On April 20, 2018, the surveillance package passed the vote in parliament despite massive resistance from civil society and incisive criticism from the opposition. In the Bundesrat, this completely overblown extension of surveillance measures was also waved through. In the beginning of June 2018 the first measures came into power - data retention through the back door ("quick freeze") and the increased surveillance of road traffic, among others.

History

In the year 2017, the campaign "Stoppt das Überwachungspaket!" (stop the surveillance package!) contributed to impeding the surveillance package of the government at that time. In another attempt, the conservative - far-right government was able to implement this unprecedented derogation of your basic and freedom rights almost unchanged. During the entire process we offered massive resistance to the package and we will continue to do so. We are convinced: Austria needs security, not surveillance.

These to proposals were in parliamentary review

  1. Amendment of Sicherheitspolizeigesetz, Straßenverkehrsordnung 1960 and Telekommunikationsgesetz: The statement of epicenter.works can be found >>here
  2. Amendment of the code of criminal procedure: The statement of epicenter.works can be found >>here.

In addition to the possibility to contribute to the consultation, people could also agree to critical statements on the website of the parliament until the end of the review period.

The list of all statements regarding the Sicherheitspolizeigesetz, etc. can be found >>here, and the ones regarding the code of criminal procedure >>here.

The contents in detail 

Contents of the surveillance package:

State trojan

The first draft for the legalisation of governmental spy software was presented by the ministry of justice in 2016. Due to massive criticism concerning juristical as well as technical aspects, the minister of justice Brandstetter withdrew the draft. In the failed surveillance package of 2017 -- and also again in the new one -- there is a demand for the possibility to surveil encrypted messages, which inevitably means the demand for a state trojan.

It is particularly alarming that, according to the current draft, everyone can be a victim of the state trojan: Law enforcement authorities are allowed to break into the computer systems of every person, every company, and every association from or with whom there is a suspicion of communication with suspects (§ 135a Abs 1 Z 3 lit b StPO). The "remote hacking" of devices is also included in the draft. Such a remote infection requires particularly dangerous security leaks in the common operation systems. Apparently, the state trojan is allowed to cause permanent damage on the target system if it is disabled after the end of the use (logical consequence of § 135a Abs 2 Z 1 StPO).

On our website for the state trojan there is further information and materials regarding this topic.

Increased video surveillance

The ministry of interior is supposed to receive access to video and audio surveillance of all public and private institutions with a public supply contract. Consequently, there will be a centralised governmental control of all public places and the life that takes place there. No specific suspicion is required to justify the access to this data. Similar to the PStSG, the prevention of a probable attack (§ 53 Abs 5 SPG) suffices as justification. The security authorities can demand data retention of the entire video surveillance of a supplier for four weeks with a simple administrative notice (§ 93a SPG).

In a next step this video material could be analysed to automatically register distinctive behaviour or to track individual persons with the means of facial recognition. In Austria there already are such research projects (see for example iObserve).

It is doubtful that video surveillance is an appropriate way to prevent terrorist attacks. After all, the entire shore promenade in Nice is under video surveillance , and this did not prevent the attack there. Quite the contrary: Video cameras could encourage terrorists because their atrocities aim at unsettling the population as much as possible, and video footage gives them more publicity. In January it was announced that the LPD Wien (Vienna police force) removed 15 of 17 surveillance cameras, because the costs were too high and their benefit for combatting crime was indiscernible.

IMSI-Catcher

Also the use of IMSI-catchers for the surveillance of mobile telephony is planned. These devices pretend to be a base station of the phone network for mobile phones, making it possible to localise mobile phones without the assistance of the network service provider. It is more likely, however, that the IMSI-catchers are also intended to be used to eavesdrop on conversations. Although this is the primary function of an IMSI-catcher, there is still no legal basis for this (§ 135 Abs 2a StPO). Update April 2018: There was an improvement in the final version. Initially there was no requirement of judicial approval planned for the use of an IMSI-catcher, but this has now been included.

Road surveillance

In the future, the driver, licence plate, brand, model, colour, etc. of every car should be registered on all Austrian roads. The data which are either collected by the security authorities themselves or handed over by ASFINAG upon request can be stored for up to 5 years in cases of suspicion (§ 53a Abs 6 SPG). The data and the video material can be retained for up to two weeks (in the previous draft it was 48 hours). This means that there is a new kind of unfounded mass surveillance and every driver is put under general suspicion. From the perspective of basic rights, this step towards total surveillance of all cars is very problematic. The Austrian Constitutional Court decided in its ruling regarding Section Control in 2007 that surveillance of drivers is only permissible on specific, especially dangerous routes and only with a decree. Additionally, it ruled that licence plate data can only be transferred to the authorities if the vehicle was too fast or already circulated as wanted. But, the draft of the law contains a kind of data retention and it is not compatible with this past ruling. Furthermore, the draft contradicts the rulings of the European Court of Justice of the case Watson/Tele 2 Sverige, according to which a data retention - among other prerequisites - can only be permissible to combat serious crime.

General data retention 2.0

In the surveillance package, the government demands also the reintroduction of the data retention through the back door. This law has been abolished multiple times by the high courts in Europe. In December 2016, the European Court of Justice ruled that the national regulations for the data retention in the UK and Sweden are incompatible with basic rights. In Austria, due to a complaint that was filed by AKVorrat (the previous name of epicenter.works), unfounded data retention without suspicion was anulled by the constitutional court because of its incompatibility with basic rights. By order of the public prosecutors, telecommunication service providers will be required to retain data for up to a year (§ 135 Abs 2b StPO).

