 Right. I'm very glad to have you all here. So many people. That is fantastic. And I'm very happy that I can announce some very special guests today that have some kind of prominence. That is for one André Meister and Ooth Ormeyer. And they will now give you the following talk. That is mobile phone circuitry and have fun. Hello. Hello. Welcome. Nice to have you all here. Also the German Interior Minister Horst Seehofer is happy to see you. And we will talk about mobile phone circuitry as the unknown creature. Who of you knows what a mobile phone circuitry actually is? Oh right. That's about half, I think. The other half will learn it today. We will talk a bit about what the problem is with mobile phone circuitries and what you can actually do against it. What we will not tell you is the whole detail about what a mobile phone network is. Others can do that much better. Harald Werke and Dieter Speer have been doing this at many congresses 10 years ago. For example, when for the first time they showed their open source mobile phone network. Not just how a mobile phone network works, but also how you can run your own. Which of course is happening at this congress as well. And that's what we build on. We will not tell you in detail how a network like this works, but we will talk about a small aspect of it. We will ask an expert how it works. This is the responsible minister and he told us that a mobile phone network consists of individual phone cells. So every end user's device that you connect to such a network communicates at every time with one single phone cell or none at all. And through that, every communication with such a device can be assigned to an individual cell. Which is logical because if it would not be sending anything, there would be nothing to receive. And this here is in a village in the state of Brandenburg in the Berlin surroundings where a new antenna was put up. And only if you have those you can communicate and then the network also knows where the device is. Because the position of those cells is known. An operator of course knows more or less exactly where these masks are. And every communication that goes through such a network, such a cell can then be located. And it's not just the operators that know this. This is public information that you can see, that you can measure. And the devices know it too. Otherwise they wouldn't know with what masks they can communicate. And that is, here's a map from the, based on OpenStreetMap. It's called OpenCellID where you can put these masks on a map. And this is the area at Congress here. You see all the masks here. That's what your devices use. If they don't, just use the internal network. And if these devices communicate with such a network, then with every communication, so-called metadata or traffic data is generated. And that contains a lot of individual fields, which I will, which we show you in this example. So these are the various records that are generated at the provider, at the provider of Malta Spitz, a privacy activist who used to work for the Green Party. And he asked his phone operator for all the data that they were holding about him. And here you can see, I think this lasts for 11 minutes. That is a few weeks of mobile communication by Malta Spitz from the year 2009. And the interesting thing is that so many, such a various amount of data, such varied information is generated. These are the data of just one person from selected days. But everything communication that this device makes with the network generates a record. And each entry has 29 fields, 29 details. Begin and end of the communication time zone. What service was used. Telephony is about a quarter of the information. SMS is about 2% these days. But what's very important now is mobile Internet connections. Every time the Twitter or WhatsApp app sends something to the Internet, every single time a record is generated at your mobile phone provider or operator. And with those 29 fields, you have things like the kind of communication, the number that's being called, the MC, the SIM card number, the serial number of the device, IP address, the internal one in the network and the public one, and of course the phone cell. Every phone cell that the phone communicates with has its own globally unique ID, which consists of a country code, a location code and a cell ID. And this taken together with the location data makes up six or seven of these fields and that gives you the information that the phone received and SMS text messages at some point and was in a certain cell. Now extra data such as Wi-Fi hotspot may be there, but sometimes not. But these are the communications, the metadata that are being generated each time. And how long is that being stored? That's what we will see next. Right. This is the important question. How long is this data being stored in the data retention law? The thing was that ten weeks was the... It used to be six months in the old German data retention law and the new one asks for ten weeks, but what that means we have seen with multi-spits and the problem with this data retention is that it is currently ineffective in Germany for the country of north-west failure. But the question is whether the providers voluntarily more or less store all these fields. Anyway, the German magazine Spiegel researched how long providers had been storing before the new data retention law came into force and that's what we've put on this slide here. So internally into network it was between zero and 180 dates depending on the network and we don't quite know how these things are handled today. As I said, data retention is not obligatory for providers these days but that doesn't mean that providers don't act as they did before. There is no guarantee. These data are earlier than the date that the new data retention law came into force. So probably these data