According to secret documents, the U.S. intelligence agency NSA has been able to read data from SIM cards in cell phones and smartphones since 2010. The company that manufactures these sim cards also builds the chips for the electronic health card (eGK) for 25 million people insured with the AOK, as well as card readers for doctors' offices. The action alliance "Stop the e-card" concludes that there can be no data security with the eGK and advocates the abolition of the card. The latest publications from Edward Snowden's documents show this quite clearly, the alliance informs us.
"After 11 years of unsuccessful planning, it should finally be stopped," said the spokesperson for the "Stop the e-Card" campaign, Silke Luder. According to the Snowden documents, the intelligence services of the U.S. and the U.K. succeeded as early as 2010 in overcoming security concepts of a smart card manufacturer and obtaining their security keys undetected until now.
"If until today this data leak has not come to the attention of the operators of the company, it means that internal controls must have failed completely. So there is no security with the electronic cards now being ied," said security expert Rolf Lenkewitz. "The potential impact alone calls for an immediate halt to the eGK and telematic infrastructure. The information obtained by the intelligence services could be the building blocks to compromise, at any time in the future, this largest IT project in Europe, and to access and abuse the most sensitive and protectable data of insured people."
Hartmut Pohl, a member of the advisory board of the International Security Academy and spokesman for the "Data Protection and IT Security" presidential working group of the German Informatics Society, also warned of the consequences: "This is not the first time that a trust center has been cracked by security authorities and intelligence services such as the NSA and all security keys could be read out. The successful attack techniques also work for SIM cards and cell phone keys, electronic ID cards and passports, credit and debit cards, electronic door openers, TAN generators, the eGK …" According to Pohl, far more than 50 are likely to be in use in Germany currently.000 of the most important servers in companies, government and administration to be equipped with so-called backdoors of the NSA (Strategic Servers).
Other major manufacturers of electronic health cards in Germany are also said to have been targeted in the intelligence attacks. None of the planned applications in the eGK project can be implemented with the chip cards ied: neither can sensitive social or medical data be sent online, nor can emergency data, organ donation cards and medication data be stored on the eGK, nor can the card be used as a key for creating an electronic patient file."
"Stop the e-Card" is a broad alliance of 54 civil rights organizations, data protectionists, and patient and physician associations. Among others, the Working Group on Data Retention, Digitalcourage, Chaos Computer Club, IPPNW, Freie arzteschaft, NAV-Virchowbund and Deutsche AIDS-Hilfe are among them. The alliance demands that the failed billion-dollar project be discontinued and that the planned further funds be invested in good medical treatment and in secure decentralized modern communication channels in medicine. All plans for the new e-health law of the black-red coalition would have to be stopped.
Proponents of the eGK point to the economic benefits of modernizing the IT of the German healthcare system. Medical economist Wilfried von Eiff of the HHL Leipzig Graduate School of Management cites the reduction of treatment costs by avoiding duplicate examinations. Patient treatment could be more targeted, he said, through easier availability of laboratory findings, imaging data and progress monitoring of important parameters. Cost savings could be achieved through direct billing between doctors, pharmacists and health insurers – estimates ame approx. 200 million euros per year – as well as be realized by avoiding an estimated 1 billion euros in insurance fraud annually. "The cost of introducing the electronic health card is estimated at approx. 1.5 billion euros," says von Eiff. "In contrast, experts ame that savings in the healthcare system can be achieved through the electronic health card, which corresponds to a reduction in the contribution rate of the statutory health insurance in the amount of 3.7 percentage points."
Given the economic benefits and improved medical treatment, fears of data misuse should not be overstated, he says. "The fear of misuse of sensitive data by employers or insurers often outweighs the benefit to the individual patient in an emergency," von Eiff said.