Germany dreams of security: An ID for every “thing” connected
New infrastructures often resemble untapped oil sources – everyone tries to get in as early as possible in order to grab the biggest share. The German newspaper Die Zeit Online revealed in September that a chip manufacturer has apparently been going to great lengths to ensure a large share of the growing market of the “Internet of things”. The Dutch company NXP lobbied the German Ministry for Economic Affairs to push for the introduction of unique identifiers for every “thing” connected to the Internet. NXP is one of Europe's biggest semiconductor manufacturers and specialises in the production of identification hardware, such as security chips that are used in electronic ID cards and passports. In the market for chips, this is rather a tiny part – but Die Zeit suspects that the company now wants to use its lobbying skills to grow this market and to conquer it.
According to an investigation conducted by the newspaper, the German Ministry for Economic Affairs was already en route to transform the Internet for things into a big surveillance infrastructure. The idea of the manufacturer is that every “thing” that is connected to the internet, such as fridges, central heatings, laptops, cars etc., should be equipped with a chip that makes it uniquely identifiable. This would then function as some sort of a digital ID card for every single device connected to the Net. A draft “identity security law” is supposed to provide the legal framework in the country for this infrastructure. Currently, the details only exist in form of a “key issues paper”, a type of document which often serves as a basis for draft laws. Die Zeit's article seems to be based on this 15-page long internal paper called “identity security law for the Internet of Things”.
The newspaper also reports on a meeting between Ministry of the Economy, Sigmar Gabriel, and representatives of NXP. During the meeting, Gabriel was successfully convinced to support the measure. The key issues paper drafted by NXP was then circulated internally in the Ministry and in other companies in order to discuss the paper.
The paper was criticised by civil society, opposition parties and industry representatives. Harald Summa, head of the Association of the German Internet Industry eco, stated that the chip would be a huge barrier to innovation and counter-productive for Germany's information technologies future.
Frank Rieger, spokesperson of the German EDRi-member Chaos Computer Club Chaos stated: The text attempts to use the security problem of some components of the internet of things as a springboard for a universal governmental device ID, which would be a surveillance nightmare. Moreover, this does not fix the actual problem: the software of the devices on the internet of things are as poor as in our computers and cell phones. One should start here in order to change market dynamics to increase security.
Zeit Online, An ID card for every toaster? (only in German, 17.09.2015) http://www.zeit.de/digital/internet/2015-09/internet-sicherheit-identita...
Contribution by Kirsten Fiedler, EDRi.