Court Says German Intelligence Agency Can Continued To Deploy Its Dragnet On World's Largest Internet Hub

from the court:-dump-pipes-shouldn't-worry-about-end-users dept

The post-Snowden effects on Germany's surveillance architecture have been muted. Oversight in the US is a joke, but it's marginally better than what's being offered in other countries. You'd think a country that survived almost-consecutive crushing surveillance states would be a bit more cautious about deploying dragnets. Not so. All evidence points to German surveillance programs flourishing under the lack of effective oversight, limited only by technical prowess rather than concerns for those swept up by them.

Internal investigations prompted by revelations seemed like a step forward, but the government gave German surveillance programs a thumbs up three years later. The information revealed by Snowden and other leakers did give residents and advocates enough ammunition for legal battles, but the German courts haven't really given them anything in return.

David Meyer of ZDNet reports a court has handed a win to Germany's Federal Intelligence Service (BND) in a lawsuit filed by Frankfort's De-Cix, the largest internet hub in the world. The BND has tapped this for years, sweeping up massive amounts of data and communications, and frequently passing this on to surveillance partners around the world. De-Cix was compliant until 2016, when it decided to sue BND for violating German law.

Until a revision to German law last year, the Federal Intelligence Service, Bundesnachrichtendienst or BND, could only inspect up to 20 percent of the traffic flowing through the hub.

That traffic amounts to over 5TB per second of information coming from and going to places all over the world. The 'G10 law' also says the agency can only inspect international communications.

However, De-Cix's 2016 complaint said the BND was scooping up the lot, without any targeting. It also said the agency was illegally monitoring internal German communications as part of those activities, as its filters for emails involving a .de address did not work properly.

Unfortunately, the allegations of illegal spying won't be examined. The court has decided De-Cix cannot bring this lawsuit, which is nominally on behalf of those being illegally spied on (end users). The court says De-Cix just routes traffic, and as such, cannot allege harm.

De-Cix isn't happy with this ruling.

De-Cix said in a statement that it finds it "incomprehensible" that the Leipzig court failed to deal with the BND's alleged violations, as detailed by the exchange. It added that everyone's privacy rights are now solely in the hands of the government's intelligence oversight committee.

German residents shouldn't be happy with it either. What's been shown repeatedly in the wake of the Snowden leaks is that government oversight of surveillance agencies and programs is weak, ineffective, and frequently given little to no information to work with. The powers granted by various national security laws make the problem worse by expanding surveillance powers and reining it whatever's left of their oversight. Recent years have seen some reform efforts put in place, but beyond making hypocritical noise about the NSA's surveillance of German politicians, not much has been done on the legislative front in Germany, other than to codify abusive surveillance to make it more resistant to legal challenges.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bnd, dragnet, germany, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 7 Jun 2018 @ 9:09am

    The court says De-Cix just routes traffic, and as such, cannot allege harm.

    Observe the irony here, that in Germany third parties cannot allege legal harm to themselves based on content created by others, but that they are legally responsible for harm caused by content created by others.

    I would also point out the likelihood that De-Cix does not actually use the internet itself to be vanishingly small, and the likelihood that De-Cix does use the internet but does not route any of its traffic through its own hub to be even smaller. That is, they clearly are the source of some traffic and are therefore clearly have standing on behalf of themselves, if not necessarily others.


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Advertisment

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.