 Twitter account C3Lingo. I'm happy as always to announce the next guest. He does not shy away from entering into conflict with the German Foreign Intelligence Agency. Who of you knows de-kicks the commercial internet exchange? Now, who knows the history that they have, the huge internet exchange with the foreign intelligence service. You can do the first part. Yes, they still need that info. To keep a long story short, de-kicks versus the state or the G10 or BND law and the protection from basic laws. G10 being the law to restrict communication secrecy in Germany. Now, the thing about protecting from basic rights was complicated. Of course, my first opinion was that it's these basic laws themselves that need protection, but these are protections from those basic laws, as we will see. I'll now skip through a few things at the beginning, just to motivate you to what this is about. It's the protection from surveillance and the thing to be protected is the secrecy of communications. We've heard of that and the German Constitutional Court has put it as the perception of freedom that cannot be totally registered and recorded. That is part of the constitutional identity of Germany, which Germany has to strive for on the international stage. The difficult thing here is that the services that are to protect these basic laws now yield questions where we have to ask whether these services actually violate these basic laws. Are they being protected or not? To say that in advance, is this just about content data or any metadata? In Germany, it's a very simple rule. It's in the criminal code that the secrecy of communications not only applies to content, but also the circumstances who is talking to whom, even attempted connections if these connections fail. All that is under the protection of this Article 10 of the German Constitution Secrets of Communications. The European Court of Justice has seen it quite similarly. They said that metadata actually yields complete profiles of the network who is doing things with whom. How do they conduct their lives, who are their friends and all that? Even the metadata is enough to recognize that it's not just about content. That's always a topic if services like the German Foreign Service argue that communications data can be stored. Thankfully, we have a judgment that was gained by reporters without borders in this case. Now, these mass recording is a global trend, unfortunately. All services try to have systematic access to data, bulk access. That's the term they use. So they want metadata, communications data, but also private collections such as Facebook or Google, which records interest through search queries. And they try to access those data directly without filter and only filter within the service as they have the data. And the more extreme things are things like the GCHQ in Britain, where they recorded the data going through C-cables and were able to do a rollback across a few days at least. So they noticed, oh, there's something interesting here. Who did these people communicate with a few days beforehand? They tried to even find out that. And because of the amount, that can be difficult. And that also applies to the espionage software products that services sometimes use. And we've seen that some of the best-known software came from the labs of NSA and Co. And that is an increasing problem. This is all about acquisition of data. And to understand what the German Foreign Service is doing, what is the actual task and profile, it's to supply the government and ministries and police with information as required about political, economical and technological developments who has new technologies, perhaps military issues, where are there troop movements who's planning something in the background, but this great term abstract or concrete threats for the security of Germany and its citizens. Now, that is something that you can pin everything to. And the things we're going to talk about is actually pinned to these abstract and concrete threats. We don't know who is actually planning something, it's just without any particular target. The task profile, their priority topics are proliferation, that's weapons trade, international terrorism, failing states, such as Syria perhaps, where states just fall apart, all conflicts about resources, the gas politics and things like that. Are we still getting oil somewhere or things like that? Officially, the targets are the near and middle east, North Africa, west and central Asia, but in case of doubts, this can always be spun a bit wider. And what's the legal framework here? There are targeted measures where you know who you want to target, who you want to investigate. That's what police forces normally do, but sometimes secret services too. And then providers are compelled through telecommunications surveillance, cell queries, all targeted attacks on mobile phones or computers of individual people. And in theory, the so-called restriction on secretive communications in the domestic sphere. So whenever the computer is involved as a tool, so this could apply in the interior, in domestically. And then you have the topics that we are going to talk about really. The untargeted strategic surveillance measures, which again affects the article on restriction communication secrecy. So this is the restriction of the basic law in the German constitution. And this law explains under which conditions someone can listen into communications, someone from the secret services, we should say. And relatively new, since 2016, the law on the Federal Criminal