“All that is happening completely under the radar”, says Oliver “Unicorn” Knapp. He is concerned with the planned census in the Chaos Computer Club (CCC). Together with Tim “Scytale” Weber, Knapp has held a lecture (Slides, in German) at Cologne’s Sigint Conference on the 2011 census law to raise public awareness for the issue. Currently, there is close to none, he says.

In Germany, the word “census” (“Volkszählung” – literally “population count”) is very much connected with a wave of protests from 1983 to 1987. In 1983, plans for a census clashed with an already highly politicized public sphere. Within weeks, hundreds of citizens’ initiatives formed over concerns transcending data security, supported by prominent public figures such as nobel prize laureate Günter Grass. The planned census was stopped and finally prohibited by the federal constitutional court in a groundbreaking decision which established the basic right to informational self-determination.

When the census was finally carried out in updated form in 1987, protests surrounding it turned against decreasing civil liberties and urged for more democracy. Activists called for a boycott of the census and “alternative collecting points” presented more than one million blank forms. The government reacted with a rigorous clampdown against protesters, but some municipalities supported the boycott and had to be forced to conduct the census interviews.

One of the reasons that today we see none of these protests might be that next year’s is going to be a so-called “register-based census”. That means that on the one hand, data from different public institutions will be merged and matched against each other. A process that will not show on the street. Thus the population only perceives the other part of the census – the questioning of a sample of ten percent of all households.

In theory, Germany already has detailed information of all inhabitants in registration offices. But in fact these databases are actually often inaccurate and sometimes not even available in standardized form. For that reason, data from job offices and government agencies (for civil servants) are also collected for the census. By matching these databases, it is expected to expose faults of the registration offices.

Datasets from registration offices, job centers and government agencies will be collected by the respective state offices and then transfered to the national office for statistics – without anonymization. That is also true for individuals who are part of a witness protection program. The entries registration offices hold about them bear a notation prohibitting to forward them. But for the census, these data will still be transfered – including the reference regarding the witness protection program.

The reference date for collecting data is on Mai 9, 2011. From this day on, the census also starts in the way that is still known from 1987: Interviewers are deployed to question Germany’s inhabitants. Unlike 23 years ago, not all of the population is subject to interrogations, but only every tenth household. Giving (correct) answers is obligatory and not doing so can be penalized by a fine of up to 5.000 Euros. This phase will take a few months (Official info graphic, in German).

But obviously, some people are more equal than others. There is a range of so-called “special sectors”: Prisons, nursing homes, psychiatries, doss houses. Here, not only samples are taken, but each inhabitant of these facilities is going to be registered, the CCC acitivists say. The statistics offices mention additional interviews “in some cases”, because the data situation there was especially error-prone. The liability to disclose the requested information is with the establishments’ managements, the individuals concerned are only informed that data is transferred.

Already two weeks before the reference date, all the nation’s real estate owners will receive mail. They have to disclose information on their property, disclose whether a flat has a toilet, bathtub or shower. This questioning is conducted per mail, which is why it is expected to take longer: 14 months. Questioning of a population sample and real estate owners combined, about 30 percent of all inhabitants will have to provide information.

These data will be merged and linked up at the national office for statistics. „That in the process the most comprehensive population index in Germany’s history is created is thus no fault, but intended“, Knapp and Weber write in an article for CCC magazine, “Datenschleuder“.

Additionally, all information is linked up with a unique personal identification number. „For any address, any building, any flat, any household and any person national and state statistics offices assign and keep an identification number, which can be applied across municipalities and buildings. Identification numbers can be used in mergings according to §9“, says the census act.

Both activists see this as a clear breach of Germany’s constitution. They point to 1983′s famous “census verdict”, in which the federal constitutional court established a basic right to informational self-determination. At the core of this judgment, Knapp and Weber see the declaration that

a comprehensive registration and indexing of the personality through merging individual biographical and personal data in order to create profiles of the personality of the citizens [...] is inadmissible even in the anonymity of statistical censi.

