Stand: 03.11.16 10:15 Uhr

Web-Strip: Intimate data from federal politicians for sale

von Svea Eckert, Jasmin Klofta & Jan Lukas Strozyk

Trust is a worthy good, especially for politicians: during discussion with their constituents, during preparations for meetings, during their talks with groups of interest. But what if all their personal information - for example their research on sensitive topics, their travels, the people they are meeting - would be for sale? Research from ARD magazine Panorama show that browser plug-ins have been spying on browsing activities of federal politicians of Germany. This could leave them unprotected and undermine their work.

"You could be blackmailed"

Porträt von Valerie Wilms (Bündnis 90/Die Grünen), Bundestags Abgebordnete © DBT / Foto- und Bildstelle Foto: DBT / Foto- und Bildstelle

Valerie Wilms feels vulnerable.

The case of Valerie Wilms, member of the German federal parliament for the green party, shows some real world implications. Her browsing data reveals her travel data, information about her tax declaration and her political work: "Of course, this can hurt and it leaves people vulnerable for blackmailing", she is stating. She feels "nacked to the person, who is in possession of that data".

"The data trail goes near to Chancellor Merkel"

Valerie Wilms feels being spied on. But in the data set, the researchers of Panorama have obtained, there are other politicians as well who are working in even more sensitive areas, for example Helge Braun. He is a minister of state working for chancellor Merkel and is known to be someone she trusts. Due to a compromised computer of one of his employees, his data has also leaked an can be found in the set. The politician not amused. "It is unlawful to gain that data, it is hard to understand how the data endet up in that data set.", he says when interviewed by Panorama.

"We need laws"

Der SPD-Politiker Lars Klingbeil. © Büro Lars Klingbeil Foto: Tobias Koch

Wants new laws against online spying: Lars Klingbeil.

Also surprised is Lars Klingbeil, speaker for internet politics of SPD. His name is also showing up in the data set Panorama has analyzed. In his case, it has also been data generated by an employees, while working for him. "I did not know, that this data is so identifying. Maybe we are naive, but surely we need to shed some light onto this case. Especially, what kind of data is being collected and what happens with the data afterwards", he tells Panorama. And if it is not possible to trust these companies, "laws are needed", Klingbeil says further.

Many politicians in the data set

In the data set there are many more politicians from all over Germany: Frank Junge (SPD), working for the ministry of finance. Or Waltraud Wolff, working for SPD, or member of parliament Annalena Baerbock (from Greene party), member of economic committee. Member of European parliament Martin Häusling is shocked and feels hurt by the data brokers: "You can see in that data, what I am currently working on, what I am researching and who I am meeting." People who want to hurt Häusling or other members of parliament politically could use this data to uncover informants or trusted persons and could follow political strategies - and sabotage their work. "We need to be protected", Häusling is saying.

Data was offered to a fake company

To gather the data set, NDR-reporter have founded a fake company, which seemed to be active in "Big Data" business. A couple of data brokers wanted to sell them web data of german internet users - one company finally offered the data as cost free sample.

Browser Plug-Ins responsible

It seems to be that malicious browser extensions, so called add ons, are responsible for the data collection: the small additional programs are very useful helpers in every day life. But once installed, some of them are transmitting every websites a user has visited to a sever, where it is bundled to user profiles.

"Web of Trust" is transmitting data

In some random examples Panorama could identify one responsible browser add on. Its name is "Web of Trust", shortly WOT. The extension's legit use case is to make sure visited sites are secure websites - a useful function to guarantee secure web browsing. The software is transmitting every internet address of a website a user as visited to a server, where the website is being checked but is also being saved and collected without the user's knowledge. WOT is supposedly only one of many browser extensions, which are responsible for a constant data flow for one specific data broker.

When confronted with Panorama's findings, WOT answered that they are compliant to their their terms and conditions. That they are collecting specific data and share it with third parties and also go to great lengths to anonymize it. WOT's privacy statement also allows to store a user's geographic location, date, time and web address. Users give their implicit consent to that. The company is of the opinion that this is anonymous and no personal information. No information is given by the company about the method and granularity of the anonymizing process.

This kind of data collection is unlawful

Data protection officer of Hamburg, Johannes Caspar is criticizing WOT's business model: "To transfer this kind of personal user data, companies need the consent of the user - but this is not the case here. To call this kind of data "anonymous" is wrong", he says. This kind of massive data collection is not permitted in German data law.

Dieses Thema im Programm:

Das Erste | Panorama | 03.11.2016 | 21:45 Uhr