Taggermany

Digital transformation requires capacity building

D

In Germany, like most industrial nations, there’s a lot of talk about digital transformation. This holds especially true for the public sector, for citizen service delivery.

While in the UK, the Government Digital Services team (GDS) has been doing tremendous pioneering work that’s also echoed in the USDS, and Estonia has gone fully digital a while ago, most countries struggle.

A recent example from Berlin exemplifies this almost perfectly (Morgenpost, in German): In Berlin’s Charlottenburg district, the application for parking permits has been digitized—kind of.

The digital service delivery is worse than before.

According to this article, citizens used to be able to get their parking permits by mail. After the service was put online, they could apply online. So far so good, but the implementation was so lacking that payments couldn’t be processed online. First, government employees manually processed that last bit for every application, but because that was obviously unsustainable the district switched the system. Citizens now apply online, but then to pay have to come in personally to pay on the spot. The payment process was, so the article, forgotten.

The implementation was so bad that putting the service online means that citizens require more efforts to get something simple done. The digital service delivery is worse than before.

This is insanity. On the one hand, process by process is digitized. On the other, it’s done so clumsily that all parties are worse off.

It seems that every step in the process is going wrong.
It seems that every step in the process is going wrong. How can this happen? There’s a simple answer, and a more complex one.

The simple answer is this: The administration doesn’t have the capacity for building digital services yet.

Building digital services requires digital transformation, which requires the institution and all its workflows and org charts to be updated and transformed.

The more complex answer is: Building digital services requires digital transformation, which requires the institution and all its workflows and org charts to be updated and transformed. Otherwise, digitization might bring incremental change at best, or at worst actively create damage.

Germany is a prosperous country with an economy built on high tech. It’s a driving force behind industrial IoT (here summarized under the label “Industry 4.0”). And yet, when it comes to digital delivery of citizen services, the country is woefully behind. This goes all the way from broadband access, where Germany is among the worst in Europe, all the way to how local, state, and federal administrations deliver their services online—or rather don’t, as it were.

Germany is woefully behind in digital services.

In order to even start fixing this malady, we don’t need yet another paper-based workflow to be digitized half-bakedly. Instead, we need a strong mandate from the top, backup up with the necessary budgets, to rethink and truly transform our institutions and administration. Only through true digital transformation can Germany get ready for the 21st century. Until then, citizens and companies alike will have to find workarounds to make things work. We need to aim higher, and we can afford to aim higher.

Connected doll Cayla, connected TVs & the legal status of IoT in Germany

C

Over the last few weeks there’s been a lot of discussion around the security of connected toys. One case stood out not just because of insufficient security practices but also because in Germany it was declared illegal by Bundesnetzagentur (BNetzA, Germany’s Federal Network Agency).

BNetzA referred to §90 of the telecommunications law which states, among other things, that surveillance equipment is mostly illegal and that everyday appliances may not be equipped for surveillance (i.e. no audio/video recording “disguised” as everyday devices that purportedly serve a different purpose). Cayla, so BNetzA’s argument (English version) roughly, is a spy tool disguised as a toy; what’s worse, the kids using it have no chance of knowing what’s going on, and neither do the parents:

The Bundesnetzagentur has taken action against unauthorised wireless transmitting equipment in a children’s toy and has already removed products from the market.

“Items that conceal cameras or microphones and that are capable of transmitting a signal, and therefore can transmit data without detection, compromise people’s privacy. This applies in particular to children’s toys. The Cayla doll has been banned in Germany,” says Jochen Homann, Bundesnetzagentur President. “This is also to protect the most vulnerable in our society.”

Concealed surveillance device Any toy that is capable of transmitting signals and that can be used to record images or sound without detection is banned in Germany. The first toys of this type have already been taken off the German market at the instigation of the Bundesnetzagentur and in cooperation with distributors.

