German Bundestag,
Plenarprotokoll 19/225, pp. 28687-28688.
Herr President.
Esteemed colleagues.
Completely insufficient,
in its present state already obsolete, falsely focused, lacking a strategy, a
poor integration of science and civil society, a bureaucracy monster, an
insecurity law – these are not my words; these are citations from the
commentaries of experts on the IT Security Law 2.0, which today shall be passed
here and now in the Bundestag.
Seldom was a law
so torn to pieces in a public hearing as this one. Even the experts of the
CDU/CSU and the SPD left not a hair in the proposals. Imagine: For over two
years, professionals tinker with a law and there comes a draft over which their
own experts throw up their hands, ladies and gentlemen. Naturally also arose
constitutional considerations. That is, ja,
a dismal trend of this government. It has nothing to so with the Basic Law;
that we have also seen on Wednesday with the passing of the Infection Defense
Law.
But back to the
so-called Security Law. This law will pertain to all, only not to a consistent
elevation of the IT system’s level of security. The proposals of the interested
parties were scarcely accepted, and then only in weakened form. This government
in this matter is straightaway resistant to advice, and that in this case
endangers the security of our country.
…The first IT
Security Law prescribes a permanent evaluation. The AfD demanded precisely this
in its motion. Yet you, esteemed Federal government, have neglected to learn
from experience, analyzing on the basis of the preceding laws what works and
what not, what makes sense and what not. The result is now a law which, because
the foundation is lacking, is in no way suitable for digital consumer protection.
Since we of the
AfD not only criticize but also want to form, we have, as was announced,
brought in numerous motions and motions to amend – in contrast to the Greens
who indeed have grumbled a lot, yet in the end have delivered nothing.
Konstantin von Notz (Greens): That is not true, Frau Cotar!
You here in fact
make available an old motion from the year 2018; it amounted to nothing more.
And in this motion you demand of the government to put forward a new IT
security law, thus precisely that which we here are just concluding. That is
not only a bit embarrassing, esteemed colleagues, that is really embarrassing.
Yet where Green is, is simply much show, much appearance and little authentic,
responsible policy, ladies and gentlemen.
Irresponsible
also is besides the government’s waiver in the matter of network construction.
You have in this draft neglected to reach a distinct political decision as whether
to allow network construction firms close to the state in undemocratic
countries to participate in the construction of our critical 5G infrastructure.
Christoph Bernstiel (CDU/CSU): Reading helps! It’s quite clearly in the law!
Precisely this
decision we however require of you, in accordance with our digital sovereignty.
In addition, we
demand inter alia a precise definition of “critical components“ by means of reference to TKG. The state of technology should not
only be developed from the BSI [Federal
Cyber Security Authority], but in common with the DIN [German Standardization Institute], ISO [International Standardization Organization], ETSI [European Organization for
Standardization], etc.
Christoph Bernstiel (CDU/CSU): That is exactly so in the law!
The BMI [Federal Interior Ministry] must
prohibit critical components when a manufacturer is not trustworthy. A “can“ in this situation does not suffice,
Herr Seehofer. The BSI must be built
up into a strong consumer protection authority and should work out crisis
reaction plans for IT catastrophes. We want a consolidation of the meantime
very numerous IT security laws, the inter-workings of which meantime become too
complex and which in turn threaten IT security and economics.
In conclusion,
for the IT Security Law 3.0, for which discussions are already running, we want
to safeguard that as early and comprehensively as possible all interested
circles will be included and that the formation of the regulatory framework for
the future IT security will be conveyed to a responsible Federal ministry for
digitalization and cyber security.
Dear governing
parties, interesting is your resolution motion, which reads in parts as if you
in fact had understood it. But a declaration of intent to do it better in the
future plainly does not suffice. That would have needed to occur in this law,
and it is not that. I therefore unfortunately can only say: An opportunity given
away, dear government. With this law, you will not set right IT security in
Germany. On the contrary: In many places, you even endanger it. Therefore we of
the AfD reject this draft law.
Many thanks.
[trans: tem]