Registration of pre-paid SIM-cards

Anonymous pre-paid SIM-cards shall be abolished. Every purchase of a SIM-card should entail the registration of the identity of the buyer - yet another possibility to communicate unsurveilled is removed. Criminals can easily circumvent this measure with foreign SIM-cards and freely available anonymous messaging services. But for the majority of the users in Austria, this simply means one less way to communicate anonymously. With this, 4.5 million users are put under general suspicion. The highly doubted benefit to fight crime is offset by the violation of the right of countless people to communicate freely and without being observed. This leads to the belief that this measure is not proportionate.

A study of the interest representation of the telecommunication industry found no proof that the registration of SIM-cards results in an increase of solved crimes or help in the fight against terrorism. Mexico even abolished the ban on anonymous SIM-cards because crime rate rose and it led to a black market for SIM-cards. The Czech Republic, New Zealand, Canada, Romania, the UK, and the EU commission analysed this measure and decided against it due to a lack of proof in any benefits. After the London terror attacks of 2005, even a dedicated commission of security authorities analysed this measure and advised against its introduction because there was no evidence of its usefulness and benefit to security.

Additionally, this measure would weaken the flourishing scene of cheap virtual mobile communication providers. Only a few of these discounters currently have the infrastructure to validate the identity of the customers when they buy a SIM-card.

Limitation of the secrecy of letters

Die vorgeschlagene Novelle der Strafprozessordnung sieht folgende Streichung vor:

§ 135. (1) Beschlagnahme von Briefen ist zulässig, wenn sie zur Aufklärung einer vorsätzlich begangenen Straftat, die mit mehr als einjähriger Freiheitsstrafe bedroht ist, erforderlich ist und sich der Beschuldigte wegen einer solchen Tat in Haft befindet oder seine Vorführung oder Festnahme deswegen angeordnet wurde.

(The confiscation of letters is permissible, if it is necessary to solve a premeditatedly committed crime which is punishable by imprisonment of more than a year and if the suspect is currently in prison or there is a warrant for their apprehension or arrest.)

This change results in a massive limitation of the secrecy of letters, a basic right that is guaranteed by the constitutions of democratic states. This prejudices a major achievement which was arduously obtained after overcoming the Metternich surveillance state.

Our main points of criticism

  1. The security of the Austrian IT infrastructure is severely compromised.
  2. New forms of mass surveillance are introduced. They concern all federal roads and public locations.
  3. The demanded total account of surveillance was not carried out.
  4. With "Quick Freeze", data retention is introduced through the back door.
  5. A lot of (further) regulations with police state tendencies will be introduced into the Austrian legislation. This is increasingly creating the impression that Austria is being turned into a police and surveillance state.
  6. There is no impact assessment with regard to basic rights and society in the consultation draft.
  7. The planned measures have high intensity of intervention and are very expensive, yet it has been proven that they do not increase the security.
  8. The legal protection is not sufficiently warranted in many items of the drafts. Many measures still do not require the permit of a judge.

SECURITY INSTEAD OF SURVEILLANCE

In the surveillance package of the government there is no real security. Instead of "subjective" sense of security, scaremongering, and populism we need an "objective" security package:

  • more well-trained police officers instead of cameras
  • improved analysis capacities for security authorities: More highly skilled data analysts instead of more data
  • multilingual police officers and/or more translators
  • more preventative work to counter tendencies towards radicalism
  • a better connection to communities as confidence-building measures for an early recognition of radical tendencies
  • legal anchoring of the integrity of IT systems in the constitution
  • an "expiry date" for new surveillance laws ("sunset clauses" with scientific evaluation and withdrawal of ineffective measures)
  • an evaluation of all existing surveillance laws with regard to their compatibility with the constitution

How you can support us

Documents

Farblich markierte netzpolitische Analyse des Regierungsprogramms 2020-2024

 

Für die Nationalratswahl 2019 haben wir die Positionen zu den 10 wichtigsten netzpolitischen Fragen aller bundesweit antretenden Parteien zusammen getragen. In diesem Dokument finden sich die Antworten der Parteien und die Begründung unserer Einordnung, welche auch das Wahlverhalten auf nationaler…

Stellungnahme im Begutachtungsverfahren zum Entwurf eines Bundesgesetzes, mit dem das Sicherheitspolizeigesetz, die Straßenverkehrsordnung 1960 und das Telekommunikationsgesetz 2003 geändert werden (Sicherheitspolizeigesetz, Straßenverkehrsordnung 1960 u.a., Änderung – 15 d.B. XXVI. GP).

 

Stellungnahme im Begutachtungsverfahren zum Entwurf eines Bundesgesetzes, mit dem die Strafprozessordnung 1975 das Staatsanwaltschaftsgesetz und das Telekommunikationsgesetz 2003 geändert werden (Strafprozessrechtsänderungsgesetz 2018 – 17 d. B. XXVI. GP).

 

All stories on this topic

Despite being one of Austria's most powerful institutions, the Federal Agency for State Protection and Counterterrorism (abbreviated BVT in German) does not enjoy a good reputation. Numerous past incidents have branded the BVT and damaged its international standing. Among foreign intelligence…

It comes as no surprise that 2021 too will be dominated by the coronavirus pandemic and political activity will focus on the battle against the infectious disease. Nevertheless, there are many issues advancing in the background which need to be worked on. Many of these have been on our radar for…

The Austrian constitutional court decided on 11.12.2019 that the surveillance law that permits the use of spying software to read encrypted messages violates the fundamental right to respect for private life (article 8 ECHR), the fundamental right to data protection (§ 1 Austrian data protection…

The Austrian coalition parties have renegotiated their government programme in January 2017. This new programme contains a so-called “security package” that encompasses the introduction of several new surveillance measures and additional powers for the Austrian security agencies. These changes in…