New German government calls for European ban on biometric mass surveillance

iso1631 · 9 days ago

It's the automation that worries me. I'm not too concerned about proper companies using CCTV to record, as it's well managed and gets deleted unseen, unless something happens. I'm not too concerned about the police pulling those CCTV pictures to investigate a crime either.

Things like ring doorbells on the other hand should be cracked down - the number of times I see people in the UK posting pictures of public areas on facebook is shocking, but if they're just sat there, being deleted unless pulled for a proper reason, that's fine too.

What really does concern me is when things like image recognition come into the picture. A corporation can't montior me by paying someone to sift through CCTV pictures. They can montior me by using automation to process everything though.

This is a good thing, how successful it is remains to be seen.

jacquesm · 9 days ago

The other matter of concern is how many of these bits of data end up on servers outside of the EU, if you want something done about it you are essentially powerless.

gunapologist99 · 9 days ago

At the end of the day, does it even really matter where the data is stored?

It shouldn't be recorded in the first place.

disabled · 9 days ago

Not always true. It depends on the circumstances.

That being said, I will never get a Ring doorbell or something similar. I also believe that the tech companies should not be allowed to hoard data about people’s private or public lives at all.

tentacleuno · 9 days ago

I don't think that's true.

We had abusive neighbours who damaged our belongings before so we essentially had to install a CCTV system. They were coax cameras hooked up to a DVR with no internet functionality (and that data had to be overridden regularly due to the size of the disk).

At the end of the day, if you're under threat of damage to your things, I would recommend a CCTV system. You won't see me recommending Amazon's offerings (or any other "cloud" solution rolls eyes), though.

raxxorrax · 9 days ago

I wouldn't care about that at all. A foreign government has far less possibility for abuse. It shouldn't happen either, but the domestic player should be the focus here. Mass surveillance doesn't improve anything aside from paranoia. We don't suffer crime or terrorism waves, so why even increase security at all? For some property damage? I get that data protection get in the way sometimes, but for this case I want to be meticulously excluded.

Any yes, I have been victim of vandalism multiple times. Doesn't mean I want to be surveilled forever. There is no absolute security.

tobylane · 9 days ago

I believe you can complain to your local data commissioner, eg They should cover this and the right to have an automated decision reviewed manually.

noja · 9 days ago

.uk is not European

emteycz · 9 days ago

At least it's not up for grabs by the EU as easily there

hutzlibu · 9 days ago

If a law says a company doing buisness in EU may not track users with face recognition, then you surely could charge them, if they merely outsource to outside of the EU as they are still the ones ordering the illegal surveillance.

tentacleuno · 9 days ago

> if you want something done about it you are essentially powerless.

I wouldn't say people are "essentially powerless", especially in the EU with GDPR. I can't speak for other parts of the world of course (CCPA is the only thing remotely similar to GDPR that I'm aware of in America).

minimilian · 9 days ago

> I'm not too concerned about proper companies using CCTV to record, as it's well managed and gets deleted unseen, unless something happens. I'm not too concerned about the police pulling those CCTV pictures to investigate a crime either.

Question: Wouldn't it be reasonable to have a law that recordings of public areas for the sake of investigation of serious crime be immediately encrypted such that they could only be decrypted by a court order? (Such a law might be enforced by random inspections and huge fines.)

marcosdumay · 9 days ago

Probably not reasonable. You will get into problems deciding whose keys to use, key distribution, people not being able to use their equipment correctly...

But banning devices from automatically posting everything to the manufacturer's computers without any user intervention is easy, and quite probably enough for the near future.

minimilian · 9 days ago

> You will get into problems deciding whose keys to use

How about a secret-sharing scheme that requires keys from a certain number of judges?

rodgerd · 9 days ago

It would be interesting to send these things to whatever the equivalent to NZ's office of the privacy comissioner is, for example, which would probably lead to sound oversight (until pressure to replace privacy-focused staff with compliant ones eventually kicked in).

chiefalchemist · 9 days ago

> Things like ring doorbells on the other hand should be cracked down - the number of times I see people in the UK posting pictures of public areas on facebook is shocking.

