Freedom on the Net 2017 - Germany

Country: 
Year: 
2017
Status: 
Free
Total Score: 
20
(0 = Best, 100 = Worst)
Obstacles to Access: 
3
(0 = Best, 25 = Worst)
Limits on Content: 
6
(0 = Best, 35 = Worst)
Violations of User Rights: 
11
(0 = Best, 40 = Worst)
Population: 
82.7 million
Internet Penetration: 
89.7 percent
Social Media/ICT Apps Blocked: 
No
Bloggers/ICT Users Arrested: 
No
Press Freedom Status: 
Free
Key Developments: 

June 2016–May 2017

  • The “Social Network Enforcement Law,” which aims to curb the dissemination of hate speech, terrorist propaganda, and fake news on social media, established substantial fines against social networking companies for failing to remove flagged criminal content from their platforms (see Content Removal).
  • A new law regulating the conduct of the Federal Intelligence Service has raised concerns for attempting to legalize thus-far illegal surveillance practices that could potentially affect German citizens as well as foreign journalists (see Surveillance, Privacy, and Anonymity).
  • While data retention legislation enacted in October 2015 remained controversial, conservative politicians have advocated in favor of further expanding data retention powers (see Surveillance, Privacy, and Anonymity).
Introduction: 

While Germany’s internet freedom environment remained free, a heightened climate of disinformation raised alarms in the lead-up to 2017 elections. In response to these perceived threats, German legislative measures to tackle hate speech and fake news may create incentives for social media companies to preemptively delete controversial content.

Media and civil society frequently and openly discuss the state of internet freedom in Germany, especially given the prominence of internet regulation issues in widely read online news publications. Open discussions about controversial developments are possible and frequent, and involve a wide range of stakeholders. An independent court system plays its part in checking measures by the executive and the legislature.

At the same time, issues of online manipulation and content removal came under renewed pressure over the past year, especially in the midst of increasing demands to address the proliferation of hate speech and fake news online. While not approved during the report’s coverage period, the “Social Network Enforcement Law”, presented by Federal Minister of Justice Heiko Maas in March 2017 and enacted at the end of June, sparked widespread criticism for its potential repercussions on freedom of expression on social media.

Other laws have raised privacy concerns among internet freedom advocates during this period. The new law on the conduct of the Federal Intelligence Service (BND), enacted in the fall of 2016, sparked criticism among commentators who argue that the law merely attempts to legalize hitherto unlawful practices, such as monitoring internet traffic within Germany. UN special rapporteurs have also expressed concerns that such a law infringes on the right to freedom of expression as guaranteed under international law.1 Meanwhile, data retention legislation remains a contentious issue in Germany. Despite the decision by European Court of Justice in 2014 invalidating the European Union’s Data Retention Directive, some politicians have continued to make proposals to further expand state powers to store data indiscriminately and in bulk.

Obstacles to Access: 

Internet access is high in Germany, and there are few inhibiting obstacles. However, differences in internet usage by levels of income demonstrate how prices continue to be a barrier.

Availability and Ease of Access

Germany’s network infrastructure for information and communication technologies (ICTs) is well developed, and overall internet penetration rates are above the European Union (EU) average.2

The most widely used mode of access is still DSL, with 24 million connections in 2016. However, cable internet connections are becoming more widespread, with 8 million connections in 2016, compared to only 7.2 million in 2015.3 Connections with more than 30 Mbps are available for 11.6 million households.4 Although the federal government had presented a roadmap to provide every household in Germany with internet access speeds of at least 50 Mbps by 2018,5 criticisms point to insufficient efforts to expand broadband access quickly enough.6

In 2016, internet access via mobile devices further increased: 63.1 million people in Germany regularly accessed the internet via UMTS or LTE, compared to 58.5 million in the previous year.7 The total data volume increased from 575 million GB in 2015 to 918 million GB in 2016.8 Germany is ranked ninth worldwide in terms of smartphone penetration as 55.5 million people used a smartphone in April 2017.9 At the end of 2016, LTE connections were available to 93 percent of all Telekom customers, 90 percent of Vodafone customers, and 80 percent of all Teléfonica Germany customers.10

There is still a gender gap when it comes to accessing the internet in Germany, even though it is gradually getting smaller. While 87 percent of men used the internet every day or almost every day in 2016, only 83 percent of women did.11 Daily or almost daily internet usage in the 16-24 and 25-44 age groups were 97 and 94 percent, respectively. In the over 65 age group, frequent usage remains at 67 percent.12

Differences in internet usage based on formal education have not changed significantly over the past few years. The gap between people with low and high levels of formal education is still noteworthy.13 A comparison of net household incomes also confirms this gap. Households with less than EUR 1,000 (US$1,141) net income per month have a 59 percent penetration rate, whereas those with more than EUR 3,000 (US$3,423) net income per month have a penetration rate of 94 percent.14 Furthermore, slight differences in internet usage exist between Germany’s western region (81 percent) and the eastern region (72 percent), which was formerly part of the communist German Democratic Republic; this gap has remained stable over the past few years.15 The gap between the urban states Hamburg, Berlin, and Bremen, and the rural states with the smallest internet penetration rate such as Saxony-Anhalt or Mecklenburg-Western Pomerania, is still between 11 to 16 percent.16

Telecommunication services have become slightly less expensive, decreasing by about 1.1 percent.17 Stark differences in internet usage by levels of income demonstrate how prices continue to be a barrier for people with low incomes and the unemployed. Although the Federal Court of Justice ruled that access to the internet is fundamental for everyday life, costs for internet access are still not adequately reflected in basic social benefits.18 In March 2017, the Federal Assembly (Bundesrat) made the decision to consider providers of free community wireless networks not-for-profit enterprises, which entails considerable tax advantages. The move has been lauded for facilitating the establishment of freely accessible networks in cities, thereby broadening easy access for parts of the population who could otherwise not afford an internet connection.19

Restrictions on Connectivity

The German government does not impose restrictions on ICT connectivity. Germany’s telecommunications infrastructure is largely decentralized. There are more than one hundred backbone providers in the country.20 Privatized in 1995, the former state-owned Deutsche Telekom remains the only company that acts as both a backbone provider and an ISP. However, the German state owns less than a third of its shares, which crucially limits its control.21There are a number of connections in and out of Germany, the most important being the DE-CIX, which is located in Frankfurt. It is privately operated by eco, the association of the German Internet Industry.22

ICT Market

The telecommunications sector was privatized in the 1990s with the aim of fostering competition. The incumbent Deutsche Telekom’s share of the broadband market was 41 percent in 2016, marking yet another slight decline as competition continued to increase. Other ISPs with significant market share included Vodafone with 19.5 percent, 1&1 with 14 percent, cable company Unitymedia at 10.6 percent, and O2-Telefónica with 6.7 percent.23

There are currently three general carriers for mobile internet access: T-Mobile, Vodafone, and Telefónica Deutschland, who share the market more or less evenly.24 The prices for mobile services continued to decrease, being 2.2 percent lower than in 2015.25

Regulatory Bodies

Internet access, both broadband and mobile, is regulated by the Federal Network Agency for Electricity, Gas, Telecommunications, Post, and Railway (Bundesnetzagentur or BNetzA), which has operated under the supervision of the Federal Ministry of Transport since early 2014.26 The president and vice president of the agency are appointed for five-year terms by the German federal government, following recommendations from an advisory council consisting of 16 members from the German Bundestag and 16 representatives from the Bundesrat. The German Monopolies Commission and the European Commission (EC) have both criticized this highly political setting and the concentration of important regulatory decisions in the presidential chamber of the Federal Network Agency.27 Similarly, the Court of Justice of the European Union (CJEU) and the EC noted that the regulation of data protection and privacy by agencies under state supervision does not comply with the EU Data Protection Directive 95/46/EC.28

In addition to these institutional concerns, regulatory decisions by the BNetzA have been criticized for providing a competitive advantage to Deutsche Telekom, the former state-owned monopoly.29 These concerns were amplified again in late 2015, when the BNetzA presented a proposal to allow the Telekom to implement vectoring, a technology that is capable of boosting the bandwidth of DSL connections on pre-existing copper lines.30 This arrangement sparked criticism due to the fact that in order to function as intended, the technology requires a single operator to remain in charge of the entire bundle of cables. In turn, unbundling and redistribution individual connections becomes more difficult, with the result that the managing operator (Telekom) will end up in a privileged market position.31 In December 2015, the federal monopoly commission (Monopolkommission) made its reservations against the arrangement public,32 which led the BNetzA advisory board to announce amendments to the original proposal in early 2016.33 Still, in May 2016, the EU Commission instigated formal proceedings to review the draft, voicing concerns regarding the future of fair competition on the telecommunications market in Germany.34 After publishing a revised proposal in June 2016,35 however, the EU Commission approved of the arrangement. At the same time, Telekom’s competitors and some politicians remained vocally skeptical of the new rules.36

Limits on Content: 

Access to online content in Germany is mostly free. Pressure on social media companies to remove illegal content from their platforms came under renewed pressure over the past year with increasing demands to address the proliferation of hate speech and fake news online.

Blocking and Filtering

The German government rarely imposes blocking of websites or internet content.37 There were no publicly known incidents carried out by state actors during this coverage period. YouTube, Facebook, Twitter and international blog-hosting services are freely available.