Police Office, no, sorry, the law on the Foreign Secret Service regulating where they can investigate abroad, but no law on domestic investigations. There's always has to be some kind of reference to the international level. But then also cyber threats in the domestic sphere in another law are part of it too. Now, untargeted surveillance in Germany only happened according to that G10 law until 2016, which was passed in 1999 and of course was challenged legally by NGOs and the opposition. And the German Constitutional Court then ruled that yes, this is allowed because there are these great protections in the G10 law. The protection of citizens is achieved by only having international telecommunications affected by this restriction to secrecy. Now, this was limited to 20% of the capacity of telephone lines, international lines. And the regions that were targeted were defined and what you look for, this all had to be part of the application to restrict someone's secrecy of communications. And those applications will have to be checked every three months. And those were regarded by the Constitutional Courts as vital protections, no targeted search queries and no subject from the core area of private conduct of life, which is specifically protected by the German constitutions. They must not be targeted by this. Then in October 2016, the law on domestic communications investigations happened. Now, this law claims that the constitutional questions in the G10 law are not affected because it separates into communications of Germans and citizens of other countries. So if you, as a German in Moscow, have a phone call with someone in Paris, you are not allowed to be surveilled. But other foreigners can be targeted wherever they are. Sharing of data with partner services defined by certain treaties is allowed according to this new law. And there is a new controlling institution, a new commission that is supposed to allow this in a more open way, but they don't really check anything they just nod things through in practice. This is actually a legalization of the practices that the NSA, the NSA Investigating Committee of the German Parliament found. They actually found that this is all not possible, and then this new law was passed that made it all possible. Now, the State Secretary in the German Treasury, who is still responsible for the secret services, said in response to a question whether this law was made for the employees of the Secret Service or protecting citizens. The answer was he was only interested in the legal certainty for the employees of the Secret Service. Now, you could understand someone responsible for the Secret Service is saying this, but as an answer from the whole Treasury, that is not a good answer. Now, what was regulated in this new law? Now investigations are possible in the domestic sphere in the inland. There are no limits on capacity that can take as much as they want. It doesn't have to be limited to certain lines. Only every nine months does a permission have to be extended and the data can be fished in the country. And there is no real control anymore. The reasoning says that the budget of the services would be sufficient as a restriction. The fact that these budgets could always be increased was not really addressed. Now, the saying was that no laws were restricted, no Germans could by accident be surveilled. Other EU citizens were not that well protected according to that. It was significantly targeted because of the restrictions, but even the German Parliament's scientific service said that this is not possible in this way. But the coalition thought this was a very good law and it's an international example actually. So, there are complaints. Many parties and the Constitutional Court is looking at it. The opposition and certain NGOs have filed complaints. We are not involved. Now, let's go to the DE kicks surveillance to keep to the time limit. This started in 2008 when we were approached and told that we were an international node. Traffic from several countries comes together. All these lines go to lead to the abroad, which is not really true. So, that was why we were supposed to be allowed to be surveilled. That was in 2008 and the new law was only passed in 2016. And we have these orders according to the G10 law on restrictions of the secrecy of communications that were used as a foundation. And when the filters did not apply, when Germans communicated with citizens from abroad, that's when the filter did not apply, the G10 filter, but that was solved by the new law. Data is freely usable by the services as long as it's not two Germans that communicate between each other. And the use of the data in that opinion is permissible even according to paragraph 3, which is specific orders when a secret service knows that it wants a certain phone number, a certain person, then it can order this according to paragraph 3 and that since 2015 is possible. And the insights glean can actually pass on to other authorities, too, since 2015. For example, the Inland Domestic Service, the Agency for Internet Security, Information Technology Security, and requests can also be given to this partner organizations to then delete the data, which is, of course, very likely to happen. We in 2009 had our doubts, we said it won't work this way, it cannot, this is line-based in the law, but these are packet-based communications. What is 20% is that line capacity or do I have to look at each type of communication separately? What does that actually mean? How do I translate something that was passed as a law