There is a particular danger in toys being used as surveillance devices: Anything the child says or other people’s conversations can be recorded and transmitted without the parents’ knowledge. A company could also use the toy to advertise directly to the child or the parents. Moreover, if the manufacturer has not adequately protected the wireless connection (such as Bluetooth), the toy can be used by anyone in the vicinity to listen in on conversations undetected.

Further products to be inspected The Bundesnetzagentur is to inspect other interactive toys and, if necessary, will take further action. In this respect the requirements of section 90 of the German Telecommunications Act must be met: Objects must, by their form, purport to be another object or are disguised as an object of daily use and, due to such circumstances or due to their operation, are particularly suitable for intercepting the non-publicly spoken words of another person without his detection or for taking pictures of another person without his detection. This also applies to customised devices.

Ever since reading the bit about concealed surveillance in objects of daily use I’ve been wondering about where to draw the line. Smart fridges? Connected TVs? Game consoles? Smart home hubs?

I decided to send an inquiry to BNetzA’s press office and picked two: Connected TVs (because they are disguised as an object of daily use) & smart home hubs (because they are particularly suitable for intercepting the non-publicly spoken words).

They replied promptly and were very helpful. Here’s what they said (Original German reply below):

Regarding the devices you named, the crucial point is the question if they are suitable for recording non-public conversations unnoticed or for recording images of a person unnoticed.

In other words: Is it clear to everyone that the device has a microphone or a camera? According to the current interpretation of §90 of the telecommunications law this is the case, for example, for cell phones and baby phones.

For devices that are controlled by voice or gestures we haven’t come to a final assessment yet.

So that’s pretty interesting and shows just how much we’re in a transition period we are with this. One one hand it’s a matter of reasonable consumer expectations: Would a regular consumer reasonably know what they’re buying? The other is a question of interfaces: If this is how a thing is controlled, is it then an obvious (or obvious enough) part of using the device to make it ok?

Ame on UX   security for iot   thingsconAMS
Ame Elliott making the case for UX & IoT Security at ThingsCon Amsterdam. (Watch her presentation.)

For designers and makers of connected devices that include a microphone or camera, this is tricky terrain. For a while, expect some level of uncertainty. This is something to keep an eye on. In the meantime, obviously make sure to maintain good security practices. No matter what the legal ruling on this larger question ends up being, if your device isn’t secure you got much bigger problems to begin with.

///

Here’s the original reply from Bundesnetzagentur’s media relations office in German:

“Hinsichtlich der von Ihnen genannten Geräte ist ein entscheidender Punkt die Frage, ob sie dazu geeignet sind, das nicht öffentlich gesprochene Wort eines anderen von diesem unbemerkt abzuhören oder das Bild eines anderen von diesem unbemerkt aufzunehmen.

Andersherum gefragt: Ist sich Jeder darüber im Klaren, dass das Gerät über ein Mikrofon verfügt oder eine Kamera eingebaut ist? Nach der Gesetzesbegründung zu § 90 Telekommunikationsgesetz ist das zum Beispiel gegeben bei Mobiltelefonen und bei Babyphones.

Dies ist von der Bundesnetzagentur hinsichtlich Geräten, die mit Sprache oder gar Bewegungen gesteuert werden, noch nicht abschließend bewertet.”

New hardware companies from Germany

N

A quick snapshot of some of the more recently founded hardware and IoT startups. I’m just starting to collect these more formally to make it easier to keep an overview, so this list starts out very small and will grow over time. Please do send me pointers and I’ll try to update this list accordingly.

