German officials advance legislation that would expand law enforcement use of surveillance technology

Germany’s federal cabinet has advanced a legislative package that would allow law enforcement there to use automated biometric image matching against publicly available internet data, sparking an outcry from privacy advocates.

If they become law, the bills would legalize the use of automated data analysis and artificial intelligence tools that let police upload a photo of a face and scour the internet for more images depicting the same person. 

Officers currently must perform manual searches of social networks and other internet sites to turn up photos of criminal suspects.

The new proposed regulations are set forth in a series of drafts that Germany’s federal ministry of justice and consumer protection released Wednesday.

The German government has reportedly defended the move, saying that the bills would not create a state-controlled database of images that are stored indefinitely. Cabinet officials also assert that surveillance images collected in real time by public cameras will not be included.

A coalition of more than a dozen civil society organizations has loudly opposed the package of bills, saying it will fuel digital dragnets and create a mass surveillance state.

“We reject these provisions on fundamental constitutional and human rights grounds — specifically in the context of both criminal procedure and preventive policing law,” the coalition said in a joint statement.

“The federal government bears the responsibility of ensuring that the fundamental rights of citizens remain effectively protected, even in the age of automated mass surveillance. The proposed introduction of these surveillance tools stands in diametrical opposition to this responsibility.”

Some lawmakers also have publicly opposed the legislation. Konstantin von Notz, deputy faction leader of the Greens, told the German news outlet Heise that he believes the bills are dangerous and invade the privacy of “potentially everyone, including completely blameless citizens.”

On Thursday, a day after German officials announced the new legislative package, the privacy advocacy group none of your business (noyb) announced it filed a lawsuit against the Hamburg data protection authority (DPA) for allegedly not enforcing European laws that make the use of the facial recognition search engine PimEyes illegal.

The DPA hasn’t cracked down on PimEyes because it is based in Dubai, noyb said in a press release. They say that the Hamburg DPA has already ruled that PimEyes acted illegally but has nonetheless done nothing.

“The unchecked spread of facial recognition tools such as PimEyes is disastrous for privacy: stalking and mass surveillance of millions of people can be carried out in a matter of seconds,” Max Schrems, the founder and chairman of noyb, said in a statement. 

“PimEyes has amassed billions of pieces of biometric data from innocent people without their knowledge and makes this data available to everyone. This mass surveillance of private individuals is clearly unlawful – and the Hamburg authority also sees it this way.”