for telephony into this new technology? And also the abroad, we're not really a virtual abroad. We are transporting data from one route in Frankfurt to another route in Frankfurt. So these international lines are arriving at a route in Frankfurt, that is connected to another route in Frankfurt, and from there it goes somewhere. Germany, internationally, we don't know, actually. So we don't know how these other carriers that we link to have shaped the networks. And that's why the separation of international and international carriers, most, if you have customers in Germany and abroad, are these international or international carriers. Sometimes the national subsidiaries are our customers, but still the network might be an international one. How are you supposed to separate this? And everything has to be stored temporarily anyway. Because you have to put things together afterwards. If you don't store it temporarily, you can't analyze anything. How are you going to filter it afterwards? No idea. And then the chancellor said, no, no, it's all permissible. It's all the legal framework is there. And then we actually let them soothe us. This was the first terrorism debate at the time. We had cases where children were groomed by organizations in Cologne or something. So we said, okay, we'll go along. We probably are able to trust the German chancellery. Now 2009, right? And then came Snowden and the NSA investigation commission in the German parliament. And we realized it doesn't work this way. The top legal experts say basic rights apply to foreigners as well. This virtual abroad and free sky, it's just not, doesn't hold. And the systems don't work. The legal protections, which were all rudimentary anyway, but the results were much worse. And the technical and one violation actually would be too much. We found completely impossible. I'll come back later to what the figures actually mean. And the fact that the data that is not marked as G10 could be exchanged now. We also thought that that saw that this won't work. We can't just swap, exchange those data. So even the former head of the commission overseeing G10 measures said this completely, it doesn't hold water. If you look at this according to G10 and then exchange data, it doesn't work. You are abusing our commission to get a rubber stamp. And the data was also stored much longer than it was permissible. So we realized we have to get active. We can't just continue as we did. And we then asked Mr. Papier, a former judge at the Constitutional Court, to write an expertise. He was the head of the German Constitutional Court formally. And he wrote, he oversaw the judgment on earlier cases. And he clearly told us that human rights are not German rights. It doesn't matter who is communicating. If it's in Germany, within Germany then anyway. But if a German service is doing the investigations then probably too. The constitution applies. But in any case, protections have to be there. And according to his evaluation, which he actually wrote down in his expertise, the whole orders were impermissible. And it's very rare to get such a clear statement that it's impermissible. So all our doubts in 2009 were confirmed. And we clearly had to find out whether this was permissible because we did not want to be part of violations of basic rights. That was unthinkable for us. So we said we have to do something. And the responsible institution is always the Federal Administrative Court here in Leipzig, the first and last instance. And what was scared is that all the protections from the G10 law, so we went to the court, we filed our complaint and some lessons were learned as the papers were exchanged because some things were admitted in the replies that we didn't know about. Some things we didn't even ask for, but they wrote it anyway. For example, that all protections from the 2001 judgment had been bypassed. So the limits for 20% of capacity was administratively bypassed. So you sometimes look at 100% of capacity. Now target areas and search terms. You simply put all the orders and all the applications together. And have a large target area, but that was not the intention. And the filtering is taking place at the service, not the provider. We actually had overlooked that. The Constitutional Court had said that one of the protections is that the reduction, these percentages to a certain region and search term have to happen at the provider so that the rest of the data isn't even seen by the service. That was an elementary protection, but that is not happening. They are getting everything as it is. And the other thing that was admitted completely surprising to us was that some of these protections from the paragraph 10 of the GTN law, there are certain questions when the searches were targeted to individual people that certain purposes have to be adhered to. It has to be limited to certain purposes, and that was bypassed as well. And we thought, you cannot do this, but it has been done. And the information of the people affected, according to the other side, was only necessary if storage and identification is actually taking place. And storage means that someone has seen the data, analyzed the data and said, oh, I'm not really interested in that and then deletes it. That they do not call storage. So that's an interesting thing to discuss, but in our opinion, that is only possible in automated systems not if a human person first has to look at it before it's being deleted and analyzed it before it's being deleted. Then it's still storage. Now, surprisingly to us, the way the process