For context, Bundesnetzagentur (literally “federal network agency”) is a German agency that regulates five kinds of networks – electricity, gas, telecommunications, post, railways. The telecommunications part of their work is supervised by the Bundesministerium für Verkehr und digitale Infrastruktur (literally “federal ministry for transport and digital infrastructure” i.e. highways and data highways).
One of its tasks is to ensure non-discriminatory access to infrastructure markets for all market participants: Former state monopolies have to share their infrastructure at a reasonable price to competitors, for example. Another task is consumer protection: In february 2017 they decided that an internet-enabled child's doll containing a microphone accessible remotely without any indication to the people using that doll should be “verboten” since they classified it as a hidden wiretapping device.
The federal network agency claims that XMPP clients have to be registered according to a German law that says that one has to be registered with (but does not need permission from) the agency if providing public communication services commercially.
The federal network agency claims that XMPP clients have to be registered according to a German law that says that one has to be registered with (but does not need permission from) the agency if providing public communication services commercially.
It's a rather slippery slope from XMPP towards software which uses any of the other networking protocols, even TCP/IP and Ethernet, since they could all be considered telecommunications.
Germany has always been a very procedure-oriented country. This instills a "conscientious thoroughness" in their psyche. Which mostly pays off (for them).
There are options :
- they got this wrong because they don't understand how the net works
> It belongs to the Bundesministerium für Verkehr und digitale Infrastruktur (literally “federal ministry for transport and digital infrastructure” i.e. highways and data highways).
That's blatantly wrong. It's the Federal Ministry of Economics and Technology (Bundesministerium für Wirtschaft und Energie). You even mentioned the Wikipedia article which states it right.
The departments of the agency working on telecommunication law are exclusively supervised by the Bundesministerium für Verkehr und digitale Infrastruktur. Only the other areas plus all administrative supervision is done by the Bundesministeriums für Wirtschaft und Energie.
("Belongs to" is probably too strong either way. They are not part of a ministry.)
TL;DR German Federal Network Agency (BNetzA) contacted more than 100 developers of XMPP clients, in or outside Germany. BNetzA considers XMPP-clients to be "telecommunication services" and requested developers to register with German authorities, as required by the German "telecommunication law".
Here's a relavant tweet by Xabber developer from Chelyabinsk, Russia:
Well, that happens if you have a conservative government which does not understand technology. Positions in agencies like this get filled by people with no clue, advocates and bureaucrats who don't understand where the law ends try taking on the world, using their small little letters. Even sending them into the sovjet union (in 2017, they even have time machines!) - you can see how old the responsible people are, in which century their thinking was formed.
But, to be fair, Germany was always crazy like this. There was always censorship of media (trying to have developers registered stems from that), that goes back to when Germany was a collection of small kingdoms. Add the conversative mentality of its people (when book printing was invented, they decried the harmful habit of reading too much) and you have to end up with that backwards, crazy and megalomaniac little country Germany is today.
I always try to find an explanation that makes sense and assumes good faith before going for incompetence and corruption:
These cases arise because of legislation that has not been updated to account for new technology. If you're charged with regulating a newly-liberated telecom market in 1992, it makes sense to require "telecommunication providers" to register as a first step to monitor developments in the market.
With the internet, you suddenly have thousands of people and companies that fit the letter of the law. You tell the politicians that maybe something should be done, but it doesn't really appear to be important so they'll wait to stick it into a general overhaul of the legislation that's on the horizon, and do more urgent stuff in the meantime.
But, as the guy/gal tasked with this register, all that matters is the actual law, and you're pretty sure it applies. What now?
You could just disregard the law. You probably won't even get in trouble, because it's unlikely they'd notice anyway, nor would it cause any harm.
But sending out these letters defying common sense is actually the better course of action: First, it protect you in case something does happen. You never know the creativity of people – someone, somewhere might figure out how to die from an unregistered chat client.
More importantly, it puts the issue on the agenda and parliament will have mercy with you and update the law soon(ish). And that's actually quite important, because while it may seem innocuous to ignore a stupid law in a case like this, you don't want that practice to spread. The rule of law is pretty important – and I'm not speaking of dictatorships here, but simply knowing, as a citizen, what to expect from your interactions with the bureaucracy.
Example: Should I buy that open lot downtown and build a house? Well the law says it can't be build because it's too close to the river, but I've heard they usually disregard that law because with the new dam upstream the river no longer floods... -> Legal uncertainty is poisonous for any development.
I didn't describe corruption. That positions in those agencies get filled based on political motives is normal. The bureaucrats on the lower levels do not change, but they also don't decide stuff like this.
> More importantly, it puts the issue on the agenda and parliament will have mercy with you and update the law soon(ish)
Complicated motivations like those don't hold up against Occam's razor. Also, the Telekommunikationsgesetz has been updated multiple times since the 90s. Suffice to say that no one should expect any improvements. Each change was a combination of very bad and very stupid ideas, with some minor improvements, which subsequently got removed before the changes were passed.
I love how you put in conservative there. As if liberal government doesn't try to curb the internet. The only difference is that conservatives want to censor media "to protect children from hostile values", the liberals want to censor media "to combat hate speech" (to combat opposing political ideas).
They do. The BND is using those capabilities to spy on all germans and the whole world, with a little help from our american friends. Those are not the same clueless people that end up in the regulation agencies.
> BNetzA considers XMPP-clients to be "telecommunication services"
But that is exactly what network clients provide: telecommunication services. IFF the relationship between the states and the governed was healthy you wouldn't bat an eyelash at the suggestion.