While I do share your concern, the current rule of thumb - at least in the USA - is that privacy is not expected in public spaces. I can see that since, by definition, that's what makes public public.

shlurpy · 9 days ago

There is a difference between incidentally public (someone can see you, snap a picture, but only on occasion) and surveilence public (someone can track your location and activity continously in public). If someone does the latter, and I know about it, I can still sue them for harassment, and maybe get a restraining order. Can I get a restraining order against Nest or similar?

I understand that this might not be the law, but I'm interested in if it should be.

chiefalchemist · 9 days ago

Again, I agree and empathize.

But the counter argument would be "Harassed by a doorbell, how so?" and "I have a right to protect my property and my family. My camera allows this to happen."

Unless the legal definition of "in public" changes, the surveillance will continue.

nikonyrh · 9 days ago

My understanding is that in Finland only the Government (or an other democratic entity such as the Municipality or the City) can execute surveillance on a public space. For example the bike parking area next to my office is deemed a public space, the office building next to it cannot point its security cameras to that direction. Which is a shame since there is a lot of bike theft and vandalism, but the city doesn't want to install their own cameras.

People are allowed to take photos and videos on a public area, but aren't allowed to leave a recording device there.

rodgerd · 9 days ago

Yes, and it shows how US[1] interpretations of the constitution and general lawmaking hasn't really evolved. It's one thing to say, "you're in public, deal with it" when (say) taking a photo of me and publishing it is likely to be time-consuming and local and scope; it is another to be able to follow me all day, publish globally, and for essentially zero cost.

[1] The US is hardly alone in this - they just happen to be the point here.

heavyset_go · 9 days ago

There are about 5 different Ring and security cameras that point into my private property, and one pointing directly into one of my windows. None of them are my cameras.

tjoff · 9 days ago

Just because you can't expect privacy doesn't mean you can exploit it and record everything.

chiefalchemist · 9 days ago

If you can site a law / legal decision that would help.

shapefrog · 9 days ago

Will you also be requiring people to avert their eyes when you are nearby such that they dont mistakenly observe you?

iso1631 · 9 days ago

But in the UK it's not allowed, however nor is that "not allowed" enforced.

Alas US cultural hegemony pushes strongly the the rest of the world, especially the western anglosphere

simiones · 9 days ago

Sure, but perhaps this could be seen to come under the purview of stalking legislation, or a similar principle?

1cvmask · 9 days ago

Not a lawyer here but it seems that there are exceptions carved out:

In particular, we ask the Commission to prohibit, in law and in practice, indiscriminate or arbitrarily-targeted uses of biometrics which can lead to unlawful mass surveillance.


So long as it is discriminate and non-arbitrary that can be ok then?

We have seen so many legal justifications and equivocations to laws from the surveillance state that I now assume legal counsel will always find a way to break the prima facie law.

German intelligence broke many German laws with the NSA, while Merkel virtue signaled and decried the NSA (comparing them to the Stasi) and Obama spying on her.

mschuster91 · 9 days ago

To quote the original from the Koalitionsvertrag (

> Biometrische Erkennung im öffentlichen Raum sowie automatisierte staatliche Scoring Systeme durch KI sind europarechtlich auszuschließen (page 19)

Translated: Biometric recognition in public spaces as well as AI-based, automated scoring systems ran by governments are to be prohibited by European law.

> Flächendeckende Videoüberwachung und den Einsatz von biometrischer Erfassung zu Überwachungszwecken lehnen wir ab

Translated: We refuse widespread video surveillance as well as usage of biometric recognition for surveillance purposes.

To summarize: Using biometrics or other technology for surveillance, particularly any attempt to recreate China's Social Credit Score, is banned. The exception in the English text is to allow biometric measures for identification (e.g. passports) and access control.

mytailorisrich · 9 days ago

> Biometric recognition in public spaces ... are to be prohibited by European law.

That's ok but an exception for law enforcement and national security would be useful.

This technology is a tool, like all technologies, and as such it may be used positively or negatively.

For instance, here in the UK we have automatic plate recognition cameras that are used to track uninsured or wanted cars. In the same spirit it might be useful to have similar cameras operated by the police to match people with a database of wanted or missing people (with only matches stored and reported for further investigation). Now this may not not work very well yet, there may be caveats and procedures to develop, etc but IMHO this means we should work on it and see if it can become useful rather than killing it off completely so early by having a blanket ban.