Content blocking or filtering practices enforced by private or corporate actors have been an issue for some time. The most prominent and widely reported example of how private entities substantially shape the availability of online content was the protracted dispute between YouTube and GEMA (German Society for Musical Performance and Mechanical Reproduction).38 For years Google and GEMA were unable to find a compromise regarding the amount Google should pay for a license for copyright-protected music disseminated on its video-streaming platform YouTube.39 Due to the ongoing legal conflict, Google started blocking videos on YouTube in Germany that contained such music, instead displaying an error message. YouTube and GEMA finally reached an undisclosed licensing agreement on November 1, 2016, and since then videos have been freely accessible in Germany.40

In November 2015, the Federal Court of Justice ruled that the blocking of websites may be ordered as a last resort if it is the only possibility for a copyright holder to effectively end the rights infringement on that website.41 That means that in such cases, after an assessment of all circumstances relevant to the case at hand, the owner of the copyright in question may demand the internet access provider to block the website in question. If the provider disagrees, a court will decide. The decision has been subject to criticism as such blocking is considered easy to circumvent and thus ineffective.42

The protection of minors constitutes an important legal framework for the regulation of online content.43 Youth protection on the internet is principally addressed by states through the Interstate Treaty on the Protection of Human Dignity and the Protection of Minors in Broadcasting (JMStV), which bans content similar to that outlawed by the criminal code, such as the glorification of violence and sedition.44 A controversial provision of the JMStV reflecting the regulation of broadcasting media mandates that adult-only content on the internet, including adult pornography, must be made available in a way that verifies the age of the user.45 The JMStV enables the blocking of content if other actions against offenders fail and if such blocking is expected to be effective.

Content Removal

Most of the content removal issues in Germany relate to the removal of results from search engine functions, rather than deletion of content. However, pressure on social media companies to remove illegal content from their platforms came under renewed pressure over the past year with increasing demands to address the proliferation of hate speech and fake news online.

Soon after the start of a wide influx of refugees into Europe in 2015, both German authorities and media began urging Facebook to more proactively suppress hateful or offensive content on its platform.46 Court proceedings also followed. In February 2017, a regional court in Würzburg, Bavaria, heard a case concerning the Syrian refugee Anas Modamani, whose widely shared selfie with Chancellor Merkel had repeatedly been used by right-wing activists to falsely connect him to a number of different crimes. Modamani’s attorney demanded that Facebook not only delete the original defamatory posts, but also all shares and copies.47 While being sympathetic to Modamani’s concerns, many observers cautioned that a sentence in his favor might compel Facebook to implement upload filters that could subsequently be used as a censoring tool, infringing on the right to free expression.48 In March, the court decided that Facebook is not obligated to actively search and delete hateful postings involving Modamani’s picture. However, his attorney announced an appeal.49

On the other hand, Facebook has implemented some steps to tackle the problem on its platform in order to conform to German legislation governing hate speech. In January 2016, the company set up a new team of employees in Berlin with the sole task of examining, and if necessary, deleting such content.50 Moreover, in March 2017, Facebook, Microsoft, Twitter, and YouTube announced the activation of the prototype of an upload filter based on a shared database which is supposed to suppress the uploading of terrorist and extremist content.51

Despite these steps, in March 2017, Federal Minister of Justice Heiko Maas presented the “Social Network Enforcement Bill,” which aims to further curb hate speech, terrorist propaganda, and the dissemination of fake news on social media. The draft provides that social media companies must establish an office that receives complaints regarding illegal content, and that they are under the obligation to legally assess flagged content. If it is “obviously illegal” it has to be taken down within 24 hours; if otherwise illegal, within seven days. After making its decision, it has to inform both the appellant and the user who had uploaded the content. If it fails to do so, it could face fines of up to EUR 50 million.52 The proposal sparked severe criticism from activists, NGOs, and politicians, who warned that the law could lead to an overreach by creating incentives for social media companies to prematurely delete content in order to avoid possible fines.5354 Besides criticizing the lack of judicial oversight, the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression pointed to the lack of clarity as to what constitutes “unlawful” content, noting that “A prohibition on the dissemination of information based on vague and ambiguous criteria, such as “insult” or “defamation,” is incompatible with article 19 of the ICCPR. The list of violations is broad, and includes violations that do not demand the same level of protection.”55 In an attempt to accommodate critics, the Ministry of Justice made some amendments, including an exemption for first-time offenders or companies that had merely made an erroneous legal assessment,56 but reservations against the bill remained strong even among members of the governing coalition of Christian Democrats and Social Democrats.57 Nonetheless, the bill was enacted into law on the last day before the parliament’s summer recess.58
Since the CJEU decision on the “right to be forgotten” in May 2014,59 Google and other search engines are required to remove certain search queries from their index if they infringe on the privacy rights of a person and that person files a respective application with the search engine. As of May 9, 2017, Google had assessed more than 721,000 applications across the EU, with nearly 98,000 coming from Germany alone.60 In 47.8 percent of the German requests, Google decided to remove the link. The process follows the guidelines developed by an advisory group of experts, aiming to strike a balance between the right to be forgotten on the one hand, and freedom of expression and information on the other.61 In early March 2016, Google announced that it would delist links not only from its European domains such as google.de, google.fr, and so on, but in the future resort to geo-blocking so that delisted links could not appear in Google search queries within the European Union even if someone used google.com instead of the national version of the search engine.62 This had been one of the most pressing demands by European data protection officials since the publication of the CJEU decision.63 The right to be forgotten will be codified in Article 17 of the EU’s new General Data Protection Regulation, which is currently in its two-year transition period before coming into effect in May 2018.64

The autocomplete function of Google’s search engine also has repeatedly been subject to scrutiny. In May 2013, the Federal Court of Justice ruled that Google could be held liable, at least under some circumstances, for the infringement of personal rights through its autocomplete function.65 In its subsequent decision concerning the same case, the Higher Regional Court in Cologne decided that Google’s liability amounted to the obligation to delete the respective automated search query combination and to refrain from repeating the tort, but not to pay further compensation.66

Figures released by ICT companies indicate that post-publication content removal requests are issued with regard to defamation or illegal content. According to Google’s latest transparency report regarding requests to remove content covering the period from July to December 2016, the company received 242 requests from the German courts and other public authorities. The most common reasons (40 percent of cases) for orders to remove content are privacy and security concerns, followed by defamation and hate speech.67 Upon request from authorities, between July and December 2016, Facebook restricted access to 919 pieces of content compared to 366 between July and December 2015, including items that constituted incitement of hatred and Holocaust denial, which are illegal under the German criminal code,68

Platform operators can be held liable for illegal content under the Telemedia Act. The law distinguishes between full liability for owned content and limited “breach of duty of care” (Stoererhaftung) of access providers and host providers for third party content.69 Although access and host providers70 are not generally responsible for the content they transmit or temporarily store, there is a tension between the underlying principles of liability privilege and that of secondary liability.71 Principally, ISPs are not required to proactively control or review the information of third parties on their servers; they become legally responsible as soon as they gain knowledge of violations or violate reasonable audit requirements.72

In 2012, court rulings limited the liability privilege of ISPs by further specifying requirements, responsibilities, and obligations. Additional blocking and filtering obligations of host providers have been put in more concrete terms by the Federal Court of Justice (Bundesgerichtshof, BGH) in the “Alone in the Dark” case.73 In this specific instance, the game publisher Atari sued the file hosting service Rapidshare for copyright violations concerning a video game. Although the judges did not hold Rapidshare liable for direct infringement, they saw a violation of the service’s monitoring obligations under the breach of duty of care as a result of Rapidshare’s failure to proactively control its service for copyrighted material after it was notified of one infringing copy.74

In a subsequent decision concerning Rapidshare in August 2013, the BGH substantiated and further extended host providers’ duties. According to the judgment, if the business model of a service aims to facilitate copyright infringements, the company is considered less worthy of protection with regard to liability privilege.75 As a consequence, host providers are required to monitor their own servers and search for copyright-protected content as soon as it has been notified of a possible violation.76

A special requirement to review the content for any rights violations was also ruled in a case where a blogger integrated a YouTube video onto his website.77 However, in October 2014, the CJEU ruled that embedding content from other sources by means of framing is not a copyright infringement.78 In July 2015, the Federal Court of Justice clarified that embedding is legal, as long as the source itself is legal—which at least in theory means that publishers are under the legal obligation to research whether the content they intend to embed was uploaded without a violation of copyright.79

An important exception to the liability privilege concerns wireless networks.80 Because of a highly disputed ruling against the existing liability privilege by the Federal High Court in 2010, legislative initiatives from states and political parties sought to modify the secondary liability of local Wi-Fi operators, however without immediate success. Proposed bills were repeatedly criticized for being impractical or not going far enough, not least by the European Commission.81 Apart from legislative initiatives, in September 2014, a Munich court asked the CJEU for a preliminary ruling on the question of the applicability of the liability privilege for a provider of an openly accessible Wi-Fi network.82 In September 2016, the CJEU decided that although providers are usually not responsible for violations committed by the users of a free network, they are obliged to secure free networks with a password.83 The ruling was largely in line with prior German jurisprudence, and most commentators did not consider it an improvement for providers of openly accessible networks.84

As a reaction to this latest development, in February 2017, the governing coalition presented yet another bill in order to solve the issue, and to enable the proliferation of open and freely accessible wireless networks. The proposal by the Federal Ministry of Economy intends to clarify that the liability privilege not only applies to providers of free wireless networks, as previously arranged, but that those providers are also not obligated to issue a (costly) declaration of cease and desist in case that one of the users of the network committed a violation of copyright.85 At the same time, however, the bill provides for the possibility to oblige network operators to block access to certain websites or web content that violates copyright or other laws. This aspect of the proposal has been criticized for introducing new legal uncertainties for network providers.86 Despite these objections, however, the bill was passed into law in late June of 2017.87

Media, Diversity and Content Manipulation

Germany is home to a vibrant internet community and blogosphere; however, there were heightened concerns over the proliferation of disinformation and its potential impact on 2017 elections. In turn, concerns regarding the spread of so-called “fake news” resulted in controversial legal solutions with potentially negative consequences for freedom of expression online (see “Content Removal”).