  • Bragi. Based in Munich. Europe’s most successful Kickstarter campaign. Wireless in-ear headphones for sports that also measure vital signs. bragi.com
  • Basslet. Based in Berlin. An audio-haptic bracelet that transmits bass through the wristbone to give the listener a more intense music listening experience. rescuedideas.com
  • Headwave. Berlin-based. A motorcycle helmet add-on that turns the helmet into a resonance body so the driver can listen to music while driving. headwave.de
  • Kiwi.ki. Berlin-based. Smart lock system for residential buildings. kiwi.ki
  • BeaconInside. Berlin-based. A solar-powered indoor Bluetooth Low Energy beacon for indoor location based services. beaconinside.com
  • Airfy. Beacon & public wifi for small businesses and cafés. airfy.com
  • Polymer. Web platform for hardware makers to connect and collaborate. joinpolymer.com
  • Relayr. IoT dev kit and sensor platform. relayr.io
  • Skysense. Charging pad for commercial drones. Berlin-based. skysense.de
  • TobyRich. Smartphone controlled gadgets and toys. Bremen. tobyrich.com

freelance pension plans. the good, the bad & the ugly.

f

German Labor Secretary von der Leyen proposed to include all freelancers in the German pension system. Before, for freelancers paying into the pension pool was voluntary – much unlike employees who always were by default part of the system.

And I’m honestly not sure what to make of the whole thing.

So, quick recap first: von der Leyen proposed a flat fee of some 350-450 Euros per month. The main arguments are: everybody should pay into the pool, and it’s a way to make sure freelancers don’t live in absolute poverty at old age. Criticism was harsh, including a petition against the proposal, signed by some 45K people as I’m writing this. The main arguments against the new default are that joining the pension system should be voluntary, that the amount is too high particularly for job starters and young freelancers, and that a flat fee is inherently unfair.

Now what to make of it? It’s not as easy as it sounds. I was a freelancer for quite a few years, and thought about pension plans etc etc for a long time. Here’s the dilemma: As a freelancer you’re exempt from a lot of both the obligations and the protections employers have. That’s both boon and bane. On one hand, you’re free to decide how to plan ahead, and you save some taxes. On the other hand, you enjoy a lot less protection, say if you have no clients, and you won’t get a state pension unless you setup a private plan.

And as always, that’s the core: Do you believe in the state to protect the weakest, or do you believe in the individual’s choice and responsibility?

  1. I’m not defending von der Leyen’s proposal, I’m trying to form an opinion and share my experiences in case they’re useful for anyone. I do this after having been a freelancer (Freiberufler, to be correct), and being a full-time employee of my own company these days.

  2. A flat fee is probably a bad idea. There’s a certain elegance in flat fees, and frankly the amount isn’t all that high if you compare it to any private pension plan, pension fund, life insurance and all the other flavors. I looked into it, and trust me, if you want to get a somewhat decent pension, it’s not going to be cheaper than that. Yet, a percentage-based fee is probably fairer, or maybe an extemption for the lowest income freelancers, or the first year of your business, or some other more flexible entry level rule. But that can be done, as it is for almost every other relevant field, like part time employment and a sliding tax level for low incomes. (Just don’t be surprised if you end up paying more once you earn a decent salary.)

  3. For freelancers it’s often hard to plan ahead for the next few months. (As it is for small companies, come to think of it.) Just because it’s hard doesn’t mean it shouldn’t be done. Once a new expenditure is established, it’s part of the system and everyone will live with it just fine. And even though I’ve struggled with it myself quite a few times, I do believe that if your business – freelance or not – doesn’t bring in enough cash to pay for a pension than it’s not a business. We’re not talking about full time hobbies, but full time work. (If you freelance on the side it’s a different matter altogether of course, but that’s not what my post is about.) If after a year (or two, or whatever) you can’t pay for it, chances are you never will be. And pension plans work by leverage over time. If you start paying in by 35 or 40 it won’t work. It can’t work. The earlier, the better, and the later, the worse. Much worse, in fact.

  4. The argument that we, as a generation, won’t get our fair share out of the system, is in my eyes highly problematic. I’ve done my fair share of ranting about collapsing pension systems. And I still rant about it. As a generation, it feels like we’re well and truly screwed at least in Germany and in regards to the pension system. The system was built for a very different demographic distribution and we’ll end up paying more and getting less. Yet, I’m not just yet willing to give up the social contract that I also profited off massively, like my free university education for five or six years. I got a lot out of the system, I feel I should put a lot back in. Let’s figure out the details along the way.