In any case, individual member states can draw their own laws on this.

On a side note, the wording in English might give the impression that the German government decides EU law...

gmueckl · 9 days ago

Exceptions for law enforcement have proven to be a very slippery slope in the past. Police is constantly trying to erode restrictions around tools that are only available for serious crimes and unfortunately also has a record of successfully circumventing any access checks for surveillance tools that have been put in place by lawmakers. There is constant and incessant lobbying from these circles to get more surveillance in place. But, when pressed, no one can point to cases where this actually helped.

The only realistic way to counter this is to say no to surveillance technology from the start.

mschuster91 · 9 days ago

> That's ok but an exception for law enforcement and national security would be useful.

Jesus hell no. Law enforcement already has too many permissions, and you can bet that there are more than enough people who would like the police to put iris scanners, gait monitors and other crap on each train station and public square. Minority Report and Little Brother should be warning enough, I feel no desire to see science fiction becoming reality.

> but IMHO this means we should work on it and see if it can become useful rather than killing it off completely so early by having a blanket ban.

We need a blanket ban because when you grant the government a single digit of your hand, tomorrow it has your whole arm in a vice. "War on terror!" "War on drugs!", "war on prostitution!", "protect our children from kidnapping!!!" - the list of stuff that people will bring up once the technology is in place is endless, and there are enough voters convinceable with fear mongering that the authoritarians will get what they want.

> In any case, individual member states can draw their own laws on this.

Blanket bans and mandatory requirements cannot be overridden, which is part of why many politicians from all EU countries choose the "Brussels backdoor" to pass shit they would get kicked out of office for at home, and when local voters rightfully complain, they just say "complain in Brussel, not my fault, we are just doing the whims of the EU".

(Side note: this despicable behavior and complicit/ignorant media are a major reason for public trust in the EU eroding!)

> On a side note, the wording in English might give the impression that the German government decides EU law...

Let's be real: Germany, France, Italy and Spain are the dominant powers in the European Union. As long as only the Commission has the right to initiate the passing of laws, most initiatives will come out of these "big four" countries, and there will not be any initiatives where it isn't clear from the beginning that they have a high likelihood of passing.

simiones · 9 days ago

I would say that, on the contrary, police and secret services are the institutions it's most important to keep this out of the hands of.

While private companies are using this data in ways that cause harm quite indirectly (influence, consumerism - societal evils to be sure, but no immediate threat to your life), police and the SS are most likely to cause very active harm with such technologies.

shlurpy · 9 days ago

A technology that is especially easy to use very negatively and relies on a constant maintenence of good moral virtue in government or law enforcement is a dangerously unstable risk. Its like how actively cooled nuclear reactors are just a technology, but its a far better idea to build them such that if power is lost even for a moment you don't experience a dangerous meltdown.

CRConrad · 8 days ago

> On a side note, the wording in English might give the impression that the German government decides EU law...

First, the text „lehnen wir ab“ can be read as “we won't accept”, in the sense that these legislators are against it. But legislators all over the world say stuff like that all the time, and in the end they often get overruled or outvoted anyway.

Second, I think in a (negative) sense the German government does decide EU law — just like any other national government within the EU does: IIRC, in at least one of the (confusingly) many entities that decide on EU-wide legislation (Council? Commission? Ah, fuck knows...), all the national governments are represented with one vote each, and unanimity is required, i.e. they each have a veto.

raxxorrax · 9 days ago

I think the prevalence of CCTV in the UK warrants skepticism about its effectiveness as the UK doesn't necessarily have better crime numbers than comparable countries. I know video surveillance is mostly available in hot spots, but for me it is certainly uncomfortable to be under scrutiny constantly and it isn't something I would want to get used to as it does not provide significant benefits.

wolframhempel · 9 days ago

I'm generally positively surprised by the coalition-agenda (Koalitionsvertrag) that was presented by the upcoming German government yesterday. Fairly centrist policies and a focus on modernization. There's a separate question about how much of it will actually be implemented, but the uncommon mix of three fairly different parties seems to have created a sensible equilibrium.

a_bonobo · 9 days ago

What's interesting is that in the weeks leading up to the agenda, the Chaos Communication Club put up their own demands written like a digital agenda, essentially prewritten rules. And it turns out that the new agenda includes many of these rules! See

Things like companies being legally responsible for security holes in their products, a right to encryption, open standards in government bodies, no 'hackbacks' from German security agencies, software updates and replacement parts need to be available for the lifetime of a product, all these things in the new government's agenda seem to come from the CCC.

