The Federal Intelligence Service (BND) is given broad authority to hack foreign switching systems, telecommunications infrastructure and the IT systems of Internet providers. The Bundestag decided on Thursday as part of the reform of the BND law. The government factions of the CDU / CSU and SPD voted for the initiative, the opposition was united against it.
Parliament followed up with the Novella the aim of legalizing the surveillance practices of the international secret service and adding new skills. In the future, the BND will be able to officially penetrate the computers and cell phones of foreigners abroad using technical means such as the federal Trojan and carry out clandestine online searches. Data collected during such interventions must be checked for necessity at least every five years.
The reason for the reform is the judgment of the Federal Constitutional Court on the suspicion-independent BND mass surveillance in the form of