Local and international media outlets and news sources are accessible and represent a diverse range of opinions. However, disinformation has proliferated on social media in recent years—a concern which increased ahead of Germany’s federal elections in September 2017. Research conducted by the Computational Propaganda Research Project between December 2016 and May 2017 found that hyperpartisan, conspirational news and disinformation were prominent on social media in the lead-up to the elections, accounting for approximately 20 percent of political news and information on Twitter. Widely shared sources included anti-Islam blog Philosphia Perennis and the extremist right-wing Zuerst!, while many outlets “displayed indicators of Russian references.” On the other hand, it found that automated bot activity was “marginal.”88

To date, self-censorship online has not been a significant or well-documented issue in Germany. Still, there are more or less unspoken rules reflected in the publishing principles of the German press.89 The penal code and the JMStV prohibit content such as child pornography, racial hatred, and the glorification of violence in a well-defined manner. However, the OSCE strongly criticized the criminal investigation into the online media outlet Netzpolitik in July 2015, with regard to their reports on the activities of the German intelligence agencies, for its potential chilling effect on investigative reporting (see “Prosecutions and Detentions for Online Activities”).90

Ancillary copyright for press publishers (Leistungsschutzrecht für Presseverleger), in force since 2013, allows publishers to monetize even the small snippets of information that search engine operators display as part of the results of a query.91 This raised concerns regarding the constitutionally protected rights to freedom of expression and freedom of information.92 In reaction to the law’s enactment, search engines such as Google began excluding search results leading to the websites of publishers that monetized their search links, or displayed links without the corresponding snippets to limit monetization.93 In response, the publishers’ collecting society VG Media lodged complaints and antitrust proceedings against Google. In September 2015, the Federal Cartel Office decided that Google’s practice was not in violation of antitrust laws.94 Later in November 2015, arbitration proceedings between Google and VG Media failed, as the search engine regarded VG Media’s demand to receive 6 percent of Google’s aggregate turnover as license fees as inappropriate.95 In February 2017, the first court proceedings dealing with the law commenced before a Berlin district court, after VG Media filed a lawsuit against Google.96

Germany’s Telecoms Act authorizes the federal government to issue an executive order to protect the principle of net neutrality.97 However, in November 2015, with votes from the ruling coalition of Christian and Social Democrats, the German federal parliament rejected a legislative proposal by the Green party to domestically safeguard net neutrality. Representatives of the majority referred to the EU regulation adopted in October 2015, deeming it a viable compromise.98 Though formally endorsing the principle of net neutrality, the European regulation on net neutrality prompted concern that certain services may still be privileged within the networks, as experts deemed that the text would make it easy to introduce a first-class and second-class internet.99 However, the final version of the “Guidelines on the Implementation by National Regulators of European Net Neutrality Rules,” published by the Body of European Regulators for Electronic Communications (BEREC) at the end of August of 2016,100 provide further safeguards for the principle of net neutrality, closing many of the loopholes for “specialized services.”101 The national legislator is expect to follow the now clarified European standards concerning net neutrality.

Digital Activism

Several civil society initiatives have used the internet to conduct advocacy campaigns on political and social issues in Germany.

After the German-Turkish journalist Deniz Yücel, a correspondent for Berlin-based daily Die Welt, was detained by Turkish authorities in Istanbul on February 14, 2017, for allegedly spreading terrorist propaganda through his reporting,102 fellow journalists and free-speech activists launched the online campaign #freedeniz. The campaign, which consistently of a Twitter hashtag,103 a campaign homepage,104 and a petition via change.org,105 intended to put pressure on the Turkish government to release Yücel and all other journalists who have been detained in the country since the attempted coup in July 2016. The campaign emphasizes the importance of the rights to freedom of expression and freedom of the press for a democratic society.

Violations of User Rights: 

The scandal triggered by Edward Snowden’s 2013 revelations concerning the activity of the NSA and German intelligence services remained inadequately assessed despite an ongoing parliamentary inquiry. A new law regulating the conduct of the Federal Intelligence Service (BND) has raised concerns for attempting to legalize hitherto unlawful activity that potentially affects German citizens as well as foreign journalists working in Germany.

Legal Environment

German Basic Law guarantees freedom of expression and freedom of the media (Article 5), as well as the privacy of letters, posts, and telecommunications (Article 10). These articles generally safeguard offline as well as online communication. A groundbreaking 2008 ruling by the Federal Constitutional Court established a new fundamental right warranting the “confidentiality and integrity of information technology systems” grounded in the general right of personality guaranteed by Article 2 of the Basic Law.106

Online journalists are largely granted the same rights and protections as journalists in the print or broadcast media. Although the functional boundary between journalists and bloggers is starting to blur, the German Federation of Journalists maintains professional boundaries by issuing press cards only to full-time journalists.107 Similarly, the German Code of Criminal Procedure grants the right to refuse testimony solely to individuals who have “professionally” participated in the production or dissemination of journalistic materials.108

Since January 1, 2016, the Office of the Federal Commissioner for Data Protection and Freedom of Information has been an independent supreme federal authority, a clear upgrading from its former status as a subdivision of the Federal Ministry of the Interior.109 This change of constitutional status furthermore entailed a significantly higher budget and a larger staff.110

Prosecutions and Detentions for Online Activities

While there were no new prosecutions or detentions for legitimate digital activity during the coverage period, several cases that drew public criticism in 2015-2016 continued to receive attention.

Criminal proceedings against two online journalists of Netzpoliitk.org, charged with treason after publishing classified documents of the Federal Office for the Protection of the Constitution in July 2015, were quickly halted after causing widespread public outrage,111 but the incident’s aftermath extended into the reporting period. In February 2017, the weekly Die Zeit reported that internal documents showed that, as opposed to the official narrative, Justice Minister Heiko Maas had influenced proceedings by putting pressure on then-Federal Prosecutor Harald Range to stop investigations, thereby unlawfully compromising the independence of the Prosecutor’s office.112 This aspect is significant for future interpretations of press freedom in Germany, as the termination of investigations meant that a legal opinion on the question of whether the published documents in fact constituted a state secret was never issued, and thus not properly scrutinized. While the reporters of Netzpolitik.org maintain the right to publish such documents online,113 other reports suggest that the official legal position would have concluded that it would have amounted to treason if formal proceedings had been allowed to continue.114 This ambiguity in itself could exert a chilling effect on the work of journalists dealing with that kind of internal document.

Another case that sparked a wider debate over freedom of speech in Germany concerned the German satirist Jan Boehmermann.115 Turkish president Recep Tayyip Erdogan had filed a criminal complaint against the comic for a provocative poem mocking him, under an obscure German law that penalizes insults against foreign heads of state.116 After prosecutors dropped the case against Boehmermann in October 2016 due to insufficient evidence,117 the Turkish president filed a complaint against the decision,118 which was rejected shortly after, thus definitively terminating the criminal proceedings.119 At the same time, the civil lawsuit before the regional court in Hamburg, which began on November 3, 2016, led to the ban of three-fourths of the poem due to libel. In case of a violation of the verdict, Boehmermann would have to pay a fine of up to EUR 250,000.120 While Boehmermann’s attorney announced an appeal, the German Federation of Journalists strongly criticized the decision as unjustifiably infringing on the right to produce satire as an expression of free opinion.121

The German Criminal Code (StGB) includes a provision on “incitement to hatred” (§ 130 StGB), which penalizes calls for violent measures against minority groups and assaults on human dignity.122 The provision is seen as legitimate in the eyes of many Germans, particularly because it is generally applied in the context of holocaust denials.123 In the context of the ongoing refugee crisis, there has been a surge of criminal investigations invoking this provision, mostly due to hate speech against asylum seekers on social media platforms such as Facebook. As a result, there have been considerably more convictions for incitement to hatred than usual.124 In 2016, about 900 criminal proceedings were initiated in Berlin alone.125 At the same time, the authorities have been criticized for not doing enough to protect the victims of hate speech online.126

Surveillance, Privacy, and Anonymity

Following the leak of classified information by former NSA contractor Edward Snowden in 2013 revealing the activities of U.S., British, and German intelligence services, Germany’s parliamentary commission of inquiry made little progress in terms of assessing the accountability of German authorities. Moreover, troubling new legislation that aims to legalize hitherto unlawful conduct of the Federal Intelligence Agency (Bundesnachrichtendienst, BND) was introduced.

