Leaked Oversight Report Shows Illegal Surveillance, Massive Constitutional Violations By Germany's Intelligence Service

from the the-Snowden-Effect-continues dept

German website Netzpolitik might be headed for another treason investigation. The German government went after the site once for publishing leaked documents detailing mass surveillance operations and it may do so again after its latest publication.

The site has obtained a classified report from the country’s intelligence oversight office that shows the BND (Germany’s intelligence service) illegally collected and stored data and information obtained via its partnership with the NSA.

The report’s executive summary describes serious violations of the law [emphasis added]:

The BND has illegally and massively restricted my supervision authority on several occasions. A comprehensive and efficient control was not possible.

Contrary to its explicit obligation by law, the BND has created [seven] databases without an establishing order and used them (for many years), thus disregarding fundamental principles of legality. Under current law, the data saved in these databases have to be deleted immediately. They may not be used further.

Although this inspection was only focused on the BND station in Bad Aibling, I found serious legal violations, which are of outstanding importance and concern core areas of the BND’s mission.

The BND has collected personal data without a legal basis and has processed it systematically. The BND’s claim that this information is essential, cannot substitute a missing legal basis. Limitations of fundamental rights always need to be based on law.

German (constitutional) law […] also applies to personal data which the BND has collected abroad and processes domestically. These constitutional restrictions have to be strictly abided by the BND.

Some of what was illegally gathered and stored was obtained via the NSA’s XKeyscore program, which harvests email, online chats, and browser histories in bulk. The report notes that the indiscriminate collection of data and communications was subject to very little in the way of minimization, resulting in plenty of non-targets being swept up in the dragnet and their data/communications dumped into the BND’s databases.

Because of its […] systematic conception, XKEYSCORE – indisputedly – collects […] also a great number of personal data of irreproachable persons. The BND is not capable of substantiating their number […]. In one case I checked, the ratio was 1:15, i.e. for one target person, personal data of fifteen irreproachable persons were collected and stored, which were – indisputably – not required by the BND to fulfill its tasks […].

The collection and processing of these data are profound violations of [the] BND law.

These infringements of constitutional rights are conducted without any legal basis and thus harm the constitutional right of informational self-determination of irreproachable persons. Furthermore, these infringements of constitutional rights result from the inappropriately – and thus disproportionately – large scale of these measures, i.e. the inappropriately large number of irreproachable persons surveilled […].

Not only did the BND harvest in bulk, but it also passed on this 1:15 collection unminimized to the NSA.

The amazing part of this leaked report is that it only details the violations of a single BND collection outpost. There are seven more in Germany yet to be examined. On top of that, the oversight body couldn’t even get a clear picture of the illegal activities occurring at this single station. There were just too many of them.

This “storage and processing of personal metadata in VERAS is subject to the BND law and subsidiarily to the Federal Data Protection Act”. But in many aspects the Data Protection Commissioner was hindered from examining the data properly. When requesting only the retained data of individuals protected by fundamental rights, the database had too many be displayed. Thus, she gradually reduced the time frame: “90 days, 30 days, 1 day”. Still too many hits:

In none of the these cases, the system was able to display the hits because the number exceeded the limit of 15,002 – not even in the case of the least possible time restriction of one day.

This means the Federal Data Protection Commissioner was not able to examine the contents of the massive meta data retention. Additionally, she was not able to check how the BND used personal data, because: There are no logs.

The BND is neither aware of the kind or the scope of logs, nor was it technologically possible to access the log data of VERAS 6. Further, there existed no technical capability to analyze the logs.

Unfortunately, the violations found by the Data Protection Commissioner have since been codified into law. The BND is harvesting even more than it was when it was inspected, having just finished a 300 million euro revamp of its surveillance tech. Much like here in the US pre-Snowden, the oversight in Germany is relatively toothless. Whatever exists will be actively thwarted by intelligence agencies (the report states that BND deleted logs the Commissioner asked to examine) or by other legislators who are always willing to sacrifice the public’s rights for national security.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Leaked Oversight Report Shows Illegal Surveillance, Massive Constitutional Violations By Germany's Intelligence Service”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

Know the scenario you describe is one that’s considered at least somewhat probable in corners of the internet inhabited by those who concern themselves with such scenarios.

Practically though, it doesn’t matter if what you describe was, in fact, Snowden’s true mission. Snowden’s dire warning that high ranking criminal actors have coopted our government for power and profit – who currently seek to steal our tax dollars, decimate our democracy, and make us all exponentially less safe – stands on it’s own. Snowden himself could be a drug dealing, pedophile, terrorist/satanist and it wouldn’t make even the slightest bit of difference.

Does the police detective care that the evidence to convict a murderer came from a murderer? Of course not. Should we care that the evidence of wildly criminal behavior by high ranking individuals in our government might have come from one of their agents? Of course not.

In fact, much like a police interrogator, I whole heartedly encourage them to just keep on talking. Go ahead guys, get it all off your chest. Because with each leak (official or not), the evidence of their criminality stacks against them. With each executive order, FISA farse, unjust/fake law they pass after the fact to retroactively cover up their crimes, they delegitimize their authority in significant, perhaps unrecoverable, ways.

Whatever the intention of all their unbelievably lame propaganda, they’ve made one thing perfectly clear, they consider ‘We the People’ to be their adversaries. And no matter how much ‘We the People’ would gladly partner with a legitimate intelligence community, the fact remains that by them making us their adversary, they’ve made themselves, ours.

Anonymous Coward says:

Intelligence agencies have all gone rogue

It seems to me that the intelligence agencies have all gone rogue, all go with little to no oversight, all stonewall what little oversight there is and basically exist as entities outside the purview of government. Maybe their surveillance has paid off, they have dirt on everyone, event he oversight committees and can now operate all on their own?

Stig says:

Re: Intelligence agencies have all gone rogue

If they do, that would be our info, the ordinary citizen’s, to use as we wish, not theirs to use against us. And, yet, isn’t it about time that the citizens of the world use this incredibly invasive technology to keep our own elected officials, and even some un-elected corporate types who hold great political sway, on the straight and narrow? How? Just like an Olympic athlete whose blood is a permanent record of the owners behavior, a permanent record, both video and audio 24/7, of our so-called leaders should be maintained and reviewed regularly, by the electorate, so that their honesty and the integrity of the office they hold, remain beyond repute. In other words, turn the table on a system of control that has no place in the world we have created for ourselves.

Alex says:

The Federal Data Protection Commissioner is *not* an “intelligence oversight office”. The oversight of Germany’s intelligence services belongs to the parliamentary control committee and the parliamentary G-10 commission. Both get their information about BND’s actions through the Chancellery’s office for intelligence services.

This investigation/report was done independently and triggered through numerous testimonials of officials in front of the German NSA investigation committee.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...