03/2020 Home office at the time of corona pandemic
Since the end of 2019, the lung disease COVID-19 triggered by new coronavirus SARS-CoV-2 has been spreading rapidly, has reached Europe in the meanwhile and has quickly developed into a global pandemic. "Flatten the Curve" is now the order of the day: the spread of infections has to be slowed down as much as possible to prevent the health care system from collapsing. Now, more and more companies are preparing for home office. This is not just a tool to slow the spread, but in worst case the only way to keep the business going. Groupware functions and cloud services are fundamental for a functioning home office.
Businesses can help keep the contagion curve flat. As a precautionary measure to prevent the virus from spreading, people are working exclusively in their home office for several weeks and reduce contact to other people to a minimum. Even the absence of work and the lack of direct contact between the workforces can slow down the spread of the corona pandemic.
The right equipment: Compared to a large monitor with keyboard, a laptop is not an equivalent work tool. Tips for setting up the workplace and aligning the desk and office chair can be found, for example, at https://media.t3n.de/redaktion/homeofficeguide/t3n_Homeoffice_Guide.pdf. There you will also find tips on digital offers for children and important hygiene advices for time at home.
The exchange of data should generally only be encrypted (TLS/SSL) and take place via a virtual private network (VPN), which is set up by the IT department. In order to be able to protect and exchange company-internal data securely, a VPN is necessary and must be provided with a safe operating concept, so that no hole is torn in company-internal IT security measures. In this way, employees can be provided with secure access to the company's internal network. If you want to exchange data quickly, easily and independently from end devices in another way, you will find an alternative with open source clouds. Since numerous public cloud storage services are not compatible with the GDPR, alternatives such as Nextcloud should be used:
The distance also changes the communication structures of the teams internally and externally. Messenger programs and the possibility of video conferencing are an important tool for collaboration in remote workplaces. There are also challenges here: The video connection may not work if employees live in an area that is not yet connected to fiber optics or the bandwidth for the private connection could not allow a bandwidth to be linked to professional requirements. For video conferencing, there should be a technical infrastructure with upload speeds of more than 10 Mbit/s if possible. Project management tools help planning projects and to-dos, given they are not already integrated as accompanying project structures anyway.
In general, the following applies to IT security issues: All tools used should be discussed and set up with the company's data protection officer. Scammers and other criminals are already trying to use the crisis. IT administrators who otherwise quickly take care of maintenance tasks personally in the office instead of explaining it to all employees must now find other ways of performing their tasks. For remote maintenance, we recommend solutions such as NoMachine or Teamviewer. With these tools employees can access someone else's computer and quickly provide help with IT questions and problems.
Another problem with home office: executives can no longer see their teams working and thus have doubts about their productivity – regardless of whether these doubts are justified or not. Only the results achieved should count in reality, however, there is a different situation at many companies. Regular reports can keep managers up to date and doubts can be proven wrong.
The previous investment in digitization is now paying off for companies. If documents and relevant information are available electronically and processes have been adequately, digitized, permanent work at home office is possible. The current crisis is driving the digitization of working life and integrating the internet into everyday work. If the home office is approached correctly, it can be more productive even for teams than in the office. However, the right hardware and software, a suitable workspace and way of working are essential. Challenges remain, but maybe this is the chance to try out home office with the entire team. In general, we all have to slow down the spread of the corona virus as much as possible and protect the weakest in society. Let us keep the Covid 19 disease rate as low as possible!
If you have any further questions, aixzellent team is available at any time by phone and email.
11/2019 Judgment of the ECJ on (tracking) cookies
At the beginning of October, the European Court of Justice (ECJ) passed a significant judgment on cookie information obligations of website operators, which we would like to inform you about in this news.
Cookies and similar tracking methods may no longer be used unless customers have previously given their consent. The only exception is the operation of technically necessary cookies such as cookies for the login or the shopping cart. According to the court, website owners must now provide detailed information on the collection of cookies on their pages. The usual cookie notes (cookie banners) do not fulfill the requirements of the ECJ for three reasons:
- Users cannot really agree.
- These notes do not clarify anything about the data transfer and data usage in detail.
The judgment is important for everyone who is using cookies in the area of tracking or marketing on their website. It is also important for everyone who has included a Facebook like button or any similar button of social networks (Twitter, Instagram, LinkedIn etc.) on their pages.
The ECJ has also commented on four important issues:
- Website owners are always responsible for privacy violations, along with Facebook and other social networks.
- The unsolicited transmission of user data through the buttons of social networks on websites violates the data protection law.
- Competition associations may charge a fee for websites which have implemented the Facebook like button without consent.
- Cookies which are set up for tracking or advertising purposes must have a real consent of the website visitors. A cookie hint banner is not suitable for this purpose.