Lobbbying works!

English auto-translation of the CCC's demands:

raxxorrax · 9 days ago

They want to turn around mass surveillance at least, although they did not say anything about state trojans. The state bought NSO Pegasus too.

But let us wait on their deeds, most of the new government was also part of the old government, which was very prone to increase "security®" to the detriment of everyone already living in the safest time of humanity.

In a country that managed to build a totalitarian nightmare twice in just one century the belief in the state and general fear is already stuffily high in my opinion.

wirrbel · 9 days ago

All parties have strong conservative wings.

There is some potential for reform-pushing within the Greens and FDP, and I expect we won't see as much of that in the agreement but things will pop up once the chancellor has been elected.

siruncledrew · 9 days ago

It’s not just governments across Europe, but this petition also calls for the ban of companies doing it too.

I wonder how the “watchdog” piece of this would work, practically speaking, since nowadays almost anywhere with a decent camera can implement some kind of facial recognition or tracking, and cameras are ubiquitous.

Maybe places will find a workaround like just export the video to a different geographic zone datacenter to analyze it.

I don’t see all governments or businesses agreeing to this because: 1. They wouldn’t want to, 2. It would be hard to prevent if the ways to do it still exist, 3. The “big enough” places will just do it anyway in secret.

skummetmaelk · 9 days ago

> Maybe places will find a workaround like just export the video to a different geographic zone datacenter to analyze it.

Which is also illegal.

moffkalast · 9 days ago

Believe it or not, straight to jail.

isodev · 9 days ago

In most EU countries you can't just record people in public without their opt-in consent (Nope, not even taking pictures). Shipping the footage to another location is also not allowed unless you get informed consent exactly who and why will have access to your details.

71a54xd · 9 days ago

I'm generally confused as to how the EU seemingly gets things right when it comes to privacy like banning biometric surveillance yet seems completely hell bent on creating a surveillance state in other areas (like banning encryption outright [0] or creating outsized penalties for wrong-speak [1]).

Of course the US just builds things like this for political gain and taxation.

0 - 1 -

zajio1am · 9 days ago

And also forcing biometric data in ID cards:

throwaway473825 · 9 days ago

The biometric data (fingerprints and facial images) are stored on a chip in the card. This is a pragmatic way of increasing security without enabling mass surveillance.

DoingIsLearning · 9 days ago

> The biometric data (fingerprints and facial images) are stored on a chip in the card.

Only on the card, genuinely asking? If I lose my citizen's card and ask for a new to be reissued is that information not retrieved from a central database for the 2nd card?

pjerem · 9 days ago

What’s wrong with the biometric data as long as it’s only inside the card and not stored elsewhere ?

The only thing you can do is to be able to prove (or not) that it’s your ID.

Or am I missing something ?

dane-pgp · 9 days ago

How did the data get into the card? And how do you know it isn't stored elsewhere? It wouldn't be the first time a government failed to admit exactly what information it was keeping about its citizens, and how it was using it against their interests:

shlurpy · 9 days ago

Lots of different interests hashing it out in an at least somewhat functioning democracy are going to experience somewhat schizophrenic behavior.

stareblinkstare · 9 days ago

>Since 2020, the Reclaim Your Face coalition has actively put pressure on decision-makers by uncovering surveillance, publishing research reports, and mobilising people for a society free from harmful technologies such as facial recognition in publicly-accessible spaces.

Emphasis mine. This won't do much, and all the surveillance data will be shipped to China anyway. You're already in their database somewhere and they know more about you than the rest of the West combined.

jchmrt · 9 days ago

I think the defeatist stance of 'it will go to China anyways is quite harmful. We should at least try to legislate useful things and enforce them for the common good. Besides, if companies want to avoid the legislation, sending the data to China will not do them much good: what they are doing will be just as illegal. And presumably companies recording video on EU soil can be regulated from the EU.

throwaway55421 · 9 days ago

Yet scanning a QR code which uniquely identifies an individual to get into any venue is totally fine because we didn't update the source code yet and so it's not phoning home this week.

