German web users are notoriously concerned about privacy and data protection. The NSA scandal has given rise to even more distrust of popular US online providers. But what do Germans do to protect their data online?
Steganos, Elefile, PGP: If these terms sound cryptic to you, that's the intention. They are computer programs designed to provide internet security and privacy by encrypting documents, e-mails and other data exchanges. Tools such as "Pretty Good Privacy" aren't widely used in Germany, despite the country's skepticism regarding data protection. In fact, very few German Internet users actually take precautions when exchanging data or surfing the web.
According to a recent survey of 2,000 people carried out by the think tank Gesellschaft für Konsumforschung (GfK), nearly 70 percent of the German population is worried about personal data and privacy protection. Based on the GfK poll, Germans are most concerned about financial damage caused by data abuse (68 percent), followed by violation of privacy (52 percent) and misuse of personal identity (51 percent).
Who is worried?
It's not just those dealing with financial transactions, trade secrets and politically sensitive information who worry about having their communication channels hacked. Average Germans are concerned that their rights to privacy and protection of personal data could be violated.
Take Frank Plescher, a fitness coach from Bonn. Plescher believes informational self-determination is a human right. Speaking to DW he said, "I am neither a spy nor am I giving away business secrets. Nevertheless, I don't want strangers reading my data, my e-mails, my thoughts - just as I don’t want any stranger to read my love letters."
"It is my intellectual property," Plescher said.
And when it comes to their professional lives, Germans are particularly concerned about what information could be gathered through spy-ware and other hacking programs. Darina Pellowska is a development aid worker, who says for her cyber security goes beyond love letters and personal exchanges. "My NGO deals with sensitive information. I permanently send e-mails with details I don't want made public."
Distrust in American online services
Whereas Pellowska’s organization uses a specially designed communication tool not available on the mass market, the majority of Germans stick to popular e-mail providers and social networks like Google Mail and Facebook. These services are mostly run by corporations based in the United States where European laws do not apply.
The popularity of such sites in Germany stands in contrast to the deep mistrust Germans have of US web services, according to the GfK report. Only one in ten Germans trust American online service providers.
Peter Schaar, Germany’s Federal Commissioner for Data Protection and Freedom of Information told DW that Germans may distrust US online services because they feel privacy laws are not enforced as much as at home. “European studies constantly indicate that data protection laws in the United States are not as strict as in Europe, just as American online services are not supervised as meticulously as in Germany," Schaar said.
Despite stricter data protection regulations in Germany, the GfK report reveals that the Germans’ faith in the government's ability to protect data has declined in recent times. Only a quarter of Germans is convinced that the politicians in Berlin are doing enough to protect their data – a skeptical view that could be a result of recent data scandals and the NSA surveillance affair.
Secure data infrastructure is up to the government
Several months ago, Federal Minister of the Interior Hans-Peter Friedrich admonished Germans to take charge of data protection themselves. But for Peter Schaar such a position is tantamount to "abolishing traffic regulations and telling people to protect themselves by driving bigger cars."
A reliance on more self-protection would be a "catastrophe," the Data Protection Commissioner said. He is convinced that it is the government’s duty to provide a secure data infrastructure. “Everybody is somewhat responsible for how to act in this virtual world. But basic structures, like payment transactions, e-mail communication, and regular online information services must be safe.”
That position reflects the views of the average German, who for the most part are unwilling to invest time or money in cyber security measures to protect their own data. “I don’t see the necessity to take special precautions," said Maximilian Gottwein, a resident in Bonn. "Secret agencies are probably not that interested in me. And things like e-mail encrypting is just too complicated.”
But not everyone is willing to leave data protection up to the government. Jakob Scharlau, who spends his free time on the Internet and follows closely issues of cyber security, thinks it's important for people to take data protection into their own hands. “I worry about people who ignore privacy by reading my e-mails or phone contacts. That’s why I’m taking precautions, for instance my friend is going to a crypto party next week. This is a good way to learn more about how to encrypt personal data.”
Four simple rules of data protection
But is learning to encrypt the only way to ensure the security of personal data? According to Arne Schönbohm, president of the Cyber Security Council Germany, data protection can be simply realized by everyone: “Of course, there is no one hundred percent protection," he told DW. "But taking precautions is possible for each of us.”
Schönbohm advocates four rules of secure web surfing. First, install up-to-date firewalls and antivirus software on computers as well as on mobile devices. Second, check out access authorizations particularly for free smart phone applications since they often try to spy out photos, contacts etc. Third, do not open any anonymous e-mails; do not download every single free program as it could contain spy software. And fourth, think twice about what information really needs to be included in an e-mail. “Remember, sending information about an upcoming business deal in China could easily fall into the wrong hands,” Schönbohm said.
Furthermore, the Cyber Security Council president said, sensitive information basically can and should be protected with advanced tools. “Web surfing with the open network TOR defends against network surveillance by concealing a user’s location. Encrypting e-mails with a so called PGP program denies any unwanted access.” Although, Schönbohm points out, the counterpart needs to know how to decode the information sent. Otherwise, an e-mail will stay encrypted – maybe forever.