voluntarily are being held for quite a time even without an obligation by law. And it's often one month at least with data retention three but sometimes even longer for debugging accounting and sometimes these providers would like to use these data commercially too but that's the subject for another talk. This data, it just looks like a boring table but they tell quite a lot about a certain person. They can tell you this is from the data set that you saw before. You see the network where he connected to. The dots are communication partners and also communication partners and there's maybe somewhere a center point in the center where he is. It's basically a social network but this is not that important. Let's show the other video with the location data. Ah, we didn't add it. I'm sorry. That would be the more important one. The project for eterisches Handiw by site online. We will just try it again. So there it is. This is called a live hack. So this is just from these metadata and the location data from the mobile phone cell where Maltisch Pizza was. In some ranges this is quite exact because you know exactly where the tenors are and you see where somebody is which congresses it, somebody attends where people sleep and where people sleep when they don't sleep at home. These are all data about just one person. With the mobile phone cell query there's not just data from one person but from all persons in a particular cell. One example of such a query that happened that the police of Berlin did. This is the starting point how the police wanted the right to the... To a judge. They wanted to start such a query and you see below a query of mobile phone cells where this query shall be done. And these days they're usually not the cells written by themselves because that's a lot of work to find all the data for GSM, UMTS, for all providers. Usually these days the police only adds the location, Berlin street, etc. and then the network providers search out which cells are relevant. That's a theory but in practice we visualize this a lot. For example, in Berlin there were a series of crimes that they wanted to investigate and the police came, they had this location and you see in the circles which cell phone towers are resettable in this street and the police asked the operators to just give out all of them in the hope to find an entry of who did this, who did it and they found thousands, 100,000 of data sets. So you see that contrast in the first video you had one person only. This is now the reverse case. You don't ask for one cell phone number. You ask for many cells and take the data of everybody who was in these cells and in the Berlin Central City this might be tens of thousands of people, tourists, inhabitants. Unfortunately we cannot show you a live data set. The argumentation often is these data are just cell phone numbers it's not that big deal, etc. But that's a problem which is solvable with the so-called Bestehenabfrage. Asking phone providers for their customer data. It's also called a federal phone book and there are over 100 authorities which are entitled to do such a query which number is registered to which person and it's done that often. Last year there were 12.5 million queries. It's one, 2.5 minutes. So if somebody says I have just a cell phone number and no person behind it authorities can find it out. There are a lot of authorities which could do that. Police even without a judge and they can be authorized quite easily and a police officer can do it without any further authorization and also the operators they need to provide an automated way of giving out this data and there are APIs which the police can use and so that's also why we have that a big number of queries and that's also quite a bit of a backdoor of the data retention law. Well, this is a backdoor for the data retention law. You don't need a judge which needs to say it's not just criminal cases but also customs information. Lots of authorities have access to this data and also in criminal investigations this is not always very helpful because these data are not very reliable because often it is the case that the data simply get outdated because SIM cards are being passed on to others inside the same shared flat. The phone, the flat line is registered to one person who's long moved out so you can't get so far with that data. Companies sometimes register hundreds of SIMs for their staff and you never know who exactly has which individual SIM card and of course you can use that as an opportunity to protect your own data as even the Federal Office for Information Security admits because they in a somewhat older publication but it's still on their website, I checked why don't you use prepaid cards for anonymizations? You have no bill, you don't need a bank account you can just pay and charge and they then said swapping data and prepaid cards without ID checks that's a great way of protecting your identity effectively from mobile phone operators. This is what the state says on the one hand and with the other hand they prohibit this there was a law in two years ago that disallowed unregistered prepaid cards beforehand in theory you would have to register but the registration did not have to be checked so you could register someone called Mickey Mouse or Andre Meister perhaps, hopefully don't use, don't do that don't register them in my name Right, but now the ID cards have to be given or if you speak with click workers you have to register that somehow but that is a loophole that was closed in Germany but Germany isn't alone in the world and in the EU it's not like that at all only the countries in red have a registration obligation in Austria the law is a few months old but they fell by the wayside too, they are red now but not the UK for example and this is in a place where EU roaming exists so you could actually buy a SIM card in any