Germany's highest court apparently had memories of Nazi and Stasi abuses in mind when it ruled on a series of surveillance and data privacy cases this year. In the most recent ruling , made today in Karlsruhe, the Constitutional Court found that Germany's recent data retention directive targeting ISPs and telephone companies was problematic; going forward, the data retention will still be mandatory, but the information can only be accessed with a warrant and only for serious crimes.

Germany's law went into effect last December, and it ordered telecommunications companies to keep various kinds of data (e-mail addresses, numbers dialed, etc.) for at least six months, and to turn this information over to investigators who requested it.

30,000 Germans promptly filed a class-action suit over the law, concerned about the implications of data retention. Could the data be used in any investigation, for instance, such as copyright infringement cases or file-sharing? Would it make personal information too easy for law enforcement to obtain?

The court found that parts of the law were unconstitutional. In its ruling, it upheld the retention requirement but instituted much stricter safeguards around who might get access to the information.

The ruling follows other, similar rulings this year. Last week, the court also struck down indiscriminate license plate monitoring in the states of Schleswig-Holstein and Hesse, saying that authorities needed to have a reason for running people's plates. The court hoped to prevent the creation of automated systems that track movement around the country.

In late February, the court also ruled on the matter of police spyware. German authorities and intelligence agencies had developed spyware ( much like the FBI in the US has done) that can monitor suspects' computers and remotely glean information from their hard drives. The court said that judicial oversight of this process was required, and it also carved out areas that cannot be examined. Police are not allowed to include unrelated personal information in their investigations of suspects. This is similar to restrictions faced by traditional surveillance, where authorities have to cut a phone tap if suspected terrorists start talking religion.

Keeping up appearances

While the decisions have all favored privacy rights, the court did not altogether eliminate remote computer snooping or data retention. They can continue under certain conditions, but the fact that the court does keep whacking away bits of legislation on these issues leads some German observers to wonder why such boundary-pushing legislation continues to get passed. One might ask the same question about video game violence laws in the US, which have been repeatedly struck down by courts but continue to pass legislatures around the country.

The answer in both cases seems to be that it's politically more expedient to look "tough" on crime, violence, and terrorism and then leave the courts to sort out what's actually constitutional. Such votes rarely have negative political consequences, though can end up costing governments plenty of money when the rules end up in court.

Florian Glatzner, a German critic of data protection rules, told Deutsche Welle that he hopes the recent court decisions cause politicians to rethink this strategy.

"The politicians are being shown that by first enacting laws and then seeing whether or not they are unconstitutional is the wrong way to go," he said.