worked, our complaint was simply rejected and only checked by formal criteria. And the reasoning was that only a formal check is necessary. The actual content is not interesting to us. All the doubts were not checked. Now, this was about two-thirds of all the papers that had been written concerning the actual content. The admissibility of the orders was not checked. The freedom of profession was not affected, they said. And then they thought they didn't have to do anything. It was all right. And they did not deal at all with the question what happens with this inland communication that is actually not allowed to be passed on. So the court didn't care about that at all. The reasoning was primarily that we are not affected, so we cannot act on that, because only the G10 commission is actually capable to do that because that's what I meant for it, we cannot do that. And we even told them that we are users and we are afflicted by that as well, but they just said no. They said that's just a means to circumvent applicable law. So that was tough from them. It was also quite surprising that the intelligence service has their own way of ordering themselves. We did not even ask for that, so that was really surprising. And we were asking to the Supreme Court, because that was the only way we had. And we were asking if that was really okay, what they did. And we said that this does not work at all. This does not apply to all the paper that has been submitted. And we wrote completely different, we made completely different applications, and none of that was recognized, none of that was even read. And we said this is not how the law works. And then we said it doesn't work like that. To get orders that work within the law, we can't just get orders that are against the law. So the court order must explain how it's not relevant for us. So we couldn't even tell if this court order was administrational that we could fight against it or what it was. So it was really incomplete. So it was just, we were just told no. So this is a really long text, and I really made it this long, so you can find all the relevant information in there. So the court said no, we do not have to explain that. And we said you cannot apply to this court. That's why we do not have to explain why we do not accept your application. And yeah, they just didn't want to do that. They said if it really was against the law, they had to reject everything and just no. And they also said that the intelligence service was allowed to do their own administrative actions, but they never said if they did that. So we know nothing more than we knew before, and we have all the same questions as before. So we do not know if, according to the content, it's lawful. We do not know if the amount of surveillance is lawful. So there are even more doubts than before now. There was no decision. If we have to follow these orders, nothing was decided. So they are allowed to order, but it was not decided if it was in order what they sent us. And since they do not want to check what the orders contain, they won't check it at all. So we went to the Supreme Court in Germany. To the constitutional court, sorry. And this is what happened then. This is what happens now. And what we want is that the whole deal will be checked, whether it's lawful. And there's this principle where you only have to follow orders from the state that are lawful. And if an order from the state is not lawful, then that includes that you just cannot say, the court cannot say, well, we are not checking whether it's lawful, it just doesn't work this way. So this really calls into question the whole G10 law, because everything that in 2010 told us that we can agree to this G10 law, nothing of those provisions were really held. And nothing of that works. So the G10 law, how it's really used or lived these days, that does not, that's just not the same that we agree to back then. And it's just not okay that a federal administration does all that. It's simply not working. At the same time, we still don't have any way for protection of civilians. So according to the G10 law, civilians cannot apply to a court as long as they are not informed. And the companies, even if they know that something unlawful happened, are not allowed to apply to court as well. So the only one who is left is the G10 commission, and even they are not allowed to apply to court. So there is actually no protection at all as nobody is allowed to apply to the courts. The G10 commission is not allowed since they are not a juristical person. And so we also said that this is not how the law is supposed to work, because nobody is allowed to apply to a court, and there must always be a way to protect yourself against unlawful proceedings. In our personal opinion, the administrative court is just whistling out, they are making it too simple for themselves, because they are just refusing. And as the last instance, they really have to do that, but they just don't want to. We also went to court against the new law, the BND, so the Foreign Intelligence Law Act. And we received orders in the end of 2017, and immediately went to court. And in November of this year, they already told us that we should take it back until the law is tested against the constitution. So we would agree with that if the orders were also taken back until the constitutional aspect is checked. So we are not taking back our complaints, but this is still work in progress. It not much has happened so far. We are also of the opinion that the same opinion as MST International that this law and