While the parliamentary commission continued its work, it faced a number of setbacks. In November 2016, the Federal Constitutional Court decided that the Federal Government is under no obligation to unveil the list of inactive NSA targets in Germany, as this list concerned state secrets of the United States and therefore was outside the government’s jurisdiction, even though the list in question had been used by the BND in order to relay information to the NSA.127 Moreover, in March 2017, the Federal Court of Justice decided that the parliamentary commission is not obligated to summon Snowden as a witness, contrary to the opinion of opposition parties represented in the commission.128 Although Chancellor Angela Merkel appeared before the commission as the last summoned witness in February 2017, most commentators agreed that the scandal surrounding Snowden’s revelations is not yet properly accounted for.129 Critics contend that despite three years of investigations, not much has been revealed, and mass surveillance by intelligence services in Germany and beyond continues.130

The principal legislative reaction to the Snowden revelations was the new law for the conduct of the BND, which was enacted with the votes of the governing coalition of the Christian Democratic Union and the Social Democrats in October 2016.131 Its purported aim is to provide the intelligence service with a new and appropriate legal basis. In particular, a newly established control committee is supposed to better monitor the service’s conduct in the future in order to prevent unlawful or even unconstitutional action.132 However, criticism against the law has been widespread. One of the main concerns is that even though the BND is mainly tasked with foreign intelligence collection, the law will permit monitoring of the entire network traffic channeled through the world’s largest internet exchange point, DE-CIX (German Commercial Internet Exchange) in Frankfurt, which would at least unintentionally affect communications by German citizens as well. The operators of DE-CIX had already filed a constitutional complaint against the BND’s practice, which preceded its formal legalization by means of the new law.133 Moreover, the intelligence service would have explicit permission to monitor domestic internet traffic as well, as long as the targets of its measures are foreign citizens.134

Numerous experts and politicians have protested that the new law is unconstitutional.135 136 Furthermore, press freedom groups have criticized that the law does not contain explicit legal protections for foreign journalists working in Germany.137 The explicit distinction between citizens and foreigners as regards the protection of privacy has even prompted UN Special Rapporteur on the right to privacy, Joe Cannataci, to denounce the law as violating Germany’s obligations under the International Covenant on Civil and Political Rights.138 In response, the Free Democratic Party (FDP) and the parliament’s opposition announced proceedings against the law before the Federal Constitutional Court.139

Even before the enactment of the law, the BND had conducted bulk retention of communications metadata of German citizens, a practice that inter alia violates the right to freedom of the press according to an assessment made by Reporters Without Borders Germany.140 At the same time, the BND’s practice of monitoring communications between Germany and abroad in accordance with the so-called G10 law, which regulates limitations of the constitutionally protected privacy of correspondence, posts, and telecommunications, has come under legal scrutiny, too. As it considers the underlying legal basis as overly permissive and thus unconstitutional, the NGO Amnesty International has filed a constitutional complaint before the Federal Constitutional Court against the G10 law.141

Telecommunications interception by state authorities for criminal prosecutions is regulated by the code of criminal procedure (StPO) and may only be employed for the prosecution of serious crimes for which specific evidence exists and when other, less-intrusive investigative methods are likely to fail.

Surveillance measures conducted by the secret services under the Act for Limiting the Secrecy of Letters, the Post, and Telecommunications have continued to be in a steady decline.142

Excessive interceptions by secret services formed the basis of a 2008 Federal Constitutional Court ruling, which established a new fundamental right warranting the “confidentiality and integrity of information technology systems.” The court held that preventive covert online searches are only permitted “if factual indications exist of a concrete danger” that threatens “the life, limb, and freedom of the individual” or “the basis or continued existence of the state or the basis of human existence.”143 Based on this ruling, the Federal Parliament passed an act in 2009 authorizing the Federal Bureau of Criminal Investigation (BKA) to conduct covert online searches to prevent terrorist attacks with a warrant.144 In addition to online searches, the act authorizes the BKA to employ methods of covert data collection, including dragnet investigations, surveillance of private residences, and the installation of a program on a suspect’s computer that intercepts communications at their source. The antiterror legislation first passed after the September 11 terrorist attacks, and that inter alia obliges banks or telecommunications operators to disclose customer information to the authorities, was once again extended in November 2015 through 2021.145

The latest version of spyware developed by the Federal Bureau of Criminal Investigation (BKA), which had been introduced in early 2016 (the so-called Bundestrojaner, “federal Trojan horse”),146 kept drawing criticism during the reporting period.147 The NGO Chaos Computer Club (CCC) holds the view that the software is still technically unable to properly differentiate between ongoing communication, the monitoring of which is legally permitted, and stored information regarding communications. Moreover, it argues that there is an inherent security risk for citizens if a state authority exploits known security holes in communication software instead of striving to fix them.148 In October 2016, it was furthermore revealed that the BKA will be provided with new spyware that will extend the same capabilities to smartphones.149 In addition to these newly developed tools, in December 2016, it was reported that the BKA had successfully cracked the encrypted messenger app Telegram in at least 44 cases in order to monitor the text conversations of suspects. Several legal experts as well as politicians cast doubt on the legality of the measures.150

Since 2014, members of the federal parliamentary faction of Die Linke have been issuing yearly inquiries into the employment of so-called “silent SMS” or stealth pings by the BKA, the Federal Office for the Protection of the Constitution, and the Federal Police. In 2016, both the Federal Office for the Protection of the Constitution and the Federal Police vastly increased their use of the tool, while its employment by the BKA declined for the first time in years.151 The technology is used to monitor a target person’s movements, without the target’s notice.

The amended telecommunication act of 2013 reregulates the “stored data inquiry” requirements (Bestandsdatenauskunft).152 Under the provision, approximately 250 registered public agencies, among them the police and customs authorities, are authorized to request from ISPs both contractual user data and sensitive data. While the 2004 law restricted the disclosure of sensitive user data to criminal offenses, the amended act extends it to cases of misdemeanors or administrative offenses. Additionally, whereas the disclosure of sensitive data and dynamic IP addresses normally requires an order by the competent court, contractual user data (such as the user’s name, address, telephone number, and date of birth) can be obtained through automated processes. The requirement of judicial review has been subjected to two empirical studies, both of which found that in the majority of cases a review by a judge does not take place.153 Data protection experts criticize the lower threshold for intrusions of citizens’ privacy as disproportionate.

Despite the CJEU 2014 decision to declare the EU Data Retention Directive unconstitutional,154 the federal parliament enacted a law concerning the reintroduction of data retention with the votes of the governing coalition in October 2015.155 Both the opposition and data protection officials had fiercely opposed the legislative proposal, maintaining that the law contradicts civil laws and violates the guidelines established by the CJEU. Under the new law, different sets of data have to be stored on servers located within Germany for 10 weeks, while providers have to retain the numbers, as well as the date and time, of phone calls and text messages. Internet providers are also required to retain IP addresses of all internet users, as well as the date and time of connections. The location data of mobile phone connections must be saved for four weeks. The requirements exclude sites accessed, email traffic metadata, and the content of communications. In August 2016, the state and federal interior ministers who are members of the Christian Democratic Union issued a declaration demanding a further extension of data retention in Germany so that it would lawful to access and use the stored data even for the prosecution of comparatively minor crimes.156 Three months later, it was announced that the interior ministers of all states had agreed on calling for legislative amendments that would allow data retention for instant messengers on mobile devices, such as WhatsApp.157

In reaction to the controversial legislation, several constitutional complaints have been filed. Among other issues, the complainants claim that, contrary to the CJEU guidelines, which only allow for the retention of data of suspects, the law would enable indiscriminate mass retention of data.158 In February 2017, a legal assessment issued by the federal parliament’s own research service came to the conclusion that the German legislative implementation does not conform with the CJEU guidelines and is thus contrary to European law.159

During the reporting period, a few more state measures have raised concerns regarding the protection of citizens’ data. In March 2017, it was reported that a new bill on the introduction of an electronic ID includes a provision that would allow the police authorities of all states as well as the Federal Police, the Federal Office for the Protection of the Constitution, all state intelligence agencies, and the Military Counterintelligence Service (Militärischer Abschirmdienst, MAD) to access the database of the passport photos of all German citizens that the new law would establish. Experts fear that the move, in combination with massively extended video surveillance in public spaces, could enable state authorities to automatically monitor every single citizen’s movements.160 Newly arriving immigrants are likewise targets of new measures that infringe on the protection of their data. In order to determine a refugee’s origin who does not have any ID— which is frequently the case—authorities would have the right to seize and analyze their mobile phones, laptops, and other data storage devices, without the involvement of a judge.161

User anonymity is compromised by SIM card registration requirements under the telecommunication act of 2004, which requires the purchaser’s full name, address, international mobile subscriber identity (IMSI), and international mobile station equipment identity (IMEI) numbers, if applicable.162 Nonetheless, the principle of anonymity on the internet is largely upheld as a basic right, despite disapprovals from the Federal Minister of the Interior and some other members of the conservative parties.163 A decision by the Federal Court of Justice further strengthened this right, confirming that an online review portal is under no obligation to disclose the data of anonymous users. In the preceding judgment, the Higher Regional Court in Stuttgart had ruled to the contrary.164 Website owners and bloggers are not required to register with the government. However, most websites and blogs need to have an imprint naming the person in charge and contact address. The anonymous use of email services, online platforms, and wireless internet access points are legal. In January 2016, however, reports noted how the Federal Criminal Police Office continued to lobby against encryption technologies at the European level.165 Furthermore, experts have criticized a recent legislative proposal by the governing coalition to introduce a legal claim to gain knowledge of the offender’s real name in the case of violations of the right of personality online, especially hate speech. Observers have voiced concern that this might infringe on the right to anonymity online if interpreted too broadly.166

Intimidation and Violence

There have been no known cases of direct intimidation or violence against online journalists or other ICT users during the coverage period.

Technical Attacks

Human rights activists and nongovernmental organizations are rarely victims of cyberattacks or other forms of technical violence that is aimed at stifling freedom of expression. However, government institutions and the business sector have been targeted with cyberattacks.167

In the summer of 2015, hackers crippled the federal parliament’s internal network168 for four days, until the servers were renewed.169 The head of Germany’s domestic intelligence agency also reported subsequent attacks, notably targeting lawmakers and the Christian Democratic Union.170 Two think-tanks tied to Germany’s ruling coalition parties also experienced cyberattacks in 2017.171

To strengthen its response capabilities to cyberattacks, the federal parliament enacted an IT security law in June 2015 obliging telecommunication firms and critical infrastructure operators to report security breaches to the BSI. However, the new law has been subject to criticism for being largely ineffective and overly intrusive concerning the storage of traffic data to determine the source of possible cyberattacks.172

Notes: 

1 "Mandates of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression; the Special Rapporteur on the Situation of human rights defenders and the Special Rapporteur on the independence of judge and lawyers," United Nations Office of the Higher Commission for Human Rights, August 26, 2016, http://www.ohchr.org/Documents/Issues/Opinion/Legislation/OL_DEU_2.2016.pdf

2 Eurostat, “Broadband and Connectivity – Households,” April 7, 2016, http://bit.ly/1rCjmu7.

3 Bundesnetzagentur, Jahresbericht [Annual report 2016], p. 50, May 5, 2017, http://bit.ly/2ulRsLl.

4 Bundesnetzagentur, Jahresbericht [Annual report 2016], p. 51, May 5, 2017, http://bit.ly/2ulRsLl.

5 Thomas Heuzeroth, “Industrie investiert Milliarden in Breitbandausbau” [Industry invests billions in broadband development], welt.de, October 7, 2014, http://bit.ly/1P81UbX.

