Big Brother Inc. watches
Growing up in West Germany, Lothar Schroeder never knew that terrible sense of violation suffered by people in the communist East at the hands of the secret police who tailed them, bugged their homes and recruited neighbors and even family members to snitch on them.
Now he knows.
But it’s not a totalitarian state doing the snooping this time; it’s some of the country’s largest corporations -- big names in telecommunications, transportation and retail.
Last year, authorities informed Schroeder that Deutsche Telekom had secretly combed through his cellphone records, apparently to root out the source of leaks to the news media. Schroeder, a union representative on the company’s board of supervisors, was stunned.
“I never could believe that Deutsche Telekom would use their data in this way, never,” he said, adding ruefully, “Perhaps I’m a little bit naive.”
Twenty years after the fall of the Berlin Wall, Germany is being rocked by a string of spying scandals that have staggered residents with their scale and brought back painful memories of the prying eyes of Big Brother during the Cold War.
The firms have admitted spying on hundreds of thousands of employees, including monitoring their e-mails and installing hidden cameras to see how many bathroom breaks they took or whether co-workers were falling in love.
The breaches of privacy have claimed the jobs of two top executives and triggered a parliamentary investigation. Lawmakers are also discussing a revamp of Germany’s nebulous and somewhat outmoded rules on data protection, to clarify what kind of prying is allowed and under what conditions.
The most shocking scandal so far involves the state-owned railway firm, Deutsche Bahn, the country’s biggest employer.
In January, after an expose by a newsmagazine, the company was forced to acknowledge that it had spied on 173,000 employees -- nearly three-quarters of its workforce.
In 2002 and 2003, a security firm hired by Deutsche Bahn sifted through workers’ e-mails and, in some cases, their computer hard drives for data, including addresses, phone numbers and banking information.
The company said the examination was part of a legitimate internal campaign to sniff out possible signs of corruption, such as covert links between employees and suppliers.
Yet out of the review of tens of thousands of workers, only about 100 instances of possible impropriety reportedly turned up, a dismal batting record that Peter Schaar, Germany’s commissioner for data protection, finds deeply disturbing.
“In principle, of course, enterprises have an obligation to prevent and fight against corruption,” Schaar said in a telephone interview from his office in Bonn. “But in the Deutsche Bahn case, they went beyond the limits. . . . The question from my side is, is it proportional to carry out a screening of so huge” a scope?
That question is freighted with especially heavy baggage in Germany, a country haunted by a shameful past of mass surveillance, from the brutal excesses of the Nazi era to the dark days of division between East and West, when the East German secret police, the Stasi, ruthlessly invaded every corner of people’s lives.
As a result, Germans jealously guard their privacy -- a fact Google found out the hard way. When the company dispatched cars equipped with cameras to cities to snap ground-level photos for its Street View software program, complaints flooded in to the authorities. More than a dozen states in Germany have demanded that Google stop its photographing unless it deletes images of people’s faces, car license plates and other sensitive material from its central database. The matter has not been resolved.
Germans who thought spying a thing of the past have been dismayed by what they see as Deutsche Bahn’s equivocal response to the crisis over corporate surveillance, despite its apology to affected employees. Executives initially said that the company had checked up on only about 1,000 of its senior staff members and that security agents had looked only at e-mails.
A spokesman for Deutsche Bahn declined to comment for this article. The company is preparing a response to a criminal complaint filed by an employee over the spying, after which prosecutors will decide whether the evidence warrants investigation.
Proving criminal wrongdoing could be difficult.
“We can’t go and put the Bahn in jail. We have to find the actual person who [ordered] this,” said Michael Grunwald, a spokesman for the prosecutor’s office in Berlin. “That’s the problem in cases where banks and big firms are involved. Who was the one who knew everything and made the decision?”
Some punishment, though not judicial, has been meted out. At the end of March, under growing pressure, the company’s beleaguered chief executive, Hartmut Mehdorn, was forced to step down.
A week later, the discount supermarket chain Lidl also fired a high-ranking executive because of its own privacy violation debacle.
The company hired detectives last year to watch workers at various branches using tiny cameras. No detail seemed too small for the snoops to note in their reports, including that one employee sported tattoos on both her arms, another’s friends consisted “mainly of junkies,” one went to the restroom with unusual frequency and a male worker drew a heart on a note to a female colleague.
The company was fined $2 million for its actions. But critics call it little more than a slap on the wrist.
“If you had asked me two years ago, ‘Would this be imaginable?’ I would’ve said no,” said Schaar, the data protection commissioner.
Before the recent wave of corporate cases, his office focused mostly on the use and abuse of personal information by the state.
That remains an extremely sensitive topic in Germany; a proposal two years ago to expand the government’s ability to spy on personal computers for counter-terrorism purposes met with loud protest. Last year, the constitutional court ruled that such searches could be performed only in very serious cases in which lives and property were at risk.
Now, Schaar said, “we have learned that enterprises are collecting much more data on individuals than the state does.”
In his opinion, Germany’s 30-year-old data protection law is ripe for an overhaul, because the simple “mainframe world” it was based on, where electronic data were collected in giant processing centers and access was easier to control, no longer exists.
“Now everybody’s using a PC, a mobile phone, GPS navigation system, e-mail, Internet and so on,” Schaar said. “It’s very complicated to define who’s responsible for which data and to protect data against incompatible use.”
Schroeder, the labor activist, is no longer surprised by new allegations of corporate spying, not after the raft of recent cases and his experience at Deutsche Telekom.
An independent report in January concluded that 60 people associated with Deutsche Telekom were spied on in 2005 and ’06, their phone records rifled for evidence of improper contact with journalists or others outside the company. Investigators have yet to determine who authorized the operation.
Schroeder, a senior official with Germany’s United Services Union, credited Deutsche Telekom with trying to correct its mistakes. Its data protection committee is drafting recommendations on privacy, and the company has issued written assurances to subjects of the spying that such an intrusion will not happen again.
Is that enough?
“I hope so,” Schroeder said cautiously. “But I do not want to be naive again.”