other country and use it here and the EU has actually noticed that there is not much use in using this for terror defence but in any case if you travel internationally it's surprising that sometimes you arrive at some airport and buy a SIM card without showing an ID at all or something regarding the fact that that gives you much better data at tariffs so in the UK for 20 pounds you can buy 50 gigabytes I noticed without an ID card by the way so I paid with my precarious card but if I had paid in cash it wouldn't have been able to track me or trace that back to me so that's a very typical example for a so-called anti-terror law that the real terrorists are not shocked by at all and it's one of the most easiest exercises next to getting some detonating chemicals and some TNT to get an ID card and having seen one example of mobile phone queries in authorities everyday life let's look at what this is based on so how much is this used and the next slide will show you how often vehicles were set on fire in Berlin that was the series of crimes that we mentioned earlier so it turns out it was a frustrated unemployed person whose girlfriend had broken up with him but connected to every single week of fire they made these mobile phone queries that it looks like and that is an explanation for the number of phone queries that happened in Berlin and that was more than one every day and that generated a lot of data sets 50 million with 11 million different phone numbers so far more probably than live in Berlin or in the area there are about in the agglomeration there's about 4 million people one and a half mobiles per person perhaps and then you add people from abroad or other federal states that come to Berlin and that get into the dragnet of this investigation but then of course Berlin is not alone in the world there are nice other places such as Dresden this is a simple image for Dresden an AFD supporter far right alternative for Germany and this is a place where the oldest cases of mobile phone queries went public in 2011 they received the Big Brother Award in 2012 and this was a Nazi march in memory of some Nazi encode heroes and there were counter demonstrations and massive amounts of phone queries to place and in that event more than 900,000 communications data records landed at the police with a quarter of a million phone numbers and then also they had 40,000 phone numbers that they somehow found interesting and for those they asked for the customer data at the operators and that's what made mobile phone queries very well known or perhaps we should say ominous in the public debate and the debate also was about the fact that this mainly affected areas where there were demonstrations it was not just an intuition into telecommunications secrecy but also into the basic rights of freedom of assembly because of course this had a strong chilling effect if the fact that you have taken part in a demonstration will immediately land you in police computers of course there's some time ago we have current numbers from the state of Saxony where the police sometimes use these kinds of insignia as shown in the slide and the numbers are not always comparable there were probably a few more phone queries there per court case but the numbers were high and far more than one per day and concerning the federal level a few numbers the federal criminal police office performed 125 phone queries customs 96 altogether 570 so two per day in 2017 for Germany we don't have overall numbers for Germany the individual federal states interestingly not all states publish these statistics or actually have these statistics but we assume that there is at least one per federal state per day and we assume to assume that the other states will not use this and then we have unfortunately we only have figures for some federal states where there was particular political pressure concerning the topic of mobile phone queries and where this was placed on the political agenda and the state parlance then said please government give us your numbers but there are no comparable numbers across federal states there are not numbers from every state and there are no numbers across the whole federal state of the federal republic and there is one statistic that is not very useful because it doesn't distinguish between targeted queries and mass queries and we therefore kind of try to estimate what the numbers are and we believe that it is one query per day and the problem with statistics is that it's one paragraph in the criminal code or the criminal process code and that is for all kinds of mobile phone queries whether it's individual or mass queries so it's a bit hard to register this and the complete dark zone another complete dark zone is the area of secret services you see the previous head of the interior intelligence service Mr. Massen here we know that all the services do this but we have no figures at all we have tried for this talk to have get some international data and we use our EU networks and unfortunately it is the same as with all the federal states in Germany there are valid states that actually register these numbers and make them publicly accessible that is amazing the police and investigating authorities do not want to have this topic in the public debate in one friendly state in Denmark we saw we learnt that there were 374 queries last year again that's about one per year and that points to the impression that this is done a bit less than in Germany but then Denmark has fewer residents and maybe they don't have so many vehicle arson attacks interestingly a comparison with the US T-Mobile one of the large operators in the US reports for 2017 4,855 mobile phone queries across the country and that is only one operator but not the largest and if you try to scale the numbers up you again get about one mobile phone separately per US state and