6 Tomas Rudl, “Deutschlands Breitbandausbau in der Sackgasse“ [Germany’s broadband expansion at an impasse], Netzpolitik.org, May 17, 2017, http://bit.ly/2qYIx0X.

7 Bundesnetzagentur, Jahresbericht [Annual report 2016], p. 59, May 5, 2017, http://bit.ly/2ulRsLl.

8 Bundesnetzagentur, Jahresbericht [Annual report 2016], p. 58, May 5, 2017, http://bit.ly/2ulRsLl..

9 Newzoo, Top 50 Countries by Smartphone Users and Penetration, http://bit.ly/2ugzNBH .

10 Bundesnetzagentur, Jahresbericht [Annual report 2016], p. 61, May 5, 2017, http://bit.ly/2ulRsLl.

11 Statistisches Bundesamt, “IT-Nutzung nach Geschlecht 2016” [IT usage according to gender 2016], http://bit.ly/2vgO4xW.

12 Statistisches Bundesamt, “IT-Nutzung nach Alter 2016” [IT usage according to age 2016], http://bit.ly/2tPWeO9.

13 Initiative D21, Digital Index 2016, p. 58, http://bit.ly/2k3NiCe.

14 Initiative D21, Digital Index 2016, p. 59, http://bit.ly/2k3NiCe.

15 Initiative D21, Digital Index 2016, p. 56, http://bit.ly/2k3NiCe.

16 Initiative D21, Digital Index 2016, p. 56, http://bit.ly/2k3NiCe.

17 Statistisches Bundesamt, “Statistisches Jahrbuch. Deutschland und Internationales” [Statistical Yearbook], 2016, p. 400, http://bit.ly/2tiueRo.

18 Bundesgerichtshof [Federal Court of Justice], “Bundesgerichtshof erkennt Schadensersatz für den Ausfall eines Internetanschlusses zu” [Court awards damages for internet failures], press release 14/13, January 24, 2013, http://bit.ly/1FLvz98. Hartz IV standard rate is € 391, see: http://bit.ly/2d3yFYtl; € 2.28 of that sum are for Internet access, See: Deutscher Bundestag [German Bundestag], Drucksache 17/3404, p. 60, http://bit.ly/1LnUX6U.

19 Markus Beckedahl, “Bundesrat entscheidet für Gemeinnützigkeit von Freifunk-Communities“ [Federal Assembly decides in favor of not-for-profit status of free wireless network communities], Netzpolitik.org, March 10, 2017, http://bit.ly/2muOGyt.

20 Björn Brodersen/Alexander Kuch, “Backbones – die starken Hintergrundnetze des Internets” [Backbones – the strong background networks of the internet], teltarif.de, http://www.teltarif.de/internet/backbone.html.

21 “Deutsche Telekom,” Wikipedia, accessed October 8, 2016, https://en.wikipedia.org/wiki/Deutsche_Telekom.

23 DSLWEB, “Breitband Report Deutschland Q4 2016” [Broadband Report Germany], May 19, 2017, http://bit.ly/2uVxioM.

24 Mobilfunk-Talk.de, “Mobilfunk-Marktanteile 2016: O2 vor Vodafone und Telekom,” [Mobile phone market shares: O2 ahead of Vodafone and Telekom], October 19, 2016, http://bit.ly/2tiXsQh.

25 Statistisches Bundesamt, “Preisentwicklung 2016” [Price development 2016], p. 83, http://bit.ly/2t7yEj6.

26 Markus Beckedahl, “Verkehrsministerium gewinnt Fachaufsicht über Bundesnetzagentur” [Ministry of Transport gains supervision over Federal Network Agency], Netzpolitik.org, February 14, 2014, http://bit.ly/1jDT9KQ.

27 Monopolkommission [Monopolies Commission], “Telekommunikation 2009: Klaren Wettbewerbskurs halten” [Telecommunication 2009: stay on target in competition], Sondergutachten 56, 2009, p. 75, http://bit.ly/2dBXDUY; European Commission, “Progress Report on the Single European Electronic Communications Market (15th Report)”, COM(2010) 253, p. 196, http://bit.ly/1Od2qpT.

28 European Commission, “Data Protection: European Commission requests Germany to ensure independence of data supervisory authority,” Press Release, Brussels, April 6, 2011, http://bit.ly/2cZPo3n.

29 European Commission, Progress Report, p. 196. Since the Federal Republic still exercises its rights as a shareholder of Deutsche Telekom (circa 38 percent) through another public law entity, commentators see a potential conflict of interest. See: Christian Schmidt, “Von der RegTP zur Bundesnetzagentur. Der organisationsrechtliche Rahmen der neuen Regulierungsbehörde” [From RegTP to Federal Network Agency. The organizational framework of the new regulator], Die Öffentliche Verwaltung 58 (24), 2005, p. 1028.

30 Tomas Rudl, “Breitbandausbau: Telekom-Vectoring kommt näher“ [Broadband development: Telekom vectoring approaches], Netzpolitik.org, November 23, 2015, http://bit.ly/2dOcz0t.

31 Richard Sietmann, “Fiber to the Neverland. Die Telekom forciert VDSL-Vectoring statt Glasfaser” [Fiber to the Neverland. DT pushes VDSL-Vectoring instead of Fiber], c't 10/2013, April 29, 2013, pp. 18-21http://heise.de/-1847272.

32 Volker Briegleb, “VDSL-Turbo Vectoring: Monopolkommission warnt vor ’Technologiemonopol der Telekom‘” [VDSL turbo vectoring: monopoly commission warns against ’technology monopoly of the Telekom’], heise.de, December 7, 2015, http://bit.ly/2eeTyog.

33 Tomas Rudl, “Vectoring: Beirat der Bundesnetzagentur fordert Nachbesserungen” [Vectoring: advisory board of Bundesnetzagentur demands amendments], Netzpolitik.org, January 26, 2016, http://bit.ly/2dD05a2.

34 Tomas Rudl, “Vectoring: EU-Kommission leitet sorgfältige Prüfung ein”[Vectoring: EU Commission instigates thorough review], Netzpolitik.org, May 10, 2016, http://bit.ly/2qlov04.

35 Tomas Rudl, “Vectoring: Bundesnetzagentur veröffentlicht neuen Regulierungsentwurf“ [Vectoring: Bundesnetzagentur publishes new regulation proposal], Netzpolitik.org, June 21, 2016, http://bit.ly/28P844I.

36 Tomas Rudl, “Vectoring: EU-Kommission genehmigt Entwurf, fordert jedoch Nachbesserungen“ [Vectoring: EU Commission approves proposal, demands amendments], Netzpolitik.org, July 19, 2016, http://bit.ly/2pZjRE4.

37 Due to substantial criticism by activists and NGOs that provoked an intense political debate, the 2010 law on blocking websites containing child pornography, the Access Impediment law (Zugangserschwerungsgesetz), never came into effect and was finally repealed by the German parliament in December 2011.

38 Collecting societies are private organizations at the national level in Germany authorized by the Copyright Administration Act (Urheberrechtwahrnehmungsgesetz). Although they act under the supervision of the German Patent and Trademark Office (DPMA), they belong to the private sector. With the foundation of the collecting society C3S, provided the DPMA grants permission, GEMA’s national monopoly could soon come to an end. See: Jens Uthoff, “Neue Wege im Paragraphendschungel” [New paths through the regulation jungle], taz.de, April 9, 2014,http://www.taz.de/!136441/.

39 GEMA, “GEMA and YouTube,” accessed April 23, 2014, http://bit.ly/2eyz5wd.

40 This development occurred outside the period of coverage of this report. See: Tim Ingham, “YouTube strikes deal with GEMA to host music videos in Germany,” Music Business Worldwide, November 1, 2016, http://bit.ly/2e8Hv7t.

41 Constanze Kurz, “BGH-Entscheidung zu Netzsperren: Die nichtsnutzige digitale Sichtschutzpappe ist zurück” [Federal Court of Justice decision on blocking of websites: the useless digital screen wall is back], Netzpolitik.org, November 26, 2015,http://bit.ly/2d3wCmY.

42 Constanze Kurz, “BGH-Entscheidung zu Netzsperren: Die nichtsnutzige digitale Sichtschutzpappe ist zurück” [Federal Court of Justice decision on blocking of websites: the useless digital screen wall is back], Netzpolitik.org, November 26, 2015,http://bit.ly/2d3wCmY.

43 The legal framework regulating media protection of minors in particular consists of the Law for the protection of children and youth (“Jugendschutzgesetz”, JuSchG) of the federal government and the Interstate Treaty on the Protection of Minors in the Media (short “Jugendmedienschutzstaatsvertrag”, JMStV).

44 Cf. the respective §§ 130, 131 StGB [Crimical Code]. For English translation, see: http://bit.ly/1rT41ps.

45 Cf. the respective § 5, Abs. 3 JMStV.

46 Eike Kühl, “Weniger Toleranz? Ja bitte.“ [Less tolerance? Yes please.], Zeit Online, November 25, 2015, http://bit.ly/2dK1qvp.

47 Fabian Reinbold, “Das Merkel-Selfie und die Wundermaschine” [The Merkel selfie and the miracle machine], Spiegel Online, February 6, 2017, http://bit.ly/2keBryq.

