among the invited guests were members of Bundestag (the german parliament), and various Officials of BMWA, BMBF and BMJ (economy, research and justice ministries).

I received the event as quite well. We were able to make our point and make them understand why a piece of software is different of somebody making an invention in the field fo mechanics.