they are a bit more actually and regarding the operators in Germany a phone query is always performed with all operators because you want the complete set of course in case of doubts all networks that cover certain area I've never seen a phone query that was just put to one individual operator but anyway that's so much about statistics and we then ask ourselves if this is the scale at which it is used the data protection commissioner talks about a standard measure then it will be interesting to know what the legal basis for this is and there is no use a bit of law will be necessary if you look at the criminal court case code and we've cut it down to the necessary sentences which authorities are allowed to conduct these queries and it requires a suspicion that one of the particularly severe crimes has been committed that's what the criminal procedure code says not just severe but particularly severe and these particularly severe crimes have to be very severe in the individual case so if you consider the wording there are two hurdles here and the investigation of the fact can be very much more difficult in other ways and the data which of course as we said could be the data of hundreds or thousands of people that most of all are completely innocent so there has to be a proportionate amount of data proportionate to the relevance of the issue in question so it could be terrorism, murder perhaps that's what you would think as in practice things are different simple image this is Berlin police these are the guys who we got there statistics we got and we checked how many terror cases there were none manslaughter is about one percent and murder is about two percent sexual harassment about five so these could be the cases where we might agree but in the overall statistics this is negligible and the decisive crime which led to mobile phones was theft 72 percent three quarters of all mobile phones various theft crimes so you can have a large question mark on whether these are particularly severe crimes and other crimes that play a prominent role here for example drugs quite far up the list with all surveillance measures that we look at drugs are fairly about the first as soon as a new measure is introduced we remember the Bavarian state Georgian what was this about Anabolica someone from the Czech Republic shipped too many pills and another prominent thing theft handbag theft for example handbag robbed nothing in it then thrown away sure so let's have a mobile phone circuit all of Berlin please and very important credit card fraud again mobile phone circuit is used whatever for and another issue where we do agree that this is very severe crime beer barrel crimes 120 stolen that is a severe crime at a value of 33,600 euros no no question that is a very severe severe crime the Berlin data privacy commissioner after we introduced this data which is six years ago he went and asked the prosecuting authorities for the data when were these queries and he analyzed this and then he published a report which can be seen on netspolitik.org and that is quite a shocking report it should be used only in exceptional cases but his conclusion is that is obviously this obviously has become an everyday routine measure and also one that is done without adherence to the criminal the legal foundations the conditions it's not our words the mentioned words a quote and of course he's no longer in office but the employees that were involved are still in place and they're very active ones fortunately and there were some structural defects that they found proportionality is always neglected checking that and very importantly the rights of the people concerned are ignored because they would have to go to court if in a secret investigative measure they come into that dragnet there's a very important background because if you intrude into someone's privacy that's always in violation of a basic rights so according to constitution court jurisdiction it's even worse if it's done in secret so these incisions have to be in public and if that's not a human case then the secrecy has to be removed as soon as possible to mitigate the violation of the basic law that's very clear and it does is implemented in the criminal procedure code these are an extract from the law the people concerned have to be notified so homo few has been notified already no hands up we also don't know anybody and what is the reason for it the prosecutors prosecutors thank you so they say that there was no interest to notify somebody we didn't know that somebody wanted to be interested notified and then an activist our friend activist said that he would be notified and then both that's really difficult because it's not your decision and if we need to have a register of everybody who would want to be registered very difficult alternatively why he also tried by copying his his mobile contract so to make sure he's authorized there's also a passage in the law which which clears this in detail and it's not it's not clear for me how this passage is interpreted love letters only next answer from was the prosecutors we don't have any addresses and we cannot check them because this would be a severe severe thing well they would not need any names of addresses and addresses because they have all phone numbers they could in theories and sms's or call seems simple but then these guys took care of the of the problem that's the pirate fraction of the upcourt in the house the Berlin parliament the general parliament Berlin and there was a hearing parliament that discussed the option of notifying via calls or sms and they actually managed to build up enough public pressure that the coalition in Berlin the social democrats and christian union that they actually passed resolved that such a notification system should be installed and that was of course severe resistance from the Berlin prosecuting