BERLIN — The news that the National Security Agency has its eye on much of the world’s electronic communications has shocked Germans, who have memories of Nazi and Cold War-era spying. Now, an alliance of German phone and Internet companies claims it has a solution: German e-mail and Internet transmitted within German borders.
The proposals — one for Internet, one for e-mail — aim to boost the security of Germany’s internal communications by preventing them from bouncing outside the country, which has far stricter privacy regulations than the United States. If a German customer wants to call up a German Web site, there is no reason that the data must pass through a server in Virginia, exposing the information to potential surveillance, advocates say. The same goes for e-mails within Germany.
Some security professionals say the efforts are little more than a marketing gimmick, since Germans would still want to surf American Web pages — Facebook, anyone? — and the nation’s plans wouldn’t make doing so any more secure. The NSA could also still theoretically access German data on German soil, as could Germany’s intelligence agencies.
The case for the hopelessness of escaping monitoring was bolstered Friday when Britain’s Guardian newspaper published excerpts from a 2008 British intelligence document leaked by former NSA contractor Edward Snowden that said German intelligence agencies had drawn admiration from their British counterparts for their “good access to the heart of the internet.” Significant flows of data were already being monitored, according to the document, although the Guardian offered no specifics about whose data were being watched or to what end.
Still, for Germans who have been infuriated by a steady drip-drop of NSA allegations, including one that Chancellor Angela Merkel’s cellphone had been monitored for more than a decade, the German-only initiatives may be attractive. And in the United States, technology industry advocates say they are bracing for tough competition from foreign companies that boast that they are freer from U.S. intrusion and monitoring than American counterparts.
“You have to make sure that your data is exclusively stored in Germany, on German ground,” said Jan Oetjen, chief executive of GMX, one of Germany’s largest e-mail companies, which has teamed with the two other top German e-mail companies to offer a service called “E-Mail made in Germany.”
“Germans tend to be very sensitive to the use of their data, I think due to German history. Germans get taught at school to be cautious of a super-powerful state,” he said.
Google’s and Yahoo’s main bridges to the Internet were cracked by the NSA, allowing full access to the traffic passing through them, according to documents leaked to The Washington Post by Snowden. And, also based on Snowden documents, the German newsmagazine Der Spiegel reported this week that spying was being conducted from the U.S. Embassy in Berlin, just steps from the Brandenburg Gate.
The efforts to nationalize Internet traffic go beyond Germany. In Brazil, where President Dilma Rousseff was also allegedly monitored by the NSA, the government has pushed to require U.S. companies to store data about Brazilian customers inside Brazil. European Union leaders have advocated that their 28 nations develop “cloud” data storage that is independent from the United States.
The accusation last week that the NSA had monitored Merkel’s cellphone was for some Germans the final blow to an already strained alliance. Both U.S. and German officials have said privately that relations may be the worst they have been since a decade ago, when then-Chancellor Gerhard Schroeder was a firm opponent of the U.S.-led invasion of Iraq.
Part of the problem, analysts say, is that the revelations stir up memories of surveillance by the Nazis and the fearsome Stasi, the secret police of Communist East Germany, who tapped phones, read correspondence, and jailed and tortured people based on the information they uncovered. Another issue is that Germans say that Americans have treated them with tremendous distrust.
“Goodbye, Friends!” read the lead headline Thursday in the weekly Die Zeit newspaper. The front page featured a heart, broken in two, with the U.S. flag on one half and the German flag on the other.
“The U.S. secret service has treated the chancellor as if she was an enemy herself,” Heinrich Wefing wrote in the lead article. “This is exactly why ‘cellphone-gate’ marks a fundamental rupture.”
Suspicions that the U.S. government is examining every scrap of data handed to American Internet companies may also have tough economic consequences, analysts say.
“It’s a very negative trajectory, where consumers and businesses, especially foreign businesses, will be reluctant to use U.S. services,” said Daniel Castro, an analyst at the Information Technology and Innovation Foundation, a nonpartisan research and advocacy group that is funded in part by the technology industry. Castro published a report in August estimating that U.S. data cloud providers could lose $21.5 billion to $35 billion in business over the next three years.
In Germany, Deutsche Telekom, the country’s largest Internet and telephone company, is collaborating on the e-mail project. It also unveiled, in October, an effort to keep German Internet traffic within the country as much as possible. It asked its competitors to sign agreements to route information between German senders and recipients on exclusively German data lines. Data from and to the United States and other countries would flow as usual.
“It would be much more difficult for foreign intelligence services to get the traffic if it were routed within Germany,” said Philipp Blank, a spokesman for Deutsche Telekom.
The company, which is 32 percent owned by the German government, has received praise from top German officials, who have said they would consider legislation to ensure that the initiative happens. German privacy and eavesdropping laws require court approval for each eavesdropping target, meaning that German intelligence agencies are, in theory, prohibited from doing the kind of large-scale, indiscriminate data collection done by the NSA.
“We must make our own networks safer,” Interior Minister Hans-Peter Friedrich said in a Wednesday interview with the Rheinische Post newspaper. “Why should an e-mail from Munich to Berlin run through the USA? We need an autonomous European Internet infrastructure.”
But security analysts in Germany and elsewhere question whether the initiatives will truly protect users, and Deutsche Telekom’s competitors have largely dismissed the Internet effort as an attempt to win market share without providing major security gains.
Routing German Internet traffic within Germany “makes it a little more difficult for the NSA to look into our data,” said Norbert Pohlmann, director of the Institute for Internet Security at the Westphalia University of Applied Sciences in Gelsenkirchen. “But it’s not a solution to the problem we have at the moment with the NSA. The solution is not really technical. The solution is a political one.”
The NSA can reach information even if it is contained exclusively within Germany, said one former U.S. intelligence official.
“There’s nothing from a technical standpoint that would keep the NSA from doing something like this,” said Cedric Leighton, a retired deputy director at the NSA. “It’s a bit of false advertising.”
“There is no real, good way for a country like Germany to seal its data off from the rest of the world,” he said.
Petra Krischok contributed to this report.