Wednesday, May 12, 2021

Joana Cotar, April 23, 2021, IT Security Law

German Bundestag, Plenarprotokoll 19/225, pp. 28687-28688.

Herr President. Esteemed colleagues.

Completely insufficient, in its present state already obsolete, falsely focused, lacking a strategy, a poor integration of science and civil society, a bureaucracy monster, an insecurity law – these are not my words; these are citations from the commentaries of experts on the IT Security Law 2.0, which today shall be passed here and now in the Bundestag.

Seldom was a law so torn to pieces in a public hearing as this one. Even the experts of the CDU/CSU and the SPD left not a hair in the proposals. Imagine: For over two years, professionals tinker with a law and there comes a draft over which their own experts throw up their hands, ladies and gentlemen. Naturally also arose constitutional considerations. That is, ja, a dismal trend of this government. It has nothing to so with the Basic Law; that we have also seen on Wednesday with the passing of the Infection Defense Law.

But back to the so-called Security Law. This law will pertain to all, only not to a consistent elevation of the IT system’s level of security. The proposals of the interested parties were scarcely accepted, and then only in weakened form. This government in this matter is straightaway resistant to advice, and that in this case endangers the security of our country.

…The first IT Security Law prescribes a permanent evaluation. The AfD demanded precisely this in its motion. Yet you, esteemed Federal government, have neglected to learn from experience, analyzing on the basis of the preceding laws what works and what not, what makes sense and what not. The result is now a law which, because the foundation is lacking, is in no way suitable for digital consumer protection.

Since we of the AfD not only criticize but also want to form, we have, as was announced, brought in numerous motions and motions to amend – in contrast to the Greens who indeed have grumbled a lot, yet in the end have delivered nothing.

            Konstantin von Notz (Greens): That is not true, Frau Cotar!

You here in fact make available an old motion from the year 2018; it amounted to nothing more. And in this motion you demand of the government to put forward a new IT security law, thus precisely that which we here are just concluding. That is not only a bit embarrassing, esteemed colleagues, that is really embarrassing. Yet where Green is, is simply much show, much appearance and little authentic, responsible policy, ladies and gentlemen.

Irresponsible also is besides the government’s waiver in the matter of network construction. You have in this draft neglected to reach a distinct political decision as whether to allow network construction firms close to the state in undemocratic countries to participate in the construction of our critical 5G infrastructure.

            Christoph Bernstiel (CDU/CSU): Reading helps! It’s quite clearly in the law!

Precisely this decision we however require of you, in accordance with our digital sovereignty.

In addition, we demand inter alia a precise definition of critical components“ by means of reference to TKG. The state of technology should not only be developed from the BSI [Federal Cyber Security Authority], but in common with the DIN [German Standardization Institute], ISO [International Standardization Organization], ETSI [European Organization for Standardization], etc.

            Christoph Bernstiel (CDU/CSU): That is exactly so in the law!

The BMI [Federal Interior Ministry] must prohibit critical components when a manufacturer is not trustworthy. A can“ in this situation does not suffice, Herr Seehofer. The BSI must be built up into a strong consumer protection authority and should work out crisis reaction plans for IT catastrophes. We want a consolidation of the meantime very numerous IT security laws, the inter-workings of which meantime become too complex and which in turn threaten IT security and economics.

In conclusion, for the IT Security Law 3.0, for which discussions are already running, we want to safeguard that as early and comprehensively as possible all interested circles will be included and that the formation of the regulatory framework for the future IT security will be conveyed to a responsible Federal ministry for digitalization and cyber security.

Dear governing parties, interesting is your resolution motion, which reads in parts as if you in fact had understood it. But a declaration of intent to do it better in the future plainly does not suffice. That would have needed to occur in this law, and it is not that. I therefore unfortunately can only say: An opportunity given away, dear government. With this law, you will not set right IT security in Germany. On the contrary: In many places, you even endanger it. Therefore we of the AfD reject this draft law.

Many thanks.

 

[trans: tem]