authorities here's the head of that authority and he said well if we do this that's such a lot of work for our prosecutors we will not get anything else done and we still can't see any progress in the notification but fortunately the Berlin parliament didn't react and they actually passed this resolution but nothing happened nothing happened and there was the great coalition and thomas hyman was the he he did he tried to solve this programmatically he in the evening at 9 p.m my phone my phone rang and then thomas hyman he asked that i could program so the tried to torpedo it because it cost too much money and thomas hyman asked thought who got who got build it i wrote the concept nothing happened first i don't know the background etc the union has just not reacted to the parliament then we needed a real action 2006 there was a red red green coalition and we took contact to them very fast i got a contract to to do such a notification system and in 2018 this went live so this is the mobile phone system of the state of Berlin don't don't rejoice too soon but this is the first system across the country that we got running this is a transparency system the first attempt in Germany to register mobile phone or the affected people and inform them how does this work we'll show you a few screenshots you have to register with this system that is the rules that the Berlin parliament passed so you enter your phone number and you then get you receive a text message with a pin, a confirmation code which you enter on the website you click ok and then you receive a message saying that you are now registered with the mobile phone security transparency system and everyone knows that then later when that notification is actually triggered you receive a message like this we want to send a text message with a code like this and you get a map showing you at which point and at what time you were caught in the net and this is the first time that this law is actually implemented but it's only a small first step so we'll just play a bit of angel and devil why do I have to register and why am I not notified if I don't register as the law says yeah well the former answer would be because the parliament passed the law passed the resolution but there is a factual answer as well and that is that you never quite know who the actual user of a mobile phone number is we did say that the asking for customers data is not a very reliable way at the operators they don't always know who the actual users are and with this registration that you have to repeat every three months we want to ensure that the number is actually from the time of registration over the phone secondary and the notification is used by the same person and why three months because my phone providers I will submit reassigned numbers after three months so if you have this three month interval you can be pretty sure that a number that is actually in disuse in between is not going to reassign in that same period and then the registration expires and would have to be repeated so if I would forget this registration text messages I am out right yes yes that is the case but I didn't find any better solution if one of the intelligent people in the room would have any better way I will be happy to hear your advice but it doesn't seem to be possibly any other way without actually handing in any identification because that is what we don't want we want to minimize the data and for how long has this been live I think mid 13th November it went live and how many people were notified the information notifications will only start next year there is two states yes it does sound absurd but there is a reason again because we can only inform about mobile phone queries that happened after registration because otherwise we cannot make sure that it's the same person using them we might inform people about phone queries that happened actually to previous users that's there's no other way to do this but that's a procedural problem and we hope that by next summer we'll send out the first notifications and won't that generate a database of interesting phone numbers of potential rebels yes that is another example a disadvantage I admit we tried to mitigate that administratively somehow because this list could be stored with the police or the prosecuting authorities that we did not do it is held at the justice administrative department of the Berlin government so that's one step away of the actual investigation authorities and the interior secret service and it has to be said that we can never be 100% sure that these data at some point will be shared if there is a kind of political will but I can say that there has been has not been such an attempt and of course the cell data has been passed on anyway and why on this website do I have to enrich individually why aren't simply all the queries shown that is another interesting question the phone queries to publish them is not actually provided for in the procedural code and the parliament would have to resolve that this should happen as well there is no legal basis therefore I'm interested in whether Berlin on its own can do this or whether this needs federal legislation but we don't have the legal basis right now and of course the URLs wouldn't have to be cryptic and so yeah that is true that's an interesting suggestion from Andre that I took up the ticket has been added and we'll see what we can do as I said this is a pilot project that Berlin as the first federal state has set up and I was very happy to hear that other federal states were clearly interested in taking over the system and using it too and so if we can build it in a way we can build it in a way that other states could use it that could be software as a service or something how many have registered ah some hands so you all can do this in the queue well we didn't actually give you