On the 15th of March, the German Bundesrat (Federal Council) voted to amend the Criminal Code in relation to internet based services such as The onion router (Tor). The proposed law has been lambasted as being too vague, with privacy experts rightfully fearful that the law would be overapplied. The proposal, originating from the North Rhine-Westphalian Minister of Justice Peter Biesenbach, would amend and expand criminal law and make running a Tor node or website illegal and punishable by up to three years in prison. According to Zeit.de, if passed, the expansion of the Criminal Code would be used to punish anyone “who offers an internet-based service whose access and accessibility is limited by special technical precautions, and whose purpose or activity is directed to commit or promote certain illegal acts”.

What’s worse is that the proposed changes are so vaguely worded that many other services that offer encryption could be seen as falling under this new law. While the proposal (full German text) does seem to have been written to target Tor hidden services which are dark net markets, the vague way that the proposal has been written makes it a very real possibility that other encrypted services such as messaging might be targeted under these new laws, as well.

Now that the motion to amend has been accepted by Bundesrat, it will be forwarded to the Federal Government for drafting, consideration, and comment. Then, within a month and a half, this new initiative will be forwarded to the German Senate, aka the Bundestag, where it will be finally voted on.

Private Internet Access and many others denounce this proposal and continue to support Tor and an open internet

Private Internet Access currently supports the Tor Project and runs a number of Tor exit nodes as a part of our commitment to online privacy. PIA believes this proposed amendment to the German Criminal Code is not just bad for Tor, which was named specifically, but also for online privacy as a whole – and we’re not the only ones.

German criminal lawyer David Schietinger told Der Spiegel that he was concerned the law was too overreaching and “could also mean an e-mail provider or the operator of a classic online platform with password protection.” He summarized:

“The paragraph would severely limit civil liberties.”

Frank Rieger, a spokesperson for Germany’s resident hacker organization, the Chaos Computer Club (CCC), voiced misgivings to Netzpolitik:

“The bill contains mainly rubber paragraphs with the clear goal to criminalize operators and users of anonymization services. Intentionally, the facts are kept very blurred. The intention is to create legal uncertainty and unavoidable risks of possible criminal liability for anyone who supports the right to anonymous communication on the Internet.”

Germany has now joined a host of other countries that are actively taking steps to stifle online privacy. Other examples include places like China and even the United Kingdom, where internet users will be subject to some of the most ridiculous age verification laws just to be able to access the full internet. In the next month and a half, Germany’s netizens need to voice their displeasure at this proposed amendment, else they’ll find themselves under the heel of vaguely worded laws just waiting to be applied.