this act is not in compliance with the basic law of the constitution of Germany, and so we expect it to be taken back, but we can't be sure that the constitutional court will really do that. I also want to stress how important the data procession is. So we don't want to be the ones who protect civilians, but the problem is that only the filter system of the intelligence service can protect the civilians, protect the people. And now the question is how good is this filter? And well, all this is supposed to be tested and checked, but it's just not tested by anyone. And it can also just be turned off for half a year for internal tests. The intelligence service can just order themselves to turn off the filters. And what that means is that basically everything, from not only foreignness but also inland civilians, will be collected and processed, which is really not allowed. And they say, yeah, they are not allowed to really use it, but then still they can weasel out, except if it's according to the profile of the agency. So the quality of the filter system, it has several layers. They described it quite in detail. There is an IP filter, a type filter, a metadata filter, and also the information within the communication, not only the metadata. There are reports that guess the filter system to be 98.5% to 99% accurate. And commercial filters are reached 99.5%, but they do nothing else. So at least if you reach layer three and four, you should already tell people in our opinion. But now let's add a real number. So in peak we have 6.5 terabytes. That's 12 million flows per second. And in average we have 3.4 terabytes. That is 7.5 million flows per second in average. So we have 650 billion connections per day. And a very good filter of 99.9% would still lose 0.65 billion connections per day. And with a filter quality of 99% that's 6 billion connections per day. So if you check the Parliamentary Control Commission in 2015, there were 58 checks. And six were final. No, one was final. Six were not final. 51 were just not known. 2016 it was already 178 processings. Nine of them, none final, four final and 166 not known. And I just don't know how you get from 1.5 billion connections per day to 178 per year. So how this happens is just a secret of the agency. And whoever does that, nobody knows. The information of afflicted people just cannot happen. And the work the Commission has to do just cannot be done. And there are also some proceedings that were stopped. But the question is if this really works, and there probably are way better ways to get the information they really need. And we still do not know how much of this is communications within Germany. So of course if you grab all this data, there will be inner German communications. There are providers that have 85% only German customers. And all that will land at the agency that is not allowed to use this data at all. So this data should have to be deleted immediately, but the control agreement is not supposed to check on that because the service is not allowed to have this data at all. So it's not their job to check on that. And nobody is checking on that. So one problem is that the Foreign Intelligence Service already proved that they are not to be trusted. 18 severe violations and 12 official complaints were noted. And the Commission noted that they cannot force the Foreign Intelligence Service to do anything. And without legal basis they still recorded personal data and systematically used it. And even the Data Privacy Commissioner of the Foreign Secure Service complained about a lack of understanding for the basic rights and the function of protections of basic rights. Now whether that has been able to be improved, I doubt if I see what the requests we still receive and how we still are supposed to continue, I have to say it's going to be difficult. So what's the approach? If basic rights are violated, people are supposed to be informed. Interestingly there's no budget for that. No one has one. Neither the G10 Commission nor the Services. Maybe these amounts are a bit complicated. The interesting thing is that that's one of the interesting problems that we are talking about very different amounts. It's not clear what is the right amount, who is supposed to do it and who has to report to whom about what they actually received. Clearly the G10 Commission is supposed to check every three months whether the information of the people affected is still suspended. Only after five years a final lack of information is possible. They have a meeting a month every month of about two hours length. I can't really imagine that they check individual cases whether someone is informed or not. The problem is if you just use simple mathematics, the whole parliamentary control mechanism cannot function if what you are supposed to do constitutionally, which is individual cases, if you can't look at that, it doesn't work. And these five years are an interesting circumvention as well. If you have to put someone back in the queue, then the data is not supposed to be deleted. Normally it should only be kept for six months. Thanks for your attention. Yes, come to center please. That means you were very quick. Yes, I did my best. Now we have 20 minutes for questions and answers. Do you think we can do that? Oh, if there are enough questions. Where's the signal engine? Are there any questions? Yes. Let's give it a go. Can the D6 take it out of the intelligence agency and just... Can't you just pull the plug and leave it to the services to go to the courts and pass and get a judgement? Yes, we