Remember Stasi spying to understand the GDPR

BERLIN—The cost of a refresher course here in what a state can do to destroy the privacy of its citizens is €6. As you must pay in cash, the transaction will remain invisible to your financial institutions.

The Stasi would not have approved of that.

East Germany’s Ministerium für Staatssicherheit—”Ministry for State Security” in English, “Stasi” for short—employed a network of civilian informers to spy on the communications and even inside the residences of its subjects, to enforce conformity with that communist regime. The Stasi Museum, housed in the agency’s former headquarters in the onetime East Berlin, reveals its methods to anyone willing to pay that admission fee.

It is one thing to read about this history on Wikipedia, or see it staged in The Lives of Others, Florian Henckel von Donnersmarck’s masterful 2006 film. It is another to see physical evidence of the East German regime’s campaign to take up residence inside the heads of its own subjects.

This slideshow requires JavaScript.

It’s this history, in the living memory of a large fraction of Germany’s population, that helps explain why this country can be so much more focused on privacy risks than the United States or even the rest of Europe. There’s no understanding trans-Atlantic privacy politics, nor policy, without recognizing it.

Informers everywhere

The Deutsche Demokratische Republik, or German Democratic Republic—go ahead and read the last two words in scare quotes—established the Stasi in 1950. It gave the agency it modeled after the Soviet Union’s KGB unchecked authority to suppress internal threats.

The Stasi’s staff steadily grew, reaching almost 91,000 official employees by 1989. They, in turn, drew on almost twice as many citizens (reported numbers vary), who then spied on their neighbors.

The museum profiles some of the people the Stasi referred to as “IMs”—a tidy bureaucratic abbreviation of the German phrase “Inoffizieller Mitarbeiter,” or “informal collaborator.”

An IM could have been anybody. A vivid color photo of a punk-rock guitarist in mid-performance, looking like an icon of musical self-expression, explains that “Tatjana Besson worked as a Stasi informer under the IM alias ‘Kim.’”

Some IMs came by this sideline job voluntarily—the museum recounts how communist indoctrination began in grade school—and others due to varying degrees of coercion. The rewards for their work were often modest: a small stipend for those who allowed Stasi agents to use their apartments, plus the occasional gift of chocolate or liquor.



READ MORE ON GDPR

How updated privacy policies could make GDPR the global standard
Why GDPR is good for security and the economy
Europe’s GDPR could change how tech handles privacy


Some were assigned more advanced tasks. A recap of the psychological-warfare efforts taken against one dissident notes a recommended tactic to wreck the man’s life: “Seek and assign suitable IM, who can establish intimate extramarital relations with T’s wife.”

Tools of the trade

East German residents could find themselves subject to increased Stasi scrutiny for a variety of reasons: an IM’s report; because they applied for permission to travel; because they were up for a promotion to an important job; or because something unusual cropped up during an inspection of tax files, medical data, bank statements, library borrowings—pretty much anything.

If an initial investigation of a subject (the Stasi had 20,000 under way by the end of 1988, according to museum notes) confirmed suspicions, the ministry could then embark on wiretapping, or other types of acoustic or photographic surveillance (it had 4,543 such operations in progress by the end of 1988).

The museum spotlights hardware used to implement this snooping: key-copying kits, lock-picking tools, and voice recorders or cameras hidden in doors, watering cans, ties, shopping bags, belts, or beverage containers.

Exhibits here outline the care Stasi agents took to keep these frequent intrusions hidden. A search would be preceded by meticulous observation of neighbors’ schedules, along with precise inventories of interiors to ensure that everything would appear untouched.

“Having walked by the former Stasi headquarters many times, we discussed how different the world might have been, if the Stasi had had real-time data on 1.2 billion people.”—Shane Green, chief executive officer, U.S. operations, Digi.me

One Western tool used to ease this work: Polaroid instant cameras, memorialized in a spread of pictures taken of a searched apartment.

Stasi employees themselves, meanwhile, lived a privileged existence. The museum describes the housing blocks and even nurseries reserved for Stasi workers, while a floor upstairs preserves the calm, parquet-floor offices of Erich Mielke, who ran the ministry from 1957 to 1989. A display reports that Mielke insisted on having his breakfast plate and utensils served in the exact same spot each day.

Why Germans don’t think like Americans about privacy

This dystopian past remains plugged into the present tense of European privacy policy, and Germany’s in particular. The European Union’s General Data Protection Regulation and its strict regime of permission for commercial uses of data can make a lot more sense, when seen in the context of this history—much of which remained hidden until the collapse of East Germany enabled citizens to storm Stasi offices in search of files about themselves.

It’s a reversal—a karmic event, perhaps—that should resonate with many of today’s technology entrepreneurs, says Shane Green, chief executive of Digi.me’s U.S. operations, who says living in Berlin in the mid-1990s gave him a lot to think about.

Lockpicking tools used by the Stasi. Photo by Rob Pegoraro/The Parallax.

“Having walked by the former Stasi headquarters many times, we discussed how different the world might have been, if the Stasi had had real-time data on 1.2 billion people,” Green said in an e-mail, reflecting on a long talk he had with a co-worker at the time, following a series of acquisitions that had resulted in his mapping startup becoming a property of Nokia.

Green notes a continued “lack of historical awareness from people working on data and privacy in Silicon Valley.” He said he received “blank stares when I asked top entrepreneurs and investors for the last eight years to think about the potential abuses that could happen.”

Next year will mark 30 years since the fall of the Berlin Wall. A generation of Germans has grown up without the fear of Stasi eyes and ears—and the IFA electronics trade show here this week suggests that they may be more willing to be sold on connected devices with automatically activated microphones.

Dozens of banners for Google Assistant hardware around the Berlin Messe convention center feature the German phrase “Mach mal, Google.” Translation: “Do it, Google.”

Disclosure: IFA’s organizers are covering most of my travel expenses, along with those of a group of U.S. journalists and analysts.