But other aspects of the law for 2011′s census as well seem to cross the lines defined by the constitutional judges in their decision. Back then, a lack of anonymization was one of the reasons to block the original plans. Subsequently in 1987, block-wise anonymization was adopted. But today, this security measure is no object anymore.

Another point of criticism in 1983 was that original plans included using census data to correct registration offices’ databases. The constitutional court put a stop to this as well, which seems to still be extant in the so-called “separation principle”: According to that, census data may only be used for statistical purposes. But without anonymization, it is hard to rule out misuse.

The German census act implements an EU directive, other European countries will question their population as well in 2011. But the federal republic exceeds the minimal requirements set by Brussels in two cases. The form will additionally ask whether interviewees or their parents have migrated to Germany, as well as for religious beliefs held by them (answering the latter is optional).

Ten years ago, Germany and Sweden were the only countries not to participate in the European census. 1991 as well a census planned after the fall of the Berlin wall was canceled, which would have updated statistical information on the reunited German nation. The costs were deemed to high back then, but fear of protests from the population was critical for the cancellation as well.

This time costs are again a major issue. 750 million Euros are budgeted for the census, a third of which will be paid by the federal government. Municipalities are thus far from happy about the project since they will have to pay high expenses for administration as well as execution of the census.

Since 1987 (in Eastern Germany 1981), Germany has not had a census, except for an annual microcensus in which about one percent of the population is surveyed. The national office for statistics still works on the base of this old data. But population registers must have considerably improved since 2007, when their data was used for the roll-out of a unique tax payer’s account number. Registration offices were notified about flawed data, which could thus be used to reassess the registers.

Proponents of the census do not tire to emphasize the need for accurate, up-to-date population statistics. In fact, some important decisions are made on the base of these data, including the allocation of large sums of money on a state, federal and EU level. CCC activists Knapp and Weber are therefore sure that it will not be possible to stop the census in its entirety.

Yet at CCC’s Cologne conference Sigint, they called for a constitutional complaint against the law. Still at the event, a working group was formed as a subgroup of anti-surveillance umbrella organization Arbeitskreis Vorratsdatenspeicherung (“working group on data retention”). Its goal is to take the census to Germany’s federal constitutional court in Karlsruhe, where the activists hope to achieve better anonymization of collected data.

On June 22, the constitutional complaint was put up online for public support. Up to now, nearly 7000 citizens have signed the petition on the site of civil rights group FoeBuD. The deadline for submitting the complaint is on July 15, when the one-year respite after the passing of the law expires. Until then, attorney Eva Dworschak will prepare the final text to be submitted to Karlsruhe.

What’s up after that? To stop the census in its current form, the federal constitutional court would have to bar it by interim measure. The activists are confident that even Germany’s highest judges are not ignorant to events on the street. A wave of protest as in 1983 would not leave them cold. Thus the issue up next is to form a movement that brings together veteran anti-census protesters and members of Germany’s “new civil rights movement” which has formed up during last years’ in the fight against data retention and internet filtering.

As a member of the Siegen chapter of Arbeitskreis Vorratsdatenspeicherung and FoeBuD, I will do my part in this. We are currently planning a street event to inform people on the upcoming census and collect supporters’ signatures for the constitutional complaint. If you are from Siegen, you are invited to join us in our preparational meeting on Thursday, July 1. More info here.

This article is an updated translation of a post I wrote for Spreeblick, “Aktivisten planen Verfassungsbeschwerde gegen Volkszählung 2011″.

While not utterly surprised, I was astonished by the frequency of these questions, which raises some important issues: What does it mean if we have to expect that information published by our friends in online publics is distorted, not to fool us, but to trick data mining companies and identity thieves? What does it mean for our society if we encounter some of our most important publics – social networks – with distrust, so that we do not feel free to publish personal information there? Will this “virtual distrust” make online public spheres less open, welcoming spaces? What does this mean for our ability, and will, to communicate with others, especially strangers?