the URL that's fts.berlin.e I hope you will not going to run a DDoS attack on it now okay but then notifications only the minimal consensus of what the law says now that we have six years of a parliamentary resolution that is bad enough to let people actually know how many queries to take place but that's only the basis for the population actually considering whether they like this procedure and for which cases and a while ago I asked the police of Munich here is a simple image with the Munich Interior Minister why they don't keep that data and they said well we don't want to make every criminal aware that they should switch off their mobiles apparently criminals never switch off their phones particularly you get the spontaneous criminals this way if someone spontaneously draws a knife then yes of course that person will not have the time to switch off their phone but maybe they won't make a call in that time but the success of mobile phone security is actually very very low that would be it's more suspicion than actually identify identification and proof there is very little actual statement about successes from mobile phone security who could imagine a lot in theory but concrete evidence statistics this conviction was only possible because of mobile phone security I haven't heard of and you probably don't know that either right so if you all know how often such queries take place if we receive text messages then of course the question is what do you do against that so one thing is don't take your mobile phone or use an absurdly newest paid card or another possibility is to become politically active this this is not this is too much surveillance which should be yeah should not be that way and the metadata which are analyzed with the cellphone query are exactly these which are used in data retention that's data retention which is done for every one it's not just for a terrorist every one is being is being under surveillance it's thousands, ten thousands, hundreds of thousands of people and also the data retention law needs to go away and the various experiments of the German law makers have were not that successful we should be more pragmatic the law maker is becoming reticulous so politically the cell phone cell query it's not that a big topic with the different parties the data protection officer he said it's not as a small step I would wish to restore the so it should be ensured that this measure is always used with the most severe of crimes and that's then something you could discuss politically and where should the cut of the I guess it should be about five years of expected prison sentence that's what we could call a severe crime so you could change the law saying that the judge would have to justify in a concrete case on the basis of the current evidence a sentence of at least five years should be expected to have that in the law and actually give a reason that would lead to mobile phone cell queries for theft for example becoming illegal and would no longer occur but we it would be really good if the existing laws would be passed by police and we analysed for political parties in Germany said to the data retention and phone cell queries we have this from CDU and CSU these are the party manifestos for the last federal elections in 2017 so we don't know in detail about it but well we expected that they are looking for it clear words from Bavaria CSU says that we need to do more queries and the serious secret service was to be authorized to use metadata so the social democrats shall I do them? we are going to the social democrats and our election program nothing there is nothing about these topics but it was always the social democrats that brought us these laws they were the ones responsible for these laws so if you expect from the social democrats that they would go against data retention and phone cell queries no, it won't happen maybe it's something else with the free democrats they would have a judgment a judge to authorize the queries and they said that they don't want master violence of people who did nothing and they did call for these measures to be reduced and some of these measures could completely be put into law and the left party is actually the only of the large parties that clearly and unequivocally has said that they are against this in their manifesto they write that we want to secure the right to self-determination against data retention, against phone cell queries video surveillance and dragnet surveillance and they are they are where I am more or less they want to strengthen proportionality and they are against data retention it's much more effective they write to use proportionate measures to monitor individuals who have given cause other than instead of having 80 million people monitored without the cause by data retention of phone cell queries these measures one party is missing the alternative for Deutschland what do they say? nothing in their manifesto but well seriously as if they were against surveillance and who votes for Nazis because they were against phone cell queries has very different problems actually as a whole lot of other problems right this is the timeline for data retention a view to history in 2016 the current data retention law came into force and then a few months ago it failed at the court in north from Westphalia and we wait for the constitution court or the european court of justice to officially abolish it and get rid of data retention with mobile phone cell queries we know of no concrete legal legislative measures we showed you one particular measure how you can mitigate things with the transparency system that is a step towards more transparency what I like and if they have to expect that their measures get known and that someone will get legal recalls that in my view of course I'm biased it's not in panacea it will be necessary to reduce these