48 Markus Reuter, “Merkel-Selfie-Prozess: Fremdenfeindliche Gerüchte als Türöffner für Zensur“ [Merkel selfie case: xenophobic rumors as gateway for censoring], Netzpolitik.org, February 6, 2017, http://bit.ly/2jY6Fh8.

49 Spiegel Online, “Facebook muss Hasspostings nicht aktiv suchen” [Facebook does not have to actively search for hateful postings], March 7, 2017, http://bit.ly/2qWuGUN.

50 Fabian Reinbold and Marcel Rosenbach, “Hetze im Netz: Facebook löscht Kommentare jetzt von Berlin aus” [Incitement on the net: Facebook now deletes comments from Berlin], Spiegel Online, January 15, 2016, http://bit.ly/200TbdO.

51 Matthias Monroy, “Facebook, Twitter & Co: Upload-Filter gegen ‘Terrorismus und Extremismus’ gestartet” [Facebook, Twitter, and co.: upload filter against ‘terrorism and extremism’ activated], Netzpolitik.org, March 13, 2017, http://bit.ly/2mHSJHz.

52 Spiegel Online, “Maas will Millionen-Bußgelder für soziale Netzwerke“ [Maas wants heavy fines for social networks], March 14, 2017, http://bit.ly/2noHnGM.

53 Reporter Ohne Grenzen [Reporters Without Borders], “Gesetzentwurf bedroht Pressefreiheit“ [Bill threatens freedom of the press], March 15, 2017, http://bit.ly/2nqPGFF.

54 Digitale Gesellschaft [Digital Society], “Fake News und Hate Speech: Vorstoß des Bundesjustizministers gefährdet Meinungsfreiheit im Netz“ [Fake news and hate speech: Federal Minister of Justice’s proposal threatens freedom of opinion online], March 14, 2017, http://bit.ly/2qORsRZ.

56 Fabian Reinbold, “So will Maas Facebook und Co. büßen lassen” [This is how Maas wants to punish Facebook and co.], Spiegel Online, April 5, 2017, http://bit.ly/2oH5TE0.

57 Melanie Amann and Gerald Traufetter, “Widerstand aus Union und SPD gegen Maas’ Internetgesetz“ [Opposition from CDU and SPD against Maas’s Internet law], Spiegel Online, April 8, 2017, http://bit.ly/2pshTbq.

58 Markus Reuter, “Bundestag beschließt Netzwerkdurchsetzungsgesetz” [Federal parliament enacts Social Network Enforcement Law], Netzpolitik.org, June 30, 2017, http://bit.ly/2tujxiB.

59 ECJ, Google Spain and Google, 13 May 2014, http://bit.ly/1MKoqFS.

60 Google Transparency Report, European privacy requests for search removals, http://bit.ly/1nhgHFN.

61 Eco.de, “Ein Jahr Recht auf Vergessenwerden: Löschen von Suchergebnissen beeinträchtigt die Zivilgesellschaft” [One year right to be forgotten: Removal of search results impairs civil society], May 13, 2015, http://bit.ly/1N9DnDW.

62 Peter Fleischer, “Adapting our approach to the European right to be forgotten, ” Google Europe Blog, March 4, 2016, http://bit.ly/2e0CnUG.

63 Friedhelm Greis, “Recht auf Vergessen soll weltweit gelten” [Right to be forgotten shall be applicable globally], Golem.de, November 26, 2014, http://bit.ly/1vQfwkF.

64 Bayerisches Landesamt für Datenschutzaufsicht [Bavarian State Office for Data Protection Oversight], “Recht auf Löschung” [Right to be forgotten], July 19, 2016, http://bit.ly/2qO8dwM.

65 BGH [Federal Supreme Court], judgment of May 14, 2013, Az. VI ZR 269/12; Jürgen Kuri/Martin Holland, “BGH zu Autocomplete: Google muss in Suchvorschläge eingreifen” [BGH on autocomplete], May 14, 2013 http://heise.de/-1862062.

66 Beck Aktuell, “OLG Köln: Klage gegen Google auf Unterlassugn bestimmter Suchwortkombinationen erfolgreich” [Higher Regional Court Cologne: Injunction suit against Google concerning certain search query combinations successful], April 8, 2014,http://bit.ly/2dnwPSY; Adrian Schneider, “OLG Köln: Die Autocomplete-Entscheidung im Detail” [Higher Regional Court Cologne: the autocomplete decision in detail], Telemedicus, April 11, 2014, http://bit.ly/1iRT59G.

67 “Google Transparency Report, Germany: July to December 2016,” http://bit.ly/2dnbSrg.

68 Facebook, “Government Requests Report: July 2016 – December 2016,” http://bit.ly/2v9G5Uf.

69 In particular: Part 3, §§ 7-10 TMG: liability for own content (§ 7, Abs. 1 TMG); limited liability for access providers (§§ 8, 9 TMG) and host providers (§ 10 TMG).

70 The BGH in particular has developed the principles of limited liability of host providers: BGH [Federal Court of Justice], judgment of October 25, 2011, Az. VI ZR 93/10.

71 Liability privilege means that information intermediaries on the internet such as ISPs are not responsible for the content their customers transmit. Secondary or indirect liability applies when intermediaries contribute to or facilitate wrongdoings of their customers.

72 BGH [Federal Court of Justice], judgment of March 27, 2012, Az. VI ZR 144/11, http://openjur.de/u/405723.html.

73 BGH [Federal Court of Justice], judgment of July 12, 2012, Az. I ZR 18/11, http://openjur.de/u/555292.html.

74 Timothy B. Lee, “Top German court says RapidShare must monitor link sites for piracy,” Ars Technica, July 16, 2012, http://bit.ly/2dK2bVb.

75 BGH [Federal Court of Justice], judgment of 15 August, 2013, Az. I ZR 80/12, http://bit.ly/1MOQasE .

76 Thomas Stadler, “BGH erweitert Prüfpflichten von Filehostern wie Rapidshare” [Federal Court of Justice extends monitoring duties for host providers such as Rapidshare], Internet-Law, September 4, 2013, http://bit.ly/1N9EWSv.

77 LG Hamburg [Regional Court Hamburg], judgement of May 18, 2012, Az. 324 O 596/11, http://openjur.de/u/404386.html.

78 CJEU, Case of BestWater International GmbH v Michael Mebes and Stefan Potsch, C-348/13, October 21, 2014, http://bit.ly/2dnq4k9.

79 Andreas Biesterfeld-Kuhn, “Die zweite Realität der Bundesrichter” [The federal judges’ second reality], Legal Tribune Online, July 10, 2015, http://bit.ly/1Tzuq75.

80 In 2010, the German Federal High Court sentenced the private owner of a wireless router on the grounds that his or her open network allowed illegal activities. cf. Christopher Burgess, “Three Good Reasons to Lock Down Your Wireless Network,” The Huffington Post (blog), June 8, 2010, http://huff.to/1LYHK3k.

81 Volker Tripp, “Anhörung zum Telemediengesetz: Wie geht es weiter mit offenem WLAN und Host-Providerhaftung?” [Hearing on telemedia act: what’s next for open wireless networks and host provider liability?], Digitale Gesellschaft, December 16, 2015,http://bit.ly/2dCRT9R.

82 “LG München I legt Frage der Haftung bei offenen WLANs dem EuGH vor” [Munich district court submits question on liability concerning open Wi-Fi to ECJ], Offenenetze.de, October 8, 2014, http://bit.ly/1iRW1mK.

83 Spiegel Online, “Das bedeutet das Urteil zur Störerhaftung für Deutschland” [This is what the ruling on network liability means for Germany], September 15, 2016, http://bit.ly/2cgKWvo.

84 Johannes Boie, “Das Wlan-Urteil des EuGH ist unsinnig” [The CJEU’s wifi ruling does not make sense], sueddeutsche.de, September 15, 2016, http://bit.ly/2f15StA.

85 Ingo Dachwitz, “Die unendliche WLAN-Geschichte geht weiter: Netzsperren statt Abmahnindustrie“ [The neverending wireless network story continues: blockings instead of compensation industry], Netzpolitik.org, February 28, 2017, http://bit.ly/2lPm7LB.

86 Lennart Mühlenmeier, “Störerhaftung und Netzsperren: Verbände fordern Nachbesserungen bei der Nachbesserung am WLAN-Gesetz“ [Breach of duty of care and network blockings: associations demand amendments to the amendment oft he wireless network law], Netzpolitik.org, March 15, 2017, http://bit.ly/2m3t1id.

87 Ingo Dachwitz, “WLAN-Gesetz: Bundestag schafft Störerhaftung endlich ab, ermöglicht aber Netzsperren“ [Wi-fi law: federal parliament finally abolishes breach of duty of care, but enables website blocking], Netzpolitik.org, June 30, 2017, http://bit.ly/2sDsoLx.

88 Lisa-Maria N. Neudert, University of Oxford, “Computational Propaganda in Germany: A Cautionary Tale,” Working Paper No. 2017.7, http://comprop.oii.ox.ac.uk/wp-content/uploads/sites/89/2017/06/Comprop-Germany.pdf

89 Presserat [Press Council], “Pressekodex” [press code], version dated March 13, 2013, http://bit.ly/1FgsgW8.

90 “OSCE representative warns about impact on free media of criminal investigation of Netzpolitik.org journalists in Germany,” Organization for Security and Co-operation in Europe,” August 4, 2015, http://bit.ly/2dT3gJK.

91 David Meyer, “Google fighting German plan for linking fee”, cnet.com, November 27, 2012, http://cnet.co/1WCkg72.

92 Philipp Otto, “Kommentar: ein unmögliches Gesetz” [Comment: an impossible law], iRights.info, August 30, 2012, http://bit.ly/1jE6XoJ.

