BITKOM / Data Security

March 2014

Professor Kempf, you are not only President of BITKOM, but also Advisory Board member of the association “Deutschland sicher im Netz” (Germany safe and secure on the net; DsiN), the aim of which is to raise awareness of IT security among online users. With regard to knowledge on data protection, where do you think there is still the greatest need for information and understanding?

There are three players in this area: the state, which must establish the legal regulatory framework, companies, which must create transparency on how customer data is handled by their service providers, and consumers, who must be empowered and informed. These empowered consumers are at the heart of our activities in “Deutschland sicher im Netz”. Users must understand what terms such as “tracking” mean. These geographical services which determine location and transfer it to providers offer certain advantages to some users. For example, the recommendation of a good pizzeria that is just around the corner at lunchtime. However, not all consider this to be a benefit and do not wish to have this tracking.

In your experience, are there a few simple rules which private consumers should follow in connection with their data online?

Fundamental rule number 1 is: take the way you behave in the analog world as a basis for the way you deal with your personal data and do not treat your data any differently online than you would in real life. I cannot think of a single person who would stand in the market square and announce to the world what they had for dinner last night. But this happens all the time online, especially in social networks. Many consider this to be completely normal. My advice would be that you try to act the same way in the digital world as you would in the analog world.

Fundamental rule number 2 is: take the way you behave in the analog world as a basis for the way you deal with safety and security. We all think about our safety and security in the real world. For example, in Germany, we only cross the road when the traffic light is green and would perhaps avoid walking through a dark park at night. Everyone has different heuristics, so ways of solving problems based on experiences, and types of behavior for their own security. Of course, this means a loss of comfort and increased effort. The same applies online. Greater safety and security is achieved to the detriment of comfort and involves increased costs. One example is that the longer and more complicated a password is, the more secure it becomes. However, it is not particularly convenient to have to remember an alphanumerical password with nine characters. As it happens, relating to this topic, there is a short German film on how to remember long passwords from my time as Chairman of the “Deutschland sicher im Netz” association. It is entitled “secure password” and shows in an appealing, playful way how a young man is able to recall a password comprising a combination of letters, numbers and special characters based on his girlfriend's name and bra size.

Would you please share with our readers what data protection means for you personally?

For me, the protection of personal data is a crucial aspect of civil society. However, when it comes to where the limits lie, I still have a rather more nonchalant view than that represented in the majority of discussions taking place in Germany. To give a specific example: I was recently looking at diving watches available online because my own broke while on vacation. Afterwards, I kept receiving special offers for diving watches in my browser window. This could be quite disturbing for some people, but in this context I didn't really mind because the ads weren't aimed at me as a person, but at my computer, or more precisely my URL. This means they targeted a particular address (my URL) but not an actual address (my home). That is a key distinction. It is possible to buy programs which prevent the URLbeing identified, but as I say, I'm nonchalant in that regard. I am also not concerned about my shoe or clothing size being known. However, I do find it worrying when data is connected in certain contexts. Let us assume I weigh 100 kg (which I don't, by the way), and this information is combined with my online search for drugs to lower blood pressure. From a data protection standpoint, this information is far more critical. However, data protection regulation does not yet take this into account. I hope this will change. In this context, my view of cross-scripting is highly critical and I would like to draw the line on data protection more strongly.

To conclude, we would like to ask you a more personal question. You spend many hours of your working day dealing with the internet, but do you also enjoy being online in your spare time (if so, what do you like to use it for?), or do you prefer to spend that in the offline world?

As part of my role on the BITKOM board, I am more or less obliged to regularly spend time online. However, I am not a heavy social media user. I predominantly use the internet to search for information in my spare time, reading a German newspaper or looking something up on Wikipedia, for example. And I very much like shopping online, because I generally don't manage to get to high street shops during normal opening hours. However, as I said, I tend to avoid using social media sites.

Thank you for your time!

Editorial note: it is definitely worth taking a look at the film on remembering passwords .