could do that, but the question is in the moment you go to court, you are not forced to put it into practice. Just in case it happens that in the German state... The judgement has to be executed immediately. If a measure is elementary for the existence of the German state, which is what these things say, then you are compelled to implement. If you don't, then you are in violation of the law. If I have a complaint and therefore tell others that they are violating the law and then violate the law yourself, that's not a good way to go about it. So as we are compelled, we do continue to implement. It's a bit difficult, but as I said, it's difficult to argue in front of judges why you are breaking the law yourself because you're actually telling the other people the other side that they are violating the law. Okay, second microphone. I have the following question. When the provider of Lava Bits uses a servant according to his address known that he cannot protect his customer's data before listening to his service. This act of behalf of D6, not about due date. Wouldn't it be time for the D6 to close down? Are you suggesting to shut down the Internet? No, I mean we should. It's a bit more complicated. It's not our customers. It's not the carriers. Our customers are the carriers. So the actual end customers are indirect. So we suggest we send data using encryption we wanted to but there is no standard that we can agree on. So the exchange has to happen somewhere and the carriers have to exchange data. If we were to shut down our services, the data would use other lines that would analyze the same problem. So it's a difficult subject and we haven't quite arrived at that conclusion yet. I need an explanation for the relation of the numbers. The smallest number in 2016 and millions of daters in 178. This is the official number of the parliamentary control agreement in the Strategic Surveillance Update Communication Service. That's 178 per year. We think it's a weird number as well, how to get from A to B but this is the filtering application. Thank you. Good question. Someone from the Internet? If Great Britain is not part of the European Union anymore, are those partisans of the Sixth thrown out? That's not necessary as I explained that they're inside. That's the German Intelligence Service, Federal Service. According to our knowledge, they're not listening so I don't have any clue that they're listening. But we are happy. German colleagues are always happy to swap. The German services like to exchange data with the British colleagues anyway, whether they're in the EU or not. But if we win our case then maybe we can put a stop to that and stop this kind of surveillance from happening. Although it doesn't quite answer the question but I would like to clarify that we are accusing the German state and German laws if it's stuck to the law and the law would then allow this, then we would probably not take action. I have to make that clear. If society arrives at the opinion that this is permissible then this discussion has to be placed within society what is allowed, what secret services can do. We are only acting against secret services doing something that they are not allowed to do is far beyond. This is German citizen's data being leaked within the country and there is no legal foundation for that. That's not possible and volumes. If there is a 20% limit somewhere in the law then I can't just look at the 100% and just accumulate all these administrative orders to look at all the data. That's not how it works. That is not done. So if the service would stick to the law maybe the law has to be changed that would be someone else's task to influence. The NGOs do that. We do get in touch with parliament to improve the law so that things can actually be looked up. In Norway you have this thing where the commission there can look at all the measures that their service is actually executing at the time and we cannot do that. We have to wait for the report from the service and so these are things that you can tackle. I would like to go back to the Lava bit case. The solution was that the keys that were demanded were printed out. Isn't that a measure that you could apply in this case to print out the traffic? And forward it to the responsible person like mail on a database, hard drive. You can do anything with latency but that not. Microphone 7? I have two questions. How is the resonance of politics? One is the response of politicians. They don't like mathematics, neither do they. How is the response of politicians? Surprisingly it's very diverse. The opposition think it's very graced. They are doing well. But also the coalition, they are against it and there has to be change. It's a difficult subject. Everybody is working for security, deceiving. They always get what they want. It's a very difficult task on a political field and we are very hopeful that there will be there is change going on. The constitution of courts hasn't responded in a long time. It has been quiet for a long time. They have a lot of cases pending. And the fact that they hope that something will happen next year the chamber might change and we hope that something will be decided before that. The second question is, if the complaint goes through and you win, who is now going to be held liable? Is it the chair of authority? The individual employee of the chicken service will they be held liable? That's an interesting question. That's quite difficult. So the employee did break the law if they did that knowingly. So I have to say that their boss really does