Leaked Oversight Report Shows Illegal Surveillance, Massive Constitutional Violations By Germany's Intelligence Service

from the the-Snowden-Effect-continues dept

Tue, Sep 20th 2016 3:23am — Tim Cushing

German website Netzpolitik might be headed for another treason investigation. The German government went after the site once for publishing leaked documents detailing mass surveillance operations and it may do so again after its latest publication.

The site has obtained a classified report from the country's intelligence oversight office that shows the BND (Germany's intelligence service) illegally collected and stored data and information obtained via its partnership with the NSA.

The report’s executive summary describes serious violations of the law [emphasis added]:

The BND has illegally and massively restricted my supervision authority on several occasions. A comprehensive and efficient control was not possible.

Contrary to its explicit obligation by law, the BND has created [seven] databases without an establishing order and used them (for many years), thus disregarding fundamental principles of legality. Under current law, the data saved in these databases have to be deleted immediately. They may not be used further.

Although this inspection was only focused on the BND station in Bad Aibling, I found serious legal violations, which are of outstanding importance and concern core areas of the BND’s mission.

The BND has collected personal data without a legal basis and has processed it systematically. The BND’s claim that this information is essential, cannot substitute a missing legal basis. Limitations of fundamental rights always need to be based on law.

German (constitutional) law […] also applies to personal data which the BND has collected abroad and processes domestically. These constitutional restrictions have to be strictly abided by the BND.

Some of what was illegally gathered and stored was obtained via the NSA's XKeyscore program, which harvests email, online chats, and browser histories in bulk. The report notes that the indiscriminate collection of data and communications was subject to very little in the way of minimization, resulting in plenty of non-targets being swept up in the dragnet and their data/communications dumped into the BND's databases.

Because of its […] systematic conception, XKEYSCORE – indisputedly – collects […] also a great number of personal data of irreproachable persons. The BND is not capable of substantiating their number […]. In one case I checked, the ratio was 1:15, i.e. for one target person, personal data of fifteen irreproachable persons were collected and stored, which were – indisputably – not required by the BND to fulfill its tasks […].

The collection and processing of these data are profound violations of [the] BND law.

These infringements of constitutional rights are conducted without any legal basis and thus harm the constitutional right of informational self-determination of irreproachable persons. Furthermore, these infringements of constitutional rights result from the inappropriately – and thus disproportionately – large scale of these measures, i.e. the inappropriately large number of irreproachable persons surveilled […].

Not only did the BND harvest in bulk, but it also passed on this 1:15 collection unminimized to the NSA.

The amazing part of this leaked report is that it only details the violations of a single BND collection outpost. There are seven more in Germany yet to be examined. On top of that, the oversight body couldn't even get a clear picture of the illegal activities occurring at this single station. There were just too many of them.

This "storage and processing of personal metadata in VERAS is subject to the BND law and subsidiarily to the Federal Data Protection Act". But in many aspects the Data Protection Commissioner was hindered from examining the data properly. When requesting only the retained data of individuals protected by fundamental rights, the database had too many be displayed. Thus, she gradually reduced the time frame: "90 days, 30 days, 1 day". Still too many hits:

In none of the these cases, the system was able to display the hits because the number exceeded the limit of 15,002 – not even in the case of the least possible time restriction of one day.

This means the Federal Data Protection Commissioner was not able to examine the contents of the massive meta data retention. Additionally, she was not able to check how the BND used personal data, because: There are no logs.

The BND is neither aware of the kind or the scope of logs, nor was it technologically possible to access the log data of VERAS 6. Further, there existed no technical capability to analyze the logs.

Unfortunately, the violations found by the Data Protection Commissioner have since been codified into law. The BND is harvesting even more than it was when it was inspected, having just finished a 300 million euro revamp of its surveillance tech. Much like here in the US pre-Snowden, the oversight in Germany is relatively toothless. Whatever exists will be actively thwarted by intelligence agencies (the report states that BND deleted logs the Commissioner asked to examine) or by other legislators who are always willing to sacrifice the public's rights for national security.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bnd, germany, leaks, mass surveillance, nsa, privacy, surveillance

16 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Lord Lidl of Cheem (profile), 20 Sep 2016 @ 3:59am

A small part of me wonders if Snowden himself is a conspiracy - a means for the world governments to get there surveillance capabilities out there so that they can be be made legal and extended so they can freely prosecute people under them and be rid of the whole parallel construction business.
[ link to this | view in chronology ]
- Anonymous Coward, 20 Sep 2016 @ 6:14am
  
  Re:
  Yeah, a sensitive, intelligent government contractor sticking his neck out fighting for the privacy of common people, and acting beyond reproach despite the dirt and propaganda against him... ludicrous! they could have made him a little more believable though.
  [ link to this | view in chronology ]
- Padpaw (profile), 20 Sep 2016 @ 10:12am
  
  Re:
  unlikely considering just how well they worked when they were kept secret. Are continuing to work since they still refuse to disclose what laws they keep breaking.
  [ link to this | view in chronology ]
- Anonymous Coward, 20 Sep 2016 @ 12:21pm
  
  Re:
  Know the scenario you describe is one that's considered at least somewhat probable in corners of the internet inhabited by those who concern themselves with such scenarios.
  