93 Henry Steinhau, “Leistungsschutzrecht: T-Online und 1&1 verbannen Verlage der VG Media aus ihren Suchergebnissen” [Ancillary copyright: T-Online and 1&1 ban VG Media publishers from their search results], irights.info, September 16, 2014,http://bit.ly/1JKFxlY.

94 Friedhelm Greis, “Kartellamt hält Googles Vorgehen gegen Verlage für begründet” [Cartel Office considers Google’s approach against publishers justified], golem.de, September 9, 2015, http://bit.ly/2dJRQc4.

95 Stefan Krempl, “Schiedsverfahren zum Leistungsschutzrecht gescheitert” [Arbitration proceedings regarding ancillary copyright failed], heise.de, October 28, 2015, http://bit.ly/1NPyayF.

96 Werner Pluta, “Streit um Leistungsschutzrecht geht vor Gericht” [Dispute concerning ancillary copyright goes to court], Golem.de, February 6, 2017, http://bit.ly/2kFfSKT.

97 See section 41a of the Telecommunications Act.

98 Stefan Krempl, “Bundestag will Netzneutralität nicht umfassend absichern” [Federal parliament does not want to safeguard net neutrality comprehensively], heise.de, November 13, 2015, http://bit.ly/2eeGM9h.

99 Chris Baraniuk, “European Parliament votes against net neutrality amendments,” Bbc.com, October 27, 2015, http://bbc.in/1jOhTAs; See also: Tomas Rudl, “EU-Parlament beschließt umstrittene Netzneutralitätsregeln” [EU Parliament enacts controversial net neutrality rules], Netzpolitik.org, October 27, 2015, http://bit.ly/1ids9R5.

100 “BEREC Guidelines on the Implementation by National Regulators of European Net Neutrality Rules,” August 30, 2016, http://bit.ly/2fdSy3H.

101 Amar Toor, “Europe’s net neutrality guidelines seen as a victory for the open web,” The Verge, August 30, 2016, http://bit.ly/2c88eSd.

102 Oliver Mayer-Rüth, “Der Fall Deniz Yücel” [The case Deniz Yücel], Tagesschau.de, February 20, 2017, https://www.tagesschau.de/ausland/deniz-yuecel-105.html.

106 BVerfG [Federal Constitutional Court], Provisions in the North-Rhine Westphalia Constitution Protection Act (Verfassungsschutzgesetz Nordrhein-Westfalen) on online searches and on the reconnaissance of the internet null and void, judgment of February 27, 2008, 1 BvR 370/07 Absatz-Nr. (1 - 267), http://bit.ly/1YVssS3; See also: Press release no. 22/2008, http://bit.ly/2dnoChN. For more background cf. Wiebke Abel/Burkhard Schaferr, “The German Constitutional Court on the Right in Confidentiality and Integrity of Information Technology Systems – a case report on BVerfG,” NJW 2008, 822”, 2009, 6:1 SCRIPTed 106, http://bit.ly/2dNZSCJ.

108 Code of Criminal Procedure (StPO), § 53 (1) 5, http://bit.ly/1O9zcXz.

109 “Endlich! Unabhängige Datenschutzbehörde für Deutschland” [Finally! Independent data protection agency for Germany], Datenschutzbeauftragter-info.de, August 27, 2014, http://bit.ly/1jE9tv3.

110 “Bundesdatenschutz-Behörde wird 2016 unabhängig” [Office oft he Federal Commissioner for Data Protection will become independent in 2016], N-TV.de, December 30, 2015, http://bit.ly/2eeGkYL.

111 Martin Klingst, “Wer wann was verbockt hat” [Who failed when regarding what], Zeit Online, August 11, 2015, http://bit.ly/2eeFYl3.

112 Zeit Online, “Interne Akten belasten Justizminister Heiko Maas“ [Internal documents incriminate Justice Minister Heiko Maas], February 22, 2017, http://bit.ly/2lKZRmW.

113 Markus Beckedahl, “Warum unsere Veröffentlichungen zum Verfassungsschutz kein Landesverrat sind“ [Why our publications regarding the Federal Office fort he Protection oft he Constitution do not constitute treason], Netzpolitik.org, October 5, 2016,http://bit.ly/2dTUor9.

114 Sabine Rückert, “Wer hat gelogen?“ [Who lied?], Zeit Online, March 9, 2017, http://bit.ly/2prGbal.

115 Alison Smale, “Angela Merkel Draws Criticism for Allowing Turkey’s Case Against Comic,” The New York Times, April 15, 2016, http://nyti.ms/1V6IlVG.

116 Hasnain Kazim “Erdogan's Demand for Legal Action Puts Merkel in a Bind,” Spiegel, April 12, 2016, http://bit.ly/2fdOL6z.

117 “Germany drops Turkey President Erdogan insult case,” BBC, October 4, 2016, http://bbc.in/2fAgzm6.

118 Tagesschau, “Erdogan legt Beschwerde ein“ [Erdogan files complaint], October 10, 2016, https://www.tagesschau.de/inland/erdogan-boehmermann-103.html.

119 Tagesschau, “Erdogan scheitert mit Beschwerde“ [Erdogan’s complaint fails], October 14, 2016, https://www.tagesschau.de/inland/erdogan-boehmermann-105.html.

120 Christian Rath, “Drei Viertel des Gedichts bleiben verboten“ [Three fourths of the poem remain banned], Badische Zeitung, February 11, 2017, http://bit.ly/2prM0Vp.

121 Badische Zeitung, “Schmähkritik: Böhmermann-Gedicht großteils verboten“ [Taunting critique: Boehmermann’s poem mostly banned], February 10, 2017, http://bit.ly/2qA6viZ.

122 See Bundeszentrale für politische Bildung [Federal agency for political education], “Volksverhetzung” [incitement to hatred], http://bit.ly/2eoHnab.

123 BVerfG, [Federal Constitutional Court] 1 BvR 2150/08 from November 4, 2009, Absatz-Nr. (1 - 110), http://bit.ly/1KWt940; See also: Press release no. 129/2009 of 17 November 2009, Order of 4 November 2009 – 1 BvR 2150/08 – § 130.4 of the Criminal Code is compatible with Article 5.1 and 5.2 of the Basic Law, http://bit.ly/2e0uK0C.

124 See for example: Pia Ratzesberger, “Verurteilt wegen Hasskommentaren auf Facebook” [Convicted for hateful comments on Facebook], sueddeutsche.de, February 3, 2016, http://bit.ly/1P8Luzi; Lisa Steger, “Hennigsdorfer soll Geldstrafe wegen Volksverhetzung zahlen” [Person from Hennigsdorf fined for incitement to hatred], rbb-online.de, April 26, 2016, http://bit.ly/2d3m8Uz; “Bewährungsstrafe wegen Facebook-Hetze gegen Flüchtlinge” [Suspended sentence for incitement against refugees on Facebook], Zeit Online, October 16, 2015, http://bit.ly/1PKYR6U.

125 Alke Wierth, “Hate Speech bedroht die Demokratie“ [Hate speech threatens democracy], taz.de, January 15, 2017, https://www.taz.de/Hass-im-Internet/!5371620/.

126 Patrick Beuth, “Opfer werden im Stich gelassen“ [Victims are being abandoned], Zeit Online, November 9, 2016, http://bit.ly/2ff9WoC.

127 Anna Biselli, “Bundesverfassungsgericht: Regierung muss NSA-Untersuchungsausschuss keine NSA-Selektorenliste vorlegen“ [Federal Constitutional Court: government under no obligation to hand over NSA target list to parliamentary commission of inquiry], Netzpolitik.org, November 15, 2016, http://bit.ly/2f09Gt4.

128 Anna Biselli, “BGH: NSA-Untersuchungsausschuss muss Snowden nicht einladen, weil die Opposition zu klein ist“ [Federal Court of Justice: parliamentary commission does not have to invite Snowden because the opposition is too small], Netzpolitik.org, March 15, 2017, http://bit.ly/2ncPBEX.

129 Kai Biermann, “Die letzte Zeugin“ [The last witness], Zeit Online, February 16, 2017, http://bit.ly/2lXzJBW.

130 Andre Meister, “Drei Jahre Geheimdienst-Untersuchungsausschuss: Die Aufklärung bleibt Wunschdenken, die Überwachung geht weiter“ [Three years oft he parliamentary commission of inquiry: resolution remains wishful thinking, surveillance continues], Netzpolitik.org, February 24, 2017, http://bit.ly/2lAeUz4.

131 Teresa Sickert, “Was das neue BND-Gesetz für Internetnutzer bedeutet“ [What the new BND law means for Internet users], Spiegel Online, October 19, 2016, http://bit.ly/2ejtHLP.

132 Julian Heißler, “Ein bisschen Ausspähen unter Freunden“ [A little bit of spying among friends], Tagesschau.de, October 21, 2016, http://bit.ly/2pvtsDz.

133 Spiegel Online, “Betreiber des Netzknotens De-Cix verklagen BND“ [Operators of network exchange De-Cix proceed against BND], September 16, 2016, http://bit.ly/2cTDSDh.

134 Teresa Sickert, “Was das neue BND-Gesetz für Internetnutzer bedeutet“ [What the new BND law means for Internet users], Spiegel Online, October 19, 2016, http://bit.ly/2ejtHLP.

135 Sven Braun, “Fünf drastische Folgen des geplanten BND-Gesetzes“ [Five drastic consequences of the planned BND law], Netzpolitik.org, October 18, 2016, http://bit.ly/2ekHyD7.

136 Simon Rebiger, “Wissenschaftlicher Dienst: Geplantes BND-Gesetz ist in Teilen verfassungswidrig“ [Research service: planned BND law is partly unconstitutional], Netzpolitik.org, September 16, 2016, http://bit.ly/2coOtId.