The ruling now can also be interpreted as an announcement to the German legislator to readjust German law to the EU rules. It is very likely that this will be closely aligned with the legal requirements of the ECJ.
We would like to point out to you that we are not allowed to offer legal advice. For further information we recommend the following page of the European Commission: https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies
10/2019 Environmental protection by aixzellent
Environmental protection is one of the most important and current challenges of our time. That’s why we implemented those criteria’s into our corporate philosophy a long time ago.
As a company we are aware of our responsibility and therefore focus on sustainable solutions, such as the sensitization of our employees: The sensitization helps us to identify potentials for savings of energy and resources in our company, in the administration, for our business trips and even for our daily way to work. This is implemented and lived by our employees. By video conferencing, switching to public transport or establishing bicycles instead of cars we can reduce a significant amount of our companie’s CO2 emissions.
We also want to promote the energy-efficient use of the Internet. By running our servers exclusively in Germany at the provider Hetzner, we make sure that they are operated with 100% carbon dioxide-free and environmentally friendly hydropower. When selecting hardware or network components we use power consumption as essential criteria. If possible, we rely on the reuse of already manufactured server hardware and avoid energy-consuming and resource-consuming new productions.
More information about our climate-neutral servers can be found here: https://www.hetzner.de/unternehmen/umweltschutz/
09/2019 End-to-end encryption (I)
Increasing cooperations between IT companies and states – Is this the end of secure messaging in Germany?
Billions of data with a standard end-to-end encryption are sent and received daily. Meanwhile the surveillance interests of states and authorities are steadily increasing. For years opponents and proponents of encryption have been forming worldwide.
Many states want to massively expand the hacking capacity of state authorities: Not only authoritarian regimes but more and more western democracies nowadays see encrypted communication as a major threat to public safety. They demand to weaken encryption of communication and the ability to use spyware on smartphones. The encryption keys are managed by large Internet corporations, which can also specify who can access the plain text secretly. Access to these cloud systems or hardware implants for preempted data traffic interception is becoming more and more a focus. The big Internet companies such as Facebook, Google or Amazon are now so powerful that states seek to cooperate with them and the interests of users are taken less care of. The opponents demand a strong and secure encryption which, however, at the same time cannot interfere with investigations. However, a concrete and feasible implementation of such a technical solution does not exist yet.1
Nevertheless, the pressure on suppliers is increasing and is currently very high, especially in the USA. Germany’s position is contradictory, but a turn away from a German cyber security policy seems more and more likely.
"This is demonstrated by the BKA law of June 2017, which legitimizes the use of surveillance Trojans on end devices such as smartphones, or the creation of the Central Information Security Authority (ZITiS), which is to develop the same surveillance solutions. While the encryption software remains technically untouched, the communication on the terminals should instead be read out before encryption by means of state monitoring software."2
In June of this year, according to plans of the Interior Ministry, encrypted messenger services should be forced to set up a listening interface.3 Thus, the operation of a secure messenger within Germany will no longer be possible.
05/2019 Tracking Cookies - Currently still illegal!
• The banners show an overview of all processing operations requiring consent, which can be explained and activated in function.
• Access to privacy and imprint may not be prevented by cookie banners.
• Before and while the banner is being displayed all further scripts from a website or web app are blocked if they can potentially capture user data. Only after approval, the data processing may actually take place.
• A consent must be revocable as simple as possible.
As of late Cookie banners have been appearing almost everywhere. For most of the time they cover the content when visiting a website and require an "accept" or "ok". This could be seen as a direct implication of the General Data Protection Regulation which was released at the end of May 2018. Accordingly, this task should first have been taken over by the European E-Privacy Regulation, which still does not exist. Thus, shortly before the entry into force of the GDPR, a position paper was published which required explicit consent of users regarding site tracking mechanisms. Through creating a user profile these mechanisms are able to track the behavior of people on the internet. According to the position paper the informed consent must "be obtained in the form of a statement or other clearly confirming act before the data processing"1. From the beginning this special route of consent solution was very controversial.
By examining 40 websites of larger providers in early 2019, the Bavarian data protection authority found out that not one provider meets all the strict requirements. Many of the currently displayed banners are clearly unlawful. Especially the missing option of rejecting cookie usage is a common problem. In addition, operators must present the processing of data to users in a transparent and comprehensible manner. In addition to a listing of the individual forms of processing, the function of a specific consent to individual forms of data processing is often absent. Only then will it be possible for users to make decisions with the complete knowledge of the specific situation and to understand the scope of the consent. It has to be acknowledged that in specific cases, the interest of the website provider has to be weighted with the interest and the fundamental rights and freedoms of the individual user. Even after a year, there is still much legal uncertainty in this area.