Well, if the source (of the scanner) is even legit, since the app stores provide no way to verify that anyway.

chriswarbo · 9 days ago

You can choose whether or not to show a QR code, or even disclose whether you have one, and to whom.

Mass surveillance is imposed and can't be opted-out from (unless you have an invisibility device, in the case of widespread cameras).

QR codes can also be discarded, or new ones issued. Biometrics (e.g. face structure) cannot be replaced once "compromised". I use quotes for the latter, since biometrics are never secret in the first place (e.g. if we could keep our faces, fingerprints, DNA, etc. secret then they'd be useless in criminal investigations!).

throwaway55421 · 9 days ago

Oh do pipe down.

If I am in Germany, I can choose not to show a QR code if I _never go out_.

Thankfully I live in the UK with none of this nonsense _and better outcomes_.

Dma54rhs · 9 days ago

Who cares about new qr code when you scan and receive the same PI every time? You can scan a new code but keep recording.

emteycz · 9 days ago

I am required to show a QR code to eat.

cyxxon · 9 days ago eat at a restaurant. You can shop at a supermarket and eat at home. The thing is that yes, during the pandemic (and only then) for reasons of public health and safety, society has deemed this small violation of privacy necessary.

blargpls · 9 days ago

In Germany you can also just show the Europäischer Impfausweis (official yellow booklet containing all your vaccinations) that doesn't contain any QR codes.

simion314 · 9 days ago

Can't you just show the paper with the proof of vaccination? Like I might not have a smartphone but I have the paper and ID card in my wallet.

hammock · 9 days ago

The new German government is also anti-lockdown and presumably passport (at least moreso than Merkel). One of the first things he did was scrap Merkel's plans for a new two-week countrywide lockdown.

It's also worth pointing out that Germany DOES recognize natural immunity and allows this to serve in place of a jab. Haven't seen that reported in US news but you can find it in European papers.

tremon · 9 days ago

One of the first things he did was scrap Merkel's plans for a new two-week countrywide lockdown.

That lockdown was not a completely unfounded suggestion though, given that both the number of infected and the number of new cases/day are twice as high as during last year's peak [1] -- and last year's peak was around Christmas, not in November.


throwaway55421 · 9 days ago

Why does anyone care about cases?

If I get corona I get a bad cold.

Non issue for the vaccinated below 70.

brummm · 9 days ago

The majority are unvaccinated people. It's really their own god damn fault for not getting vaccinated. At the most there should be a lockdown for unvaccinated people.

soco · 9 days ago

Complaining about straw-man arguments is not bringing much. The facts are: the scanners code is opensource and does not phone home. The rest is fantasy - a valid ethical discussion of course, and it's up to us to discuss it properly (that is, keeping in touch with reality).

nnamtr · 9 days ago

A restaurant or company could use its own scanner app to save the data, but I assume this would be illegal

soco · 9 days ago

Technically they could - if they had the skills (a restaurant with programmer staff?), had a the reason (risking to alienate the customers?) and had the guts to go against GDPR (somebody will spill the beans). So...

ostenning · 9 days ago

QR codes aren't effective at all as a surveillance mechanism. Why the hell does the government need to monitor which venues you visit based on QR code check-ins? They literally just ask Apple, Google, or any other big tech company about your phones geolocation and IP log history to monitor your whereabouts.

Most people with accounts to these platforms have credit-cards, payment history and communication with others. There is nothing particularly special about vaccination QR codes being more unique than any of the other multitudes of data you already provide, willingly, to these tech corps.

emteycz · 9 days ago

Asking Google or Apple means asking a foreign corporation, likely through legal means and definitely targeted to individuals, not population-wide.

Checking logs of a state-run server is way easier.

rad_gruchalski · 9 days ago

> Asking Google or Apple means asking a foreign corporation, likely through legal means and definitely targeted to individuals, not population-wide.