Evgeny Morozov, the man who coined the term “Twitter revolution” and, despite that, has often been called a “cyper-pessimist” was one of the first speakers of the event. And while I often find Evgeny’s argumentation to be too polemic, sometimes even Andrew Keen’esque in it’s pessimism, the man has some very valid points.

In the times of the GDR, the Stasi supported a huge network of “inofficial contributors” who were coerced – through threats or monetary rewards – into spying on their peers. Nowadays, this is no longer necessary, says Morozov. Authoritarian regimes can instead discover activists’ networks by looking them up on Facebook. In my eyes, the grandchild of the Stasi is China’s “50 cent party”: An enormous horde of people paid for spreading propaganda on the ‘Net.

There has been a change in the role of access to information. Publishing information has become so cheap that it is the new default, even in environments where this would previously have been a “no-go”. And the regimes react – not by suppressing information, but by discrediting the sender. What does this mean for the importance of freedom of information?

Daniel Schmitt of Wikileaks seems to base his work on the conviction that transparency leads to a better world. It’s some kind of a journalistic determinism. Global Voices’ David Sasaki questions the role of investigative reporting: “Is it really true that traditional journalism minimizes corruption?”

For Jeff Jarvis, that’s not even a question. “We now must defend the public,” he says, “because what is public is owned by the public, and that’s us.” And “if you cut down from the public, you steal from all of us. [...] If you don’t share your knowledge, you’re being anti-social.”

The evening before, Christian Heller fought privacy at taz’ MediaTuesday event. Data security, he says, can be used against us. It “doesn’t necessary protect the weak from the powerful”. David Sasaki says that more and more raw data is put out on the ‘Net and it’s up to us to put it in context. Christian Heller wants to free information from its context. He calls this a plea in support of postmodernism.

Sokari Ekine, who talked about mobile activism in Africa, in an interview that we did said that revolutions are made by people, not by technology. Sami ben Gharbia wonders why media attention often focuses more on the technological development than on the issue, taking much-hyped crisis mapping tool Ushahidi as an example.

Iranian women right activist Farnaz Seifi tells me in an interview that the Iranian people “don’t need any other help rather than [free access to information]“. Evgeny Morozov explains to netzpolitik.org that the power of information is a myth stemming from America’s efforts during the cold war. Americans, he says, still believe that the US won that conflict – because of Radio Free Europe.

But he’s united again with Seifi when it comes to Western donors supporting projects in foreign countries. Their money disengages genuine activists, he claims. “I personally do not agree with lots of the projects inside the country with foreign countries’ budget”, says Seifi. “This is our internal fight. We have to do it ourselves.”

The game was split into two stages. We were around 20 people, divided into groups of four. During the first stage of the game, each group would represent one institution where data are collected, e.g. a supermarket, a library, a gas station, a bank or a registration office. Each participant would also get a list of tasks to fulfill one after another, such as borrowing a book or buying certain items at the supermarket, and a personal ID number. The stations would have forms in which to write down information on their “customers”, such as the ID number and what they bought or borrowed. Thus, several databases were created.

In the second stage of the game, each group would get assigned a job for which to fulfill they needed to use the databases compiled beforehand. Two groups would have to find a job candidate matching a certain profile, two others had to find potential subscribers for a magazine. The fifth group acted as the police, researching a hit-and-run accident.

I got to be in one of the personnel boards. We used the criteria given (e.g. the applicant had to be obedient, incorruptible and sound) and added others, such as intelligence and professional experience. Then we converted these criteria into information we could get from the databases. For professional experience, we assumed a person had to be of a certain age (listed at the registration office), for intelligence we looked at the books they got from the library. We excluded people buying alcohol or pharmaceuticals at the supermarket and those who had a negative balance at the bank.

Through this process, we managed to cut our list down to three people. Using “inofficial” information overheard from the police office, we excluded another person who was a suspect in the hit-and-run case. Finally, we chose one of the two applicants because she had refueled at the gas station, leading us to assume she had a driver’s license, thus being more flexible.

