SIEMENS

The digital, virtual world is already an element that’s here to stay in our everyday lives. But while the real world has comprehensive statutes and laws that ensure order and make it difficult to misuse data or infringe on intellectual property rights, the legal situation on the Internet is not entirely clear. How do you see the current status of things in this regard?

Heckmann: Things could actually be simple in a formal legal sense because all of the “old laws” also apply to the new media — for example, the German Federal Data Protection Act of 1978, or German copyright law. These laws also apply to the Internet. The problem is that such legislation is becoming less and less relevant due to the social and technical phenomena the Internet generates in very short intervals. This is particularly true of the social networks in Web 2.0. Companies and government authorities used to be restricted in their activities by the Data Protection Act, which regulates the processing and dissemination of Internet user data in order to protect citizens’ privacy rights. But today it’s the users themselves who willingly circulate huge amounts of their own personal data in forums like Facebook, Flickr, and others. So, one question is: How far should legislation be allowed to go when it comes to protecting the rights of individuals from their own voluntary actions? The pace of technological change is so rapid that legislatures can’t keep up.

What are the major weaknesses of Internet data law?

Heckmann: The Data Protection Act assumes a right of informational self-determination, but it doesn’t really fully address personal data protection or private autonomy. On the one hand, the law is designed to protect citizens from unauthorized or undesired use of their data. At the same time, it would actually have to restrict an individual’s freedom of action today in order to provide this protection — which of course would be considered contrary to the concept of freedom in this age of information and the Internet. This dilemma is currently resolved by having Internet users approve the processing of their data, but such authorization is in the form of incredibly long legal explanations that are routinely “agreed to” as quickly as possible with the click of a mouse. That’s not self-determination.

In your opinion, how should data protection be managed?

Heckmann: An interesting alternative is offered by technical data protection “embedded” in various applications — for example, in WLAN routers, social networks, and intelligent applications like smart electricity meters, all of which users can alter and adjust over time. This type of “protection ex-works” has been under development for some time both in Germany and at the European level. The Smart Privacy Wheel, which I worked on, offers one example. This “control wheel” consists of numerous intelligent data protection measures that don’t place unnecessary burdens on online providers and users. That’s good because many users aren’t very IT-savvy and are often unable to take security precautions themselves.

Can such data protection measures serve as a bulwark against dubious providers or data thieves?

Heckmann: No — the model is designed to reconcile the interests of legitimate and useful content and applications on the Internet. We do in fact face a dilemma when it comes to fighting computer crime. Citizens complain that the government is monitoring their online activities, but those very same individuals demand protection from fraud and misuse of personal data. In my opinion, all of us — by which I mean users and legislators — need to have an open debate relatively free of ideology if we want to be able to implement suitable measures. The first thing we have to do is find out what types of conflicts of interest exist. Only after we do this will we be able to establish scales and standards for distributing liability and a system of data security geared toward the Internet. Today’s inflexible laws are completely insufficient for this.

Are efforts being made to create international standards for Internet law? After all, many of the servers we access are at distant locations around the globe.

Heckmann: If we can’t even agree on the rules of behavior and value standards on the national level, how are we going to do it internationally? Along with EU-wide harmonization of regulations like those for consumer protection, we also have trade agreements and international privacy laws — but these are relatively ineffective means of protection given the anonymity and elusiveness of some types of Internet activity. Certain legal positions simply can’t be implemented, especially since the legal framework varies in many nations, above all in non-European countries, and some activities prohibited here aren’t even illegal abroad. In any case, it will be difficult to reach pertinent agreements in the near future.

If the legal situation is still vague, what options do users have to protect their privacy on the Internet?

Heckmann: Many technical possibilities already exist today — like firewalls. The important thing now is to raise awareness of the issue. Every Internet user needs to have an understanding of the potential consequences of his or her online behavior, and users also have to know which type of information they want to reveal. This all starts with Facebook and the question of who may access the private data provided to such a site. The circle here also usually includes “Friends of Friends,” which basically means the entire world, given today’s very extensive networking. Another problem involves the lack of knowledge concerning technical interconnections. For example, do people actually know what will happen when they click on a certain item? We live in a plug&play society whose members believe that all they have to do is flip on a computer, and everything will then take care of itself automatically. We do double clicks or download an app from the App Store — and we don’t even know what that actually means in terms of our data. Everything’s done fast and simply and without questions — it’s a human weakness that harbors risks.

Collective intelligence involves generating new knowledge from existing data by creating links and identifying connections. Who does the new knowledge thus obtained belong to — who has the rights to it, and how are they allowed to use it?

Heckmann: The right to use the ideas and material benefits gained through this knowledge initially belongs to those who created it. However, one must also understand that there are certain types of information whose use serves the common good and whose generation is financed with taxpayers’ money — through publicly funded research, for example. In this case, it’s legitimate to restrict the commercial use of such information by third parties and instead make the knowledge available for free on the Internet. There are also other areas where government support of science and culture can place restrictions on the scope and reach of copyright law.

Is there a danger that the inflexible laws you mentioned might inhibit — or even prevent — the development of new technical innovations?

Heckmann: Yes, there’s definitely a danger that this could happen. Already today, implementation of many innovations is made more difficult by unnecessary legal requirements. Take smart meters for electricity, which are an important element of the smart grid. Siemens is very much involved in both research areas. Smart metering enables you to measure not only how much electricity customers use each month overall, but also how many kilowatt-hours they consume on specific days and at specific times. The benefits are obvious: Suppliers can ease the burden on their power networks by offering different electricity rates for different times of the day, while consumers can save money by adjusting their consumption habits. It’s a win-win situation — but it often never goes beyond the pilot project stage due to current data protection laws. That’s regrettable because you can in fact use smart privacy management measures to prevent consumers from becoming transparent, while allowing people to enjoy the benefits of the innovation. This example makes it clear that laws need to be adjusted somewhat to correspond to the true interests of governments, businesses, and users. Legislation shouldn’t be allowed to prevent innovation as long as such innovation doesn’t call into question the basic legal consensus in our society.