137 Sabine Leutheusser-Schnarrenberger, “Stoppt das BND-Gesetz!“ [Stop the BND law!], Handelsblatt, October 21, 2016, http://bit.ly/2r46Z0n.

138 Sven Braun, “Vereinte Nationen: Sonderberichterstatter kritisiert neues BND-Gesetzespaket” [United Nations: special rapporteur criticizes new BND law], Netzpolitik.org, October 31, 2016, http://bit.ly/2fum1rB.

139 Stefan Krempl, “Neue BND-Befugnisse: Enstation Bundesverfassungsgericht“ [New BND permissions: final destination Federal Constitutional Court], Heise Online, October 21, 2016, http://bit.ly/2qgbdzn.

140 Andre Meister, “Eingestuftes Gutachten: Der BND speichert massenhaft Daten, will aber Betroffene nicht informieren“ [Classfied assessment: BND stores data in bulk but refuses to inform affected], Netzpolitik.org, December 14, 2016, http://bit.ly/2gNO58i.

141 Kai Biermann, “Amnesty klagt gegen Überwachungsgesetz“ [Amnesty files complaint against surveillance law], Zeit Online, November 15, 2016, http://bit.ly/2fQDNSE.

142 See the report of the Parliamentary Control Panel: Deutscher Bundestag, Drucksache 18/11227, February 16, 2017, p. 7-8, http://bit.ly/2qdyO53.

143 Bundesverfassungsgericht [Federal Constitutional Court], Provisions in the North-Rhine Westphalia Constitution Protection Act (Verfassungsschutzgesetz Nordrhein-Westfalen) on online searches and on the reconnaissance of the Internet null and void, judgment of February 27, 2008, 1 BvR 370/07; For more background cf. W Abel and B Schafer, “The German Constitutional Court on the Right in Confidentiality and Integrity of Information Technology Systems – a case report on BVerfG”, NJW 2008, 822, (2009) 6:1 SCRIPTed 106, http://bit.ly/2dNZSCJ.

144 Dirk Heckmann, “Anmerkungen zur Novellierung des BKA-Gesetzes: Sicherheit braucht (valide) Informationen” [Comments on the amendment of the BKA act: Security needs valid information], Internationales Magazin für Sicherheit nr. 1, 2009, http://bit.ly/1KWuRm6.

145“Anti-Terror-Gesetze gelten bis 2021“ [Anti terror laws in force until 2021], Tagescchau.de, November 27, 2015, http://bit.ly/2cZGl2H.

146 Falk Steiner, “Neuer Bundestrojaner steht kurz vor der Genehmigung” [New federal Trojan horse to be approved soon], Deutschlandfunk.de, February 22, 2016, http://bit.ly/20PKsLM.

147 Constanze Kurz, “Auch der kastrierte Trojaner ist zügellos“ [The castrated Trojan horse is dissolute, too], FAZ.net, May 3, 2016, http://bit.ly/2pvducT.

148 CCC, “Stellungnahme des CCC zum Staatstrojaner“ [Statement regarding the Trojan horse], August 18, 2016, http://bit.ly/2qckwCf.

149 Netzpolitik.org, “Erweiterung des Trojaner-Programms: Staatliche Spionagesoftware auf dem Mobiltelefon“ [Extension oft he Trojan program: state surveillance software on mobile phones], October 4, 2016, http://bit.ly/2qcBGzV.

150 Sebastian Lipp and Max Hoppenstedt, “Exklusiv: BKA-Mitarbeiter verrät, wie Staatshacker illegal Telegram knacken“ [Exclusive: BKA employee reveals how state hackers illegally crack Telegram], Motherboard, December 8, 2016, http://bit.ly/2rbuReU.

151 Matthias Monroy, “Statistik zu Überwachungsmaßnahmen: Bundesverfassungsschutz verschickt wieder mehr stille SMS zur Handyortung“ [Statistics on surveillance: Federal Office for the Protection oft he Constitution again sends more silent SMS to locate mobile phones], Netzpolitik.org, February 3, 2017, http://bit.ly/2rcsF7E.

152 Bundesrat, “Mehr Rechtssicherheit bei Bestandsdatenauskunft” [More legal certainty for stored data inquiry], Press release no. 251/2013, May 3, 2013, http://bit.ly/1j5NgWK.

153 Two independent studies from by the Universität of Bielefeld (2003: Wer kontrolliert die Telefonüberwachung? Eine empirische Untersuchung zum Richtervorbehalt bei der Telefonüberwachung“ [Who controls telecommunication surveillance? An empirical investigation on judicial overview of telecommunication surveillance], edited by Otto Backes and Christoph Gusy, 2003) and Max-Planck-Institut Institute for Foreign and International Criminal Law (Hans-Jörg Albrecht, Claudia Dorsch, Christiane Krüpe 2003: Rechtswirklichkeit und Effizienz der Überwachung der Telekommunikation nach den §§ 100a, 100b StPO und anderer verdeckter Ermittlungsmaßnahmen [Legal reality and efficiency of wiretapping, surveillance and other covert investigation measures], http://www.mpg.de/868492/pdf.pdf) evaluated the implementation of judicial oversight of telecommunication surveillance. Both studies found that neither the mandatory judicial oversight nor the duty of notification of affected citizens are carried out. According to the study by the Max Planck Institute, only 0.4 percent of the requests for court orders were denied.

154 Court of Justice of the European Union, “The Court of Justice declares the Data Retention Directive to be invalid,” press release No 54/14, April 8, 2014, http://bit.ly/1svi4QN.

155 “Bundestag beschließt Vorratsdatenspeicherung“ [Bundestag enacts data retention], Faz.net, October 16, 2015, http://bit.ly/2e0seXT.

156 Markus Reuter, “Berliner Erklärung: Innenminister der Union fordern drastische Ausweitung der Vorratsdatenspeicherung“ [Berlin Declaration: Union’s interior ministers demand drastic extension of data retention], Netzpolitik.org, August 19, 2016,http://bit.ly/2bfc7VH.

157 Markus Reuter, “Innenministerkonferenz fordert Vorratsdatenspeicherung für WhatsApp & Co“ [Conference of interior ministers calls for data retention for WhatsApp & co.], Netzpolitik.org, November 30, 2016, http://bit.ly/2gNOvZv.

158 Jakob May, “Weitere Verfassungsbeschwerde gegen Vorratsdatenspeicherung eingereicht” [Further constitutional complaint against data retention filed], Netzpolitik.org, January 27, 2016, http://bit.ly/1nQGru9.

159 Tomas Rudl, “Bundestagsgutachten: Deutsche Vorratsdatenspeicherung genügt EuGH-Vorgaben nicht“ [Parliamentary legal assessment: German data retention does not conform to CJEU guidelines], Netzpolitik.org, February 23, 2017, http://bit.ly/2lLC5oz.

160 Markus Reuter, “Geheimdienste sollen automatischen Zugriff auf die Passbilder aller Bürger bekommen” [Intelligence services are set to obtain automatic access to passport photos of all citizens], Netzpolitik.org, March 9, 2017, http://bit.ly/2nlKj6v.

161 Matthias Monroy, “Bundesamt für Migration und Flüchtlinge rückt Geflüchteten mit neuer Software auf die Pelle“ [Federal Office for Migration and Refugees to pester refugees with new software], Netzpolitik.org, March 17, 2017, http://bit.ly/2ncHIPg.

162 Telecommunications Act (TKG), § 111, http://bit.ly/2dNZTqh.

163 Anna Sauerbrey, “Innenminister Friedrich will Blogger-Anonymität aufheben” [Federal Minister of Interior wants to abolish anonymity of bloggers], Tagessspiel online, August 7, 2011, http://bit.ly/2dCQ2BX.

164 “BGH weist Auskunftsanspruch gegen Internet-Portal zurück” [Federal Court of Justice rejects claim to disclosure against internet portal], Zeit.de, July 1, 2014, http://bit.ly/1iUs1Xa.

165 Matthias Monroy, “BKA auf EU-Ebene weiterhin gegen ’Anonymisierung und Verschlüsselung’ aktiv” [BKA continues to be active against ’anonymization and encryption’ on the EU level], Netzpolitik.org, January 6, 2016, http://bit.ly/2dJQi1z.

166 Markus Reuter, “Hate Speech: Union und SPD wollen Klarnamen-Internet durch die Hintertüre” [Hate speech: CDU and SPD want real name Internet through the back door], Netzpolitik.org, February 23, 2017, http://bit.ly/2lD7UQt.

167 Spiegel Online, “2015 mehr als 40 Millionen Euro Schaden” [Damages worth of more than 40 Million Euros in 2015], July 27, 2016, http://bit.ly/2qdha25.

168 Marie Rövekamp, “Findet den Trojaner!“ [Find the Trojan horse!], Zeit Online, August 11, 2015, http://bit.ly/2dJOky7.

169 Anna Biselli, “Wir veröffentlichen Dokumente zum Bundestagshack: Wie man die Abgeordneten im Unklaren ließ” [We are publishing documents concerning the Bundestag hack: how the members of parliament were left in the dark], Netzpolitik.org, March 7, 2016,http://bit.ly/2dEUqAN.

170 Andrea Shalal, “Germany challenges Russia over alleged cyberattacks“, Reuters, May 4, 2017, http://reut.rs/2pIRhEX.

171 “Germany confirms cyber attacks on political party think tanks,” Financial Review, May 1, 2017, http://www.afr.com/news/special-reports/cyber-security/germany-confirms-cyber-attacks-on-political-party-think-tanks-20170501-gvw9w4

172 Anna Biselli, “Heute im Bundestag Verabschiedung des IT-Sicherheitsgesetzes – ein Überblick” [Today in the parliament enactment of the IT security law – an overview], Netzpolitik.org, June 12, 2015, http://bit.ly/1FcCwIH.