measures by law but transparency and monitoring from a law point of view will improve things and the next year surely probably will be the year when the constitution court in germany will most likely rule on data retention and particularly with the european court of justice judgments we assume that mass surveillance of everyone's mobile phone data will be judged to be in violation of basic rights and we're looking forward to the procedure in Karlsruhe and that's it from us about phone cell queries surveillance for everyone and we're looking forward to the q&a yes super, thank you great, thanks now we have the first people queuing up for q&a let's start with microphone tour please microphone is open so mic is open I'm Sasha, hi I'm of the newbies about here I really like what you do but how relevant is it you say one inquiry per county per day seems pretty low to me we have 60,000 phone cells how relevant is it we didn't calculate this or estimate this I assume that every person in germany has been caught will be caught in a phone circuit at least once a month and if that was me I would at least like to know this and if I am suspected of a crime then if I'm not suspected of a crime then that should definitely stop thank you questions from the internet yes is there templates to get my personal data without having a judge approve it because there was a cdpr query thank you I personally don't know any template letters I know that Malta had to go to the courts to obtain his data from telecom and there was no actual judgment but a settlement that tells me that telecom in the end was willing to talk I don't know how they would behave today if you would go to them so I can't tell you and I can't give you any templates I would always encourage doubt that before you go to a lawyer you should talk to your privacy commissioners they are often very helpful and they often have good contacts in civil society so that would be free and you could get a creative kind of help microphone number 4 for me the following question arises you said that it's not proportionate but this should be it should only be with the severe crimes when if before the court then if the defense argues that these data cannot be used well I have to say that mostly data that's obtained illegally can be used and called in the US these are much sicker laws it's not what you know from the movies but in Germany there is it's almost always possible even if an investigative measure is illegal the data can normally be used and I can hardly imagine how mobile phone secretary can be done with such a great violation of the law that it cannot be used it's not so there is no incentive to act legally and that's not the case in the US because investigators have to take much care not to violate the law because then the court case will blow up but here the courts of the strict conviction that police officers do not need to be disciplined in that way as you can easily see thank you we don't have that much time anymore microphone 1 and then microphone 3 hi thank you for the talk what happens with the data after such such a query how long are you stored somewhere at the police that is a good question we didn't actually talk about this much here the police authorities do this in software I have tried to ask them which software they use there was something self made they had something called electronic files and they actually put this into exo sheets at some point but they blew up on them because the data became too large and then there is a software called IBS and IBM has a software they try to find cross hits for example with those vehicle arson attacks which phones are present in several in several locations and that leads me to the point they try to find this data through different instances if they do not use that data any longer they have to delete it but the state of Berlin actually verified how this is done and he noticed that after many years these data existed in the file and also it said that these data should only be used as a last resort and it turned out that they run the query, put it on a CD and don't even look at the data so that you can assume that they are deleted soon but no, that's not happening the losses data should be deleted as soon as the court case is legally over or once the legal term has expired and that would be quite a long time expiry deadlines are 10 or 20 years but I at least can say about Berlin that the police are trying hard to be legal to act legally and restrict the access to these data André already mentioned that things are put on a CD so they are out of the regular system you put the CD into the file and therefore you can't easily access it only if you actually look into the file so generally police were extremely cooperative also when we evaluated the system I wasn't that sure but my experience was very good they do seem to want their system in Berlin the civil servants I was dealing with for some reason whether that's a PR measure whether they are afraid that they would have to manually process these queries I don't know but they were very cooperative and thank you last question your question please hi, hello nice talk each car has a telemetry box they have SIM cards and will each car be tracked in the future we'll be registering this measure that is for sure phone secretaries will capture this data retention will capture this and then there is this e-call yes with the mobile phone secretary we have just one mosaic piece one puzzle piece of the whole set surveillance measures car surveillance there is a lot we are in the year 5 or 6 after snow so there are all kinds of surveillance technologies out there car surveillance using the mobile SIMs that are in there that's a wide area of course but these data will be registered in phone secretaries thank you thank you very much a great applause for our speakers Andrei and Ulf