his job protecting his employees but unfortunately in such cases usually nobody is punished. Nobody has to fear to be punished in any way. Maybe they lose their job but since they are state employees they will not lose their job. They will just get a pension. So you can't really expect a lot. We just want to put an end to this. Microphone number four. If we remember, we think back to the fact that Safe Harbor was abolished because this was targeted mass surveillance in the US because that existed in the US. Isn't this kind of thing also against European basic rights that the European Court of Justice gets involved or if you use the D6 node are you then actually guilty of violating privacy because mass surveillance is taking place there? But then there's always the metadata too. I understand the idea but unfortunately national security is not part of data protection. So European law does not really cover this. So maybe you will be right in court but usually nothing follows. Normally there's just a new law and they'll just keep on doing the same thing because it's just one law they were violating and that gets corrected. So usually these laws just don't apply to national security. GDPR for example excluding national security. My question goes to similar, to similar action. Now, how difficult is it to have all this work within German borders and not look abroad? You have to look at what is happening where and if countries like Italy or France nobody will usually think to take the country or the government to court because they want the data. We are really advanced in this because we have quite a good understanding of the law and what the law should be like for civilians. And if you look at the states within Germany you can see how different this is handled and it's very difficult to keep an overview of everything. So carriers are sometimes asking us what do I have to give to whom if they are asking so people are asking for different stuff and the law situation is very different in different states. So the law of one federal state allows something or obliges us for something. It's not quite clear. The microphone too. The question is what practically the content of such an administrative order is. Can you talk about this? Are you compelled to hand out immediate execution? So normally you are not allowed to even talk about this so I could not tell you what is in this orders. Usually sometimes it's quite detailed on why it's necessary including some terroristic group names. Sometimes it's quite strange. Human trafficking might be involved. Sometimes it's not really reasonable why this is now related to human trafficking but yeah. Question from the news. How about the surveillance of those 20% of traffic? How are these 20% calculated and is this legally, does it hold water? That's the question that we always have. We always were questioning that this is reasonable and the federal office suggested that you just sequest all the data into piles and then you can take 20% of the piles which sounded quite reasonable in my opinion. But now it sounds quite different that they just write so many orders and applications that they just take 20% of everything they wanted and just look at 100% of that. So the question of 20% does not really apply because you just write the correct orders. Almost about to laugh, sorry. And yes, it's a laughable judgment. Microphone 8 please. First of all, huge thanks for trying to protect our rights. Please continue, don't give up. Although it seems to be a fight against the windmills. Now my question, you said that as a citizen you can't immediately apply to the G10 permission. Now according to Article 13 in the Copyright Regulation, there was the question of eased access by citizens to the providers. Would it be an approach here to create a sign of kind of portal? You mean the Portals Without Borders portal, yeah. That only the G10 Commission is responsible for that that wrote the Administration Court and there is supposed to be a right to complain but it's a good question if you can complain if you are not informed. And I myself, I'm trying to reason that I cannot go back from my knowledge and therefore know that I'm under surveillance but I doubt that they will understand that correctly. Microphone 1. I'm interested to know how direct it is that the traffic experiments are using a VPN client and their trick might be in the Netherlands. I never said I know it but this service provider says we know how to do it. The very interesting thing is that Germans, for Germans it has to be a code 100% that the data that is re-analyzed already in the law it states that if two Germans communicate abroad we can't secure it, if two French communicate abroad we never know. That's how it's stated in the law. I don't see the point why that's so. Nobody can explain it, they just took it over. Do they look at the connections or at the information? They can look in the data but how deep the depth of the analysis cannot be estimated. It's hard to estimate. It's very complicated as it doesn't only differentiate between home and abroad. It would work if communication is only in a home and abroad. According to the PDLA we could take a look at it. However, looking at the nationality the communication of two Germans abroad cannot be... So the only way to do it is to look at the data. I have no idea how they want to do it. This is how it's in the reason of law. You know what this man deserves now? A louder applause and stand up. Thank you, thank you everyone. Thank you very much for your work. Thank you for listening.