Which would be a local telco.

mod50ack · 9 days ago

The QR verification app doesn't ping back to a server, though. You can literally check. It's open source.

soco · 9 days ago

Sorry for the reality check: said states make requests all the time to Google and Apple and also receive the requested data, and we have apparently no issue with this. Instead we use an imaginary feature no scanner outside China has (phoning home) and complain about that.

Dma54rhs · 9 days ago

Nothing will change with biometric and other mass surveillance either - the temporary feeling of security will always put these things first.

thepangolino · 9 days ago

The lack of pushback against that practice literally blew my mind. The potential for abuse is literally limitless.

I’ve even personally seen the treatment I’ve received the moment my name popped up on their screen after getting scanned. (My fave doesn’t show it but I’m of heavy ethnic background)

throemdiwo · 9 days ago

Bless you. Of course, such things can only be muttered from throw away accounts.

streamofdigits · 9 days ago

I just hope that the new balance of power in Germany will energize Europe to take concrete next steps towards an altenative way of organizing digital life.

dane-pgp · 9 days ago

Another good opportunity for improving digital life in Europe is with the proposed Digital Markets Act[0], which looks set to mandate that phone OSes allow side-loading, and require social media & messaging services to interoperate with competitors.


streamofdigits · 9 days ago

These measures are good and necessary but on their own will not solve the problem. It is not sufficient to say "no", you need to provide (=invest)in alternatives that show what "good" looks like.

For some bizarre reason the European continent has outsourced digital infrastructure. It is then no surprise that what is on offer is not congruent with the values and attitudes of its citizens.

toss1 · 9 days ago

Ha! I read "biometric mass surveillance" as some new remote sensing method to determine how much people weigh.

The actual article makes more sense & is a good thing.

nkmnz · 9 days ago

Thanks to FDP and Green Party —- you cannot trust Social Democrats on such issues at all!

george_kaplan · 9 days ago

Neither can you trust the FDP. When they became part of the governing coalition in the state of NRW they immediately passed a bill for more video surveillance and abolished the requirement for law enforcement to wear visible name labels or badge numbers.

nkmnz · 9 days ago

…the same kind of bitter pill the Green Party has to take whenever they are a minority partner in a State Government. Nothing new for both parties that they need to compromise - now, it’s new that they can act together on a lot of issues against a relatively smaller and potentially very weak third party. I know from first hand experience how deeply rooted the „law and order“ thought is within the Social Democratic Party, since I‘ve been running for office against one of their hard liners in 2013. Hint: it’s been the one caught buying crystal meth a couple of months later :)

quakeguy · 9 days ago

Michael Hartmann?

cyberpunk · 9 days ago

Meanwhile from 2022 onwards all entry to the EU from non-eu citizens will require Fingerprints and Facial scans to be saved [0].

One rule for us, one for the rest, it seems.

(For the record, I am absolutely against this, having recently lost my EU citizenship).


cyberpunk · 9 days ago

I'm curious why I've been down voted here -- I'm an EU resident, legally, and I am also Scottish -- so my EU citizenship that I was born with, was taken from me by the members of a country I consider rather different to myown, but who unfortunately rule over us due to pure numbers..

But I don't think I said anything offensive or false..

Fuck brexit, but also fuck fingerprinting foreigners (of whom I am now one apparently)...

Kbelicius · 9 days ago

It isn't one rule for us, one for the rest. As a EU citizen my fingerprints and facial scans have already been saved and I didn't have to travel anywhere. Do you not have any form of ID in Scotland? If you do, does it not contain your picture and were you not required to give a fingerprint when you first requested it?

cyberpunk · 5 days ago

Oh super late reply, but yes my photo is on my passport, no I didn't have to give fingerprints and I live in Germany, which has a rather tight view on such surveillance given their history..

I would refuse to give fingerprints, if asked, unless compelled to by a court. Same for my children.

schleck8 · 9 days ago

It's good meassure to prevent abuse of immigration opportunities. It's not possible for everything to be ideal, this is an acceptable compromise for most.

bserge · 9 days ago

Copying the other guys, as always. The US has been collecting fingerprints for decades, and many other countries do it, too.

ramsundhar20 · 9 days ago

Biometric surveillance should get stopped. People deserve their privacy. EU should focus on greater human interests.