Translated "consist wholly or predominantly in the transmission of signals over telecommunications networks, including transmission services in broadcasting networks". I find it hard to argue that some piece of software can be a transmission service.
From the other hand, GMail was considered a "telecommunication service" by a German court:
"Google Inc. therefore has its own switching technology (original "Vermittlungstechnik" - transmission tech) and therefore has, in any case, partial control over the signal transmission."
An XMPP-client, in contrast does not have own transmission tech and has no control over signal transmission.
The client is a component of a communication service. Such components used to be (mainly devices and) developed solely by corporations already integrated into the 'system'.
You don't trust the system, and you have good reasons for that, and the 'system' doesn't trust actors it does not control.
The interesting bit is that they explicitly point out part 7 of the TKG (telecommunications act) which details the telecommunication provider's duties in assisting law enforcement agencies, such as providing interfaces for targeted surveillance.
Here's a cursory overview (IANAL!): They want the name of your company, and for companies outside Germany, the name of a representative in Germany; and a way to contact you. Page 2 concerns access providers, e.g. ISPs. Page 3 concerns service providers, with provisions for all manner of services from VoIP, Email, messaging, VPNs and more general network solutions, and a field for "other" ("include brochure where applicable"). They close with some explanations, and a threat of fines up to 10000 EUR in case of non-cooperation.
It's 149 pages at around 20 entries per page (there's also an Excel version available). Facebook is not listed. Google is, hilariously with the note that there is an ongoing legal dispute on whether they are required to register.
I find this bit of their reasoning particularly curious:
> The authority argues that the software would also take over functions of a server in so-called Over The Top services (OTT services) and thus not to be assessed as pure software.
If I'm not misunderstanding that, the agency asserts that a software requires regulation because it opens a port for listening.
On the risk of being alarmist, my suspicion for some time is that the next step in centralising the internet will involve stronger legal hurdles for usage of the internet that does not conform to the standard "dumb client+cloud backend" pattern. I fear this is the beginning of exactly that.
The translation is wrong, it is the Federal Network Agency. Comparable with the FCC in the US but it also regulates other network based markets. But they have nothing to do with the BND.
I don't think XMPP is going away any time soon, but it certainly is not the most used thing out there.
However, I think that's part of why they've made this request. I think the problem is that it is late enough in the lifecycle of XMPP that no one large group (politically speaking - let's talk minimum of 100,000 people with similar political interests) really cares about it. That makes this not at all controversial, so it allows them to set a precedent.
I do not live in Germany, though, so I don't know if there's already precedent, or if the German people really even care about this. Hell, I don't even know if making XMPP service providers register is at all harmful or restrictive. All I can comment on is how it looks to me, and it looks like a power grab from over here.
Registration per se is not harmful or restrictive - except that some (figuratively speaking) poor developer in Russia now has to deal with a four-page form in German which isn't even really suitable for software.
The problem is not the registration, the problem is that BNetzA considers software to be "telecommunication services" and thus subject to regulation. There are 152 paragraphs in the TKG (https://www.gesetze-im-internet.de/tkg_2004/index.html), how much would it cost a software vendor to comply with everything? Or how much would it cost even to find out what a software vendor would have to comply with? There was a pretty good reason Google went to court over the question whether GMail is a "telecommunication service" or not (https://www.noerr.com/de/newsroom/News/gmail-ist-ein-telekom...). Google lost, by the way.
From the other hand, the list of "providers" includes a lot of organisations like "Antennengemeinschaft Schreiersgrün e.V" - roughly translated as "Antenna community of the village Schreiersgrün (registered society)".
It does seem pretty odd to consider software a telecommunication service, to me, absolutely. All the software is doing is wrapping up a message for someone else to send. It would sort of be like considering envelopes, paper and writing (when taken together) to be a mail service.
Taken another way, if we think of XMPP as a telecommunication service, and require providers to register, do we also consider HTTP to be a telecommunication service, and also require registration of every public access HTTP server? Both are protocols that, at their core, pass messages. Who's going to ratify all of those forms? This feels like it would be expensive to enforce, and if the law does not explicitly name XMPP (or explicitly define the difference between a telecommunication service that it covers and one that it does not in a way that excludes such widely used things as HTTP), it should not be selectively applied to XMPP. It should either be rewritten, or applied to technologies that existed or were expected when it was drafted.
Germany also wants you to pay for a broadcasting license (costs up to $10,000) if you continuously livestream online, regardless of whether you are making any money from livestreaming.
It is a kind of fallout from a long overdue reform of that law area.
In theory you even have to stop 'sending' your website between 6:00 and 22:00 if it contains adult content, same law.
The reform failed due to the totally insane requirement of rating every single website for child protection. As it is a law with state and federal parts, you have lots of duplications and weird rules.
So the 'register all XMPP clients' is a side effect of german regulations that still consider Internet to be mostly just a slight variant on Phone&TV&Radio.
In the past (1980s/1990s) you had (in theory) to register any BBS service as a telecom provider, but they didn't even have a proper form to do the registration.
One of its tasks is to ensure non-discriminatory access to infrastructure markets for all market participants: Former state monopolies have to share their infrastructure at a reasonable price to competitors, for example. Another task is consumer protection: In february 2017 they decided that an internet-enabled child's doll containing a microphone accessible remotely without any indication to the people using that doll should be “verboten” since they classified it as a hidden wiretapping device.
The federal network agency claims that XMPP clients have to be registered according to a German law that says that one has to be registered with (but does not need permission from) the agency if providing public communication services commercially.
https://en.wikipedia.org/wiki/Federal_Network_Agency
Edit: As other hackernews have pointed out, only the telecommunications stuff is supervised by the BMVI.