That’s it, really, those are my thoughts. I really don’t think that an obligatory system a unified system necessarily has to be a bad idea. I’m also quite sure that the current proposal won’t work out as it seems like a bit of a short-sighted implementation. But as a fellow former freelancer I can tell you from my experience that starting the pension thing is hard, and while it might be easier later, don’t count on it. Whichever system you want to join, you’d better do it today. Otherwise you’ll be debating the same issues again 40 years from now, but not have a chance to change anything.

Google Streetview in Germany, some thoughts

G

A little while ago I wrote a little rant about the fake Streetview Google had launched in Germany, an odd Google Maps & Panoramio hybrid. Eventually that’s about to change: Google Streetview is coming to Germany for real.

And boy, are people in Germany going crazy over this.

On the one hand you have those who thing that having public spaces accessible online is a good thing (including yours truly). One the other you have those who claim that it’s the end of privacy, illegitimate commercialism by a global corporation or that it helps burglars.

These critics spread – or buy into – a hyperbole like I haven’t seen in a long time. They are, I daresay, going absolutely nuts.

Why is this important? Because there’s practically no privacy risk, the burglar argument is completely bogus (not even burglars are so stupid, and statistics show that there’s no correlation of Streetview and break-ins) – while on the other hand a service like Streeview is incredibly useful for all kinds of legitimate uses.

DW-World sums it up nicely:

“Behind all of these criticisms here in Germany is the fear that Google might be too powerful, while being too strange and intransparent,” [law professor] Hoeren told Deutsche Welle. “It’s not really about data collection, telecommunications and privacy and such.”

If you understand German, Mario Sixtus wrote a fantastic piece on the subject. His take: trying to restrict a service like Google, including giving house owners the right to have photos of their houses removed from the service, is an attack on all our rights to the public space.

I couldn’t agree more.

The fact that many media outlets and politicians chime in with the rest of the criticism (or rather, take a lead in the fear mongering) doesn’t make their claims any more substantial or legitimate. Either we protect those rights, or we’ll lose them. And I’d like to keep living in a country where everyone – yes, even large corporations – are allowed to pick up a camera, take photos of buildings* in public and share these photos online.

(*Photos of people are a different matter altogether, but that isn’t what Google is doing here.)

Full disclaimer: I’ve worked with Google before and I’m a member of the Google Internet & Society Collaboratory. I still think that Google’s new stance on Net Neutrality sucks.

Google Collaboratory Report #1

G

Collaboratory ReportIt’s done! Over the course of the last few months I’ve been part of the German Google Collaboratory “Internet & Society”. The expert group is part of Google’s effort to reach out to multiple stakeholder groups and discuss with experts the challenges and opportunities our society faces. We discussed a whole range of topics from privacy to media literacy to democracy, and conducted a survey among the German web community about all this. We crunched the numbers and interpreted the input we got.

Today, the final report was published. Download the report here (PDF, 1.9MB, language: .de). (Update: find all reports here.)

Together with Henning Lesch of eco and I focused mainly on privacy. You can find the results and essence of the research under the headline “Datenschutz & Privatsphäre”.

What really struck me – in the expert group as well as in the survey and in the discussions we had with politicians – is how hard it is to come to any clear solutions in this field. It almost seems like we, as a society, need to have some in-depth discussion on which exact questions to even ask, and how to define all the buzz words. Do we need anonymity online? How much? Absolute or relative anonymity? What exactly does anonymity entail? It’s really not all that simple.

Although I will say that personally I strongly favor an internet that allows for anonymity over one where all action can be tracked. In fact, I believe that the opportunity to discuss open and free and without fear of repercussion (in other words: in anonymity) is an important basis of a strong and free democracy. (Luckily, many, many of the participants of our survey hold a similar view.)

