Leaked Oversight Report Shows Illegal Surveillance, Massive Constitutional Violations By Germany's Intelligence Service

from the the-Snowden-Effect-continues dept

German website Netzpolitik might be headed for another treason investigation. The German government went after the site once for publishing leaked documents detailing mass surveillance operations and it may do so again after its latest publication.

The site has obtained a classified report from the country's intelligence oversight office that shows the BND (Germany's intelligence service) illegally collected and stored data and information obtained via its partnership with the NSA.

The report’s executive summary describes serious violations of the law [emphasis added]:

The BND has illegally and massively restricted my supervision authority on several occasions. A comprehensive and efficient control was not possible.

Contrary to its explicit obligation by law, the BND has created [seven] databases without an establishing order and used them (for many years), thus disregarding fundamental principles of legality. Under current law, the data saved in these databases have to be deleted immediately. They may not be used further.

Although this inspection was only focused on the BND station in Bad Aibling, I found serious legal violations, which are of outstanding importance and concern core areas of the BND’s mission.

The BND has collected personal data without a legal basis and has processed it systematically. The BND’s claim that this information is essential, cannot substitute a missing legal basis. Limitations of fundamental rights always need to be based on law.

German (constitutional) law […] also applies to personal data which the BND has collected abroad and processes domestically. These constitutional restrictions have to be strictly abided by the BND.

Some of what was illegally gathered and stored was obtained via the NSA's XKeyscore program, which harvests email, online chats, and browser histories in bulk. The report notes that the indiscriminate collection of data and communications was subject to very little in the way of minimization, resulting in plenty of non-targets being swept up in the dragnet and their data/communications dumped into the BND's databases.

Because of its […] systematic conception, XKEYSCORE – indisputedly – collects […] also a great number of personal data of irreproachable persons. The BND is not capable of substantiating their number […]. In one case I checked, the ratio was 1:15, i.e. for one target person, personal data of fifteen irreproachable persons were collected and stored, which were – indisputably – not required by the BND to fulfill its tasks […].

The collection and processing of these data are profound violations of [the] BND law.

These infringements of constitutional rights are conducted without any legal basis and thus harm the constitutional right of informational self-determination of irreproachable persons. Furthermore, these infringements of constitutional rights result from the inappropriately – and thus disproportionately – large scale of these measures, i.e. the inappropriately large number of irreproachable persons surveilled […].

Not only did the BND harvest in bulk, but it also passed on this 1:15 collection unminimized to the NSA.

The amazing part of this leaked report is that it only details the violations of a single BND collection outpost. There are seven more in Germany yet to be examined. On top of that, the oversight body couldn't even get a clear picture of the illegal activities occurring at this single station. There were just too many of them.

This "storage and processing of personal metadata in VERAS is subject to the BND law and subsidiarily to the Federal Data Protection Act". But in many aspects the Data Protection Commissioner was hindered from examining the data properly. When requesting only the retained data of individuals protected by fundamental rights, the database had too many be displayed. Thus, she gradually reduced the time frame: "90 days, 30 days, 1 day". Still too many hits:

In none of the these cases, the system was able to display the hits because the number exceeded the limit of 15,002 – not even in the case of the least possible time restriction of one day.

This means the Federal Data Protection Commissioner was not able to examine the contents of the massive meta data retention. Additionally, she was not able to check how the BND used personal data, because: There are no logs.

The BND is neither aware of the kind or the scope of logs, nor was it technologically possible to access the log data of VERAS 6. Further, there existed no technical capability to analyze the logs.

Unfortunately, the violations found by the Data Protection Commissioner have since been codified into law. The BND is harvesting even more than it was when it was inspected, having just finished a 300 million euro revamp of its surveillance tech. Much like here in the US pre-Snowden, the oversight in Germany is relatively toothless. Whatever exists will be actively thwarted by intelligence agencies (the report states that BND deleted logs the Commissioner asked to examine) or by other legislators who are always willing to sacrifice the public's rights for national security.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bnd, germany, leaks, mass surveillance, nsa, privacy, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Lord Lidl of Cheem (profile), 20 Sep 2016 @ 3:59am

    A small part of me wonders if Snowden himself is a conspiracy - a means for the world governments to get there surveillance capabilities out there so that they can be be made legal and extended so they can freely prosecute people under them and be rid of the whole parallel construction business.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Sep 2016 @ 6:14am

      Re:

      Yeah, a sensitive, intelligent government contractor sticking his neck out fighting for the privacy of common people, and acting beyond reproach despite the dirt and propaganda against him... ludicrous! they could have made him a little more believable though.

      link to this | view in chronology ]

    • icon
      Padpaw (profile), 20 Sep 2016 @ 10:12am

      Re:

      unlikely considering just how well they worked when they were kept secret. Are continuing to work since they still refuse to disclose what laws they keep breaking.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Sep 2016 @ 12:21pm

      Re:

      Know the scenario you describe is one that's considered at least somewhat probable in corners of the internet inhabited by those who concern themselves with such scenarios.