  Practically though, it doesn't matter if what you describe was, in fact, Snowden's true mission. Snowden's dire warning that high ranking criminal actors have coopted our government for power and profit - who currently seek to steal our tax dollars, decimate our democracy, and make us all exponentially less safe - stands on it's own. Snowden himself could be a drug dealing, pedophile, terrorist/satanist and it wouldn't make even the slightest bit of difference.
  
  Does the police detective care that the evidence to convict a murderer came from a murderer? Of course not. Should we care that the evidence of wildly criminal behavior by high ranking individuals in our government might have come from one of their agents? Of course not.
  
  In fact, much like a police interrogator, I whole heartedly encourage them to just keep on talking. Go ahead guys, get it all off your chest. Because with each leak (official or not), the evidence of their criminality stacks against them. With each executive order, FISA farse, unjust/fake law they pass after the fact to retroactively cover up their crimes, they delegitimize their authority in significant, perhaps unrecoverable, ways.
  
  Whatever the intention of all their unbelievably lame propaganda, they've made one thing perfectly clear, they consider 'We the People' to be their adversaries. And no matter how much 'We the People' would gladly partner with a legitimate intelligence community, the fact remains that by them making us their adversary, they've made themselves, ours.
  [ link to this | view in chronology ]
Anonymous Coward, 20 Sep 2016 @ 4:51am

I'm sure the BND will go arrest themselves now.
No, wait, they'll go after whoever exposed them instead.
[ link to this | view in chronology ]
Lisboeta, 20 Sep 2016 @ 5:10am

OK, we knew it was bad. But *this* bad?
[ link to this | view in chronology ]
Anonymous Coward, 20 Sep 2016 @ 6:25am

Intelligence agencies have all gone rogue
It seems to me that the intelligence agencies have all gone rogue, all go with little to no oversight, all stonewall what little oversight there is and basically exist as entities outside the purview of government. Maybe their surveillance has paid off, they have dirt on everyone, event he oversight committees and can now operate all on their own?
[ link to this | view in chronology ]
- Anonymous Coward, 20 Sep 2016 @ 6:45am
  
  Re: Intelligence agencies have all gone rogue
  They're probably just in bed and/or drinking buddies with the oversight committees. It's everyone else they have dirt on.
  [ link to this | view in chronology ]
- Stig, 26 Sep 2016 @ 12:33pm
  
  Re: Intelligence agencies have all gone rogue
  If they do, that would be our info, the ordinary citizen's, to use as we wish, not theirs to use against us. And, yet, isn't it about time that the citizens of the world use this incredibly invasive technology to keep our own elected officials, and even some un-elected corporate types who hold great political sway, on the straight and narrow? How? Just like an Olympic athlete whose blood is a permanent record of the owners behavior, a permanent record, both video and audio 24/7, of our so-called leaders should be maintained and reviewed regularly, by the electorate, so that their honesty and the integrity of the office they hold, remain beyond repute. In other words, turn the table on a system of control that has no place in the world we have created for ourselves.
  [ link to this | view in chronology ]
Yellow Beard with matching socks, 20 Sep 2016 @ 8:28am

Germans spying? I don't beleive it
Seriously the Nazis won WWII when the OSS hired basically the entire remaining SS to spy on the soviets(which they didn't actually do) the result was german intelligence and a total take over of the US government by nazis, dullas bush etc it's no wonder we are where we are
[ link to this | view in chronology ]
Sman88, 20 Sep 2016 @ 9:26am

So Germany is turning into the Stassi again.
[ link to this | view in chronology ]
- Merkel, 21 Sep 2016 @ 4:18pm
  
  Re:
  No, no, no... This time we'll do it properly. Trust me.
  [ link to this | view in chronology ]
Padpaw (profile), 20 Sep 2016 @ 10:06am

For those running their current government Hitler's legacy is something they aspire to recreate for the average citizen it is the most shameful part of their nations history
[ link to this | view in chronology ]
Alex, 20 Sep 2016 @ 11:25am

The Federal Data Protection Commissioner is *not* an "intelligence oversight office". The oversight of Germany's intelligence services belongs to the parliamentary control committee and the parliamentary G-10 commission. Both get their information about BND's actions through the Chancellery's office for intelligence services.

This investigation/report was done independently and triggered through numerous testimonials of officials in front of the German NSA investigation committee.
[ link to this | view in chronology ]
Ninja (profile), 20 Sep 2016 @ 1:07pm

History
It seems we've learned nothing from it.
[ link to this | view in chronology ]
Anonymous Coward, 20 Sep 2016 @ 11:03pm

I seem to remember Merkel throwing a hissy fit about the revelations from the NSA leaks. Turns out her backyard was as much of a stinky pigsty like the one from over the pond. Is she going to throw another hissy fit, I wonder?
[ link to this | view in chronology ]