When presenting our findings it turned out the other “personnel board” group had agreed on a different company profile. While we had looked out for people suiting a dislikable chemical corporation, they had explicitly tried to avoid yuppies (by excluding people who had “too much money for their age”). Still, their choice was number two on our list, which means that our (rudimental) algorithms worked relatively similar. The two groups researching potential customers for a magazine on the other hand did not have any overlap on their top three spots.

Still, the findings of the “police” group were the most interesting ones. The group had summoned three people they alleged to be possible perpetrators, but all denied to have committed the crime. The real offender was not found, data mining thus failed in this case.

The group had assumed that the perpetrator had to have left traces in connection with the scooter involved in the accident. Subsequently, they had collected information from library, supermarket and gas station: People who had borrowed books on repairing scooters, bought tools or filled up on a certain kind of fuel used by scooters. People who had borrowed relevant books and stocked up on tools where thus most suspicious. But when interviewed about their errands, the suspects declared to have gotten books and tools for their brothers.

The “police” group had in fact missed one important source of information. At the registration office, addresses of all participants were listed. Using a map on the wall, the investigators could have matched this data with the site of the crime, by this means compiling a list of people living close to it. Together with data from the other institutions, this would have led them to the actual perpetrator.

This management game makes data security a real experience for all participants. It becomes clear that data are not self-explanatory, and that misinterpretation is a huge risk. Of course the game very much simplifies the actual situation. E.g., different rights of access to data sources for different institutions did not play a role, nor did data accuracy. Still it is a good introduction into the issue and a good way to attract awareness for the issue.

After my experience with the management game method in Novosibirsk, I would like to use it in a Privacy Workshop. Participants need to be able to work independently to a certain degree, therefore I would recommend it for students of higher grades only. On the other hand, this approach might also appeal to participants who are less computer-savvy.

(Crossposted from the Privacy Workshop Project blog)

We have been working with kids for a while, but we felt it was necessary to include parents in our efforts to strengthen children’s privacy education. So we invited parents from the school where we have been doing the two latest workshops. We are doing two workshops, one last Saturday and one next weekend, but it looks like we’ve been overestimating the interest in our lectures a little, so we were five workshop dudes and only four parents on Saturday.

We had decided to do a slim version of our regular workshop routine with the parents, which proved to make sense. After all, the kids are much more tech-savvy than the older generation, and thus faster in exploring new technologies.

For the parents, we started off with a version of the talk Christoph held at the Chaos Communication Congress last year. It had a clear message: The internet is great for communication, but we need to behave responsibly. Christoph likes to take the town square as a metaphor for the net: You can go there, meet people, communicate – but you should not run around naked, shouting the names of your sex partners and your credit card information.

That’s what I followed up on when I introduced the principle structure of social networks (indeed, none of the participants had a social network profile, which I tend to deem unusual even for my parents’ generation). Talking about privacy options in social networks, I made the point that it is important to strike a balance between openness and privacy. On the one hand, openness enables communication and social interaction, which I think of as basic human needs. On the other hand, being too open can damage children’s future prospects.

While we showcased some extreme examples of how not to behave on social networks, we also warned of indirect information hidden in profiles. The “gaydar algorithm” that’s modeled to out gay Facebook members by analyzing the sexual orientations of their networks of friends is a good example for that.

As usual, this theoretical introduction was complemented by a hands-on phase. We taught the parents how to use TrueCrypt for data encryption, which I think is the encryption software most useful to parents, too. As “digital immigrants”, our participants were not as fast in taking on the technology as the kids, but in the end everything worked out well.

It is obvious that when doing privacy workshops with parents, one has to strike a balance between addressing the challenges children are facing when using social web applications and taking up the parents at their own situation. I think we did quite well in pointing out dangers without spreading too much f.u.d. – fear, uncertainty, doubt. In the contrary, we are excited about the prospects of social media, and we want the kids to use it. That’s not going to work if we make the parents cyberpessimists – we have to educate them so that they can take up responsibility in guiding their kids.