      Practically though, it doesn't matter if what you describe was, in fact, Snowden's true mission. Snowden's dire warning that high ranking criminal actors have coopted our government for power and profit - who currently seek to steal our tax dollars, decimate our democracy, and make us all exponentially less safe - stands on it's own. Snowden himself could be a drug dealing, pedophile, terrorist/satanist and it wouldn't make even the slightest bit of difference.

      Does the police detective care that the evidence to convict a murderer came from a murderer? Of course not. Should we care that the evidence of wildly criminal behavior by high ranking individuals in our government might have come from one of their agents? Of course not.

      In fact, much like a police interrogator, I whole heartedly encourage them to just keep on talking. Go ahead guys, get it all off your chest. Because with each leak (official or not), the evidence of their criminality stacks against them. With each executive order, FISA farse, unjust/fake law they pass after the fact to retroactively cover up their crimes, they delegitimize their authority in significant, perhaps unrecoverable, ways.

      Whatever the intention of all their unbelievably lame propaganda, they've made one thing perfectly clear, they consider 'We the People' to be their adversaries. And no matter how much 'We the People' would gladly partner with a legitimate intelligence community, the fact remains that by them making us their adversary, they've made themselves, ours.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Sep 2016 @ 4:51am

    I'm sure the BND will go arrest themselves now.

    No, wait, they'll go after whoever exposed them instead.

    link to this | view in chronology ]

  • identicon
    Lisboeta, 20 Sep 2016 @ 5:10am

    OK, we knew it was bad. But *this* bad?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Sep 2016 @ 6:25am

    Intelligence agencies have all gone rogue

    It seems to me that the intelligence agencies have all gone rogue, all go with little to no oversight, all stonewall what little oversight there is and basically exist as entities outside the purview of government. Maybe their surveillance has paid off, they have dirt on everyone, event he oversight committees and can now operate all on their own?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Sep 2016 @ 6:45am

      Re: Intelligence agencies have all gone rogue

      They're probably just in bed and/or drinking buddies with the oversight committees. It's everyone else they have dirt on.

      link to this | view in chronology ]

    • identicon
      Stig, 26 Sep 2016 @ 12:33pm

      Re: Intelligence agencies have all gone rogue

      If they do, that would be our info, the ordinary citizen's, to use as we wish, not theirs to use against us. And, yet, isn't it about time that the citizens of the world use this incredibly invasive technology to keep our own elected officials, and even some un-elected corporate types who hold great political sway, on the straight and narrow? How? Just like an Olympic athlete whose blood is a permanent record of the owners behavior, a permanent record, both video and audio 24/7, of our so-called leaders should be maintained and reviewed regularly, by the electorate, so that their honesty and the integrity of the office they hold, remain beyond repute. In other words, turn the table on a system of control that has no place in the world we have created for ourselves.

      link to this | view in chronology ]

  • identicon
    Yellow Beard with matching socks, 20 Sep 2016 @ 8:28am

    Germans spying? I don't beleive it

    Seriously the Nazis won WWII when the OSS hired basically the entire remaining SS to spy on the soviets(which they didn't actually do) the result was german intelligence and a total take over of the US government by nazis, dullas bush etc it's no wonder we are where we are

    link to this | view in chronology ]

  • identicon
    Sman88, 20 Sep 2016 @ 9:26am

    So Germany is turning into the Stassi again.

    link to this | view in chronology ]

  • icon
    Padpaw (profile), 20 Sep 2016 @ 10:06am

    For those running their current government Hitler's legacy is something they aspire to recreate for the average citizen it is the most shameful part of their nations history

    link to this | view in chronology ]

  • identicon
    Alex, 20 Sep 2016 @ 11:25am

    The Federal Data Protection Commissioner is *not* an "intelligence oversight office". The oversight of Germany's intelligence services belongs to the parliamentary control committee and the parliamentary G-10 commission. Both get their information about BND's actions through the Chancellery's office for intelligence services.

    This investigation/report was done independently and triggered through numerous testimonials of officials in front of the German NSA investigation committee.

    link to this | view in chronology ]

  • icon
    Ninja (profile), 20 Sep 2016 @ 1:07pm

    History

    It seems we've learned nothing from it.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Sep 2016 @ 11:03pm

    I seem to remember Merkel throwing a hissy fit about the revelations from the NSA leaks. Turns out her backyard was as much of a stinky pigsty like the one from over the pond. Is she going to throw another hissy fit, I wonder?

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.