Long story short: I tremendously enjoyed working with all these smart folks. And I hope this report can help foster a good discussion about where we’re headed and how we’d best get there.

As it is today, there is much to discuss, and not all of the folks in a position to make the relevant decisions seem to be up to speed. (And you can’t blame them, there’s just too much on everyone’s plate!) In the US, Code For America exists solely to support the decision makers in DC with external expertise in all questions related to the web. If there’s demand for something similar in Germany, sign me up. We as the web community shouldn’t stand back and complain about politicians, but instead offer a hand to work with them. There’s no other way forward.

Full disclosure: I’m a member of the Google Internet & Society Collaboratory and I worked with Google before.

Google, Privacy, Germany

G

what are you looking at?

We’ve been discussing the unholy trinity of GPG – Google, Privacy, Germany – a lot recently. And by “we”, I mean in one swoop all the web scene, Germany and the media here as a whole, but also my friends and I. (One of those friends works at Google, so we can bounce ideas off each other.) That is to say, these issues are discussed on many levels right now, and there’s no end in sight. Still, it’s time to share a few thoughts – less to explain anything (I don’t think I have many answers) than to order my own thoughts and learn about yours. It’s all a bit rough and unpolished – my apologies.

First, let me throw in a few factors, unordered but all relevant to the discussion:

Google has been criticized a lot in Germany for several reasons, most dominantly privacy, market domination and their mantra “don’t be evil”. Privacy has been a big issue in German media. Social Networking (most notably Facebook and the local clone StudiVZ as well as Twitter) are lagging behind the US, but are gaining traction quickly. The European Parliament just rejected SWIFT, the EU’s bank data exchange with the US. There is a very active web scene here. In the federal election campaigns in fall 2009, the government introduced de facto web censorship (framed as child abuse protection, but ridiculously badly implemented), but put it on hold recently after all experts were up in arms about it. PR agencies abroad seem genuinely scared of bloggers in Germany. There is a small, albeit very critical blogosphere. (There are probably more factors to be taken into account.)

All that just to describe the overall climate when it comes to discussions about the web in Germany. The discussions are led in a somewhat odd triangle of privacy protection, gadget lust and technophobia. (Although this could be framed differently, too. Feel free to do so.)

The main arguments are:

# Biggest Player: So in all the discussions about privacy and its protection online, Google is the most obvious target as it’s the biggest player. Google’s market penetration here is comparable to the US, that is to say that both the search and ad market are dominated clearly by Google. In my personal point of view, that doesn’t justify using Google synonymously with privacy abuse, but it sure feels like this is happening. It’s how media work, though: you need to put a name to a problem, or you can’t really discuss it.

# Privacy Abuse: Take email: I’m fairly certain that my privacy is violated more often and more strongly by all the other local free mail providers (GMX, web.de etc). Certainly you get a lot more spam there, less convenient search and not even the official mantra of “don’t be evil”. Like Google, these companies have to serve their stock holders in the first place. One fair point here: Google is bound by US law, so instead of one, there are at least two governments that could potentially enforce access to my email – Germany and USA. That, plus a number of recent privacy screw-ups like with Buzz, have made it clear that Google isn’t infallible. However, to Google’s defense, I don’t know of any incident where they maliciously gave out user data like Cisco, Yahoo or other competitors.

# Centralized Power: The most valid point I see is that against centralized power. My email, calendar, shared docs all live in Google’s cloud. One of my majors in college was political science. One thing I learned there that too much centralized power is always a bad thing as it opens the door to abuse. This is the one thing I really don’t like about Google: Too much personal information is stored there that should be on some secure server that only I could access. We all have the choice to do just that, but it comes at a price that’s so high that we can’t really pay it: We’d need special skills, a lot of time, and we’d face security risks if we tried to manage mail and calendars ourselves. I certainly wouldn’t know how to do it. And just putting my mail on another company’s server wouldn’t really seem more secure either. Today, I trust Google with my information, and their services are by far the best in the field. But what will happen when the management changes one day? So this point is a strong one.

# Overall Sentiment: Once the criticism train is rolling it’s hard to stop. Both media and consumers in Germany see Google as a synonym for the points mentioned above. So much so that media often attack Google for what sometimes seems like a reflex rather than research. The latest example: At transmediale10, the artist group FAT Labs pretended to have secretly equipped a Google Streetview Car with a GPS and tracked it while it was shooting footage of Berlin’s streets. And the media largely bought the story, buying into the David vs Goliath angle without further research. The list of media who seemingly believed the FAT Labs announcements included heavyweights like Boing Boing, Gizmodo and the Huffington Post as well as a number of German outlets. (Over at Blogpiloten.de, one of our authors mentioned it too, although cautiously.) To cut a long story short: The kind of paranoia at work here can easily develop a strange dynamic of its own. Which brings us to the next point…

# Lack of Control: Publishers are probably the most influential group at work here, but there are others too, who fight Google for pushing ahead with their own (ie Google’s) polices. This is understandable as we see a very powerful player who’s governed mostly by private interests and another country’s laws. This goes for both business and private contexts: Where we aren’t in control, we feel uneasy. (Except when talking about Apple, it seems, but that’s a whole other story.) Personally, I feel that Google is way more open and transparent than most private companies, and stick to technical standards much more. However, the basic issue is a valid and important one: Users need to be in control of their data. Today, that’s hardly the case. (Facebook, Twitter, Apple: I’m talking about you, too.) What this argument also does, though, and here’s the big risk: It provides cover to more selfish arguments, like the publishers. In their case, Google’s book scanning project is a threat to their old business model, so they try whatever they can to keep Google and other competition out. In this case it’s all just framing for their own political and economic gain under the cover of concern for the public good.

That was a lot of points – and again, I’d like to apologize for just throwing it out there without further polishing. I think these discussions are important to have.

But here’s the thing: I think the discussion is missing the point.

We shouldn’t even be focusing on just one company, it doesn’t really make any sense. Instead, we should focus on writing a set of rules that make it clear that users need to be in control. We need to define how that can work in a global network. And we need to make sure that we don’t get paralyzed by fear of technology as that would endanger innovation. (For Google’s standpoint on this, check out Eric Schmidt’s opinion piece in the Washington Post.)

Germany needs to sort out what Jeff Jarvis calls the German Privacy Paradox. While he argues by way of a sauna (read yourself), here’s the point I found most important in his thoughts:

What’s the harm that can come from revealing something else about oneself, as adults fear young people are doing in excess in Facebook and the web? The issue, I’ve long said, is not privacy but control: We have a right to control our information and how it’s used. But all this talk about privacy could make us withhold more than ever; it could make us downright antisocial. So I’ll ask again, what harm will come from publicness? Where’s the line?

These are really the questions we need to ask ourselves. Could we try not to live more privately and in less competition from the likes of Google? Certainly. But at what cost? (Again, as a disclaimer: Personally I’m a strong believer in a sharing economy, and I live pretty publicly on the web, so I’m biased.)

My take, in a nutshell, is this: On one hand, we need to make sure to give companies (here: Google) a lot of leeway to innovate before regulating. On the other hand we need to make sure to set a framework of rules that puts the users in charge of their own data.

This is a tough balance to find, but it’s what we need to do. Otherwise it’ll be either stagnation or a privacy disaster. Both aren’t good. And none of those is better than the other. So let’s set aside our critic’s and fanboy’s hats and have this discussion, and try to notice when some industry is trying to sell us their interests as public interest. Listen to your BS filters. It’ll be a long process as technology advances, but we shouldn’t just sit there and watch, but go out and help define the new rules of engagement.

Image by nolifebeforecoffee, some rights reserved.