Many people found it quite unsettling to hear that health offices had to resort to ballpoint pens, paper and fax machines in the fight against coronavirus infection chains.
The pandemic showed us how long the road to implementation can be sometimes. As soon I took office, I put digitalization on the agenda. In the Lower Saxony Ministry of Economic Affairs, we have had our own dedicated state secretary and office for digitalization since 2018, and they are doing an excellent job. Since mid-2018, we have been implementing our master plan for digitalization step by step. This plan comprises over 90 measures and I’m happy to say that the majority of these have already been completed. What’s more, we are raising our digitalization levels − and I’m not just talking about schools and official buildings here. With our “Digitalbonus Niedersachsen” program for promoting digitalization in Lower Saxony, we are providing up to 10,000 euros in funding for small and medium-sized enterprises that plan to invest in their digital infrastructure. This program has been a real success story. And as far as the pens, paper and fax machines are concerned, it’s worth noting that people love using these terms because they sound so dramatic. But I’d like everyone to ask themselves: Do I still use a pen and paper?
Sometimes, another topical issue gets in the way of digitalization: data protection. Can you appreciate why even Germany’s coronavirus warning app was given such a hard time when it was first launched?
I would question whether data protection really gets in the way of digitalization. Because when we’re talking about a national objective, that creates a particular requirement for the best data protection possible. Even data protection needs to be updated. The coronavirus app is a good example of how digital processes can function and be adapted continuously. At first, the app focused on secure risk identification. Now we know that where it can really make an impact is through its check-in and vaccine certification functions. However, as the app
continues to develop, we should also keep users informed in an ever more effective way. Germany isn’t the only land of poets and thinkers in the history of the world; in Ancient Greece, they had a saying that ran, “Constant dripping wears away a stone.” So what can we learn from
the introduction of the coronavirus app? We need wide-ranging public relations work, andit can’t wait until just when the finish line is in sight − it needs to happen right from the get-go. A crucial success factor for any digitalization measure is that our citizens see a real added
value in it and accept it.
Trust is the key factor in harnessing digitalization. In the German Digitalization Index, 73 percent of those surveyed indicated that they trust the public authorities to handle their personal data. Was this praise a little premature?
That figure reminds me of vaccination rates. 73 percent is very good, but 100 percent would be better. But in all seriousness, premature praise should motivate us to work harder, not to rest on our laurels.
We’re always coming up with fancy new expressions in this land of poets, thinkers and digitalization. This year’s legal tongue twister is the German Register Modernization Act (RegMoG); is it a major step forward for us?
In recent times, the government has tried to spell out the objective and meaning of laws in their titles. This was undoubtedly a well-intentioned effort to improve communications between politicians and citizens, but all it produced was convoluted Frankenwords and
cumbersome noun stacks. However, when it comes to the Register Modernization Act, there’s an awareness among experts if no one else that it represents a definite advantage for companies in Germany. When interacting with a public authority, companies will not have to
provide the same data over and over again if it has already been provided to another office. The key here is that businesses will only need their company ID to identify themselves. Meanwhile, citizens will just need their tax ID. They won’t have to produce their certificate of registration or birth certificate every time. This will also reduce processing times. So yes, although the name doesn’t exactly roll off the tongue, this law will lay the foundations for digitalized government action and that’s a big step forward for all of us.
The Administrative Procedures Act (VwVfG) is another excellent example of the German tendency to come up with unwieldy names. Will we treat digital and paper certification as equally valid in the future?
This is a good example of a “yes, but…” answer. First, we have to clarify or establish some prerequisites — including the question of authentication in this case. The technology is there. If a digital signature can be assigned to a person in an unambiguous, tamper-proof way and longterm archiving can be guaranteed, then we can treat digital documents the same we currently treat analog records. However, it’s also clear that there will always be grades and different security classifications — the security requirements for an ID card will obviously fall into a different category from a residential parking permit.
Do you believe in digital sovereignty? And how can we achieve it?
First and foremost, digital sovereignty means being able to live in accordance with our own norms and values even in a digitalized world. For example, if any US practices for monitoring telecommunications contravene European law, the answer cannot be to give up our own
Charter of Fundamental Rights. Instead, when it is necessary, Europe must be in a position to switch to services that comply with European law. At present, that does not seem to be the case. But we are taking some steps in the right direction by promoting open standards, in
GAIA-X, for example − the partners in this project are coming together under this futuristic name to develop collective specifications for a European data infrastructure. Because the next step will focus on the digital sovereignty of private individuals and companies, who should
have the option to switch services. What’s more, “digital sovereignty” is also an educational objective. I think it calls on everyone − parents , schools, universities, the media − to explain and question digital mechanisms and so to build up advanced media and digital literacy
skills. And the state has obligations to fulfill here as well. Laws and regulations from the everyday reality of our analog lives must also be fit for the digital world.
You are the state chairperson for the CDU in Lower Saxony. In July, the business news magazine Wirtschaftswoche publicly revealed that the Fraunhofer-Gesellschaft had tested IT security across Germany’s various
political parties and warned party leaders of serious security flaws. Emails were vulnerable to interception and data was at risk of theft or deletion − meanwhile, we are being told the IT security of our political parties is especially
important “for the stability of our democracy.” Do you think action is needed?
Cyberattacks and cybercrime pose a growing challenge for industry, public authorities and unfortunately, for the political sphere as well. The German Federal Returning Officer, Georg Thiel, declared just recently that he considers the risk of cyberattacks during the coming
federal election to be high. The authorities are already preparing, in coordination with each other. Cyber espionage between political parties is also an important issue, and we take it very seriously. It’s well known that CDU servers were hit by cyberattacks during the federal party’s
first digital conference in January. However, the party was prepared for this situation and was able to repel the attacks. So with this issue forming a primary concern for us as a party, we will remain vigilant and forge ahead with the continuous improvement of our infrastructure.
Anhalt-Bitterfeld, a district in Saxony-Anhalt, suffered a cyberattack that brought the administration to its knees for weeks and months. According to German IT security law, operators of critical infrastructure
are obliged to report cyberattacks to the Federal Office for Information Security (BSI) immediately. After this attack on a district’s administration, should the reporting obligation now apply to all 294 districts and 11,000 municipalities in Germany as well?
Unfortunately, Lower Saxony has had its own fair share of cyberattacks at this stage. And as soon as critical infrastructures are affected − I’m talking about hospitals, water supply plants and transportation companies − municipalities are also obliged to report the attacks, provided
the operators are sponsored by the municipality. But as a general rule, every report filed with the BSI is another step toward increased security for all of us. If it becomes apparent in the future that municipalities are undergoing frequent, targeted attacks, it may make sense
to make reporting mandatory for them as well. After all, a multi-week disruption to municipal IT infrastructure means massive restrictions on their ability to provide services.
Dr. Althusmann, we started our discussion with poets and thinkers. Can you recommend some reading material that helped you through the pandemic?
My guide in this area is a poet from Lower Saxony, Wilhelm Raabe. He once said that being a little foolish every now and again is part of wisdom. For me, this means we should look beyond our own horizons and not be afraid to seek “outside” expertise. This is why I’m recommending Martin Schallbruch’s “Schwacher Staat im Netz,” a book on weak states in the internet age. At first glance, it may look like a critical view of states, but Schallbruch is a respected computer scientist who spent 18 years working in various departments within the German
Federal Ministry of the Interior. And his book is written in such a way as to be very readable for those without any expertise in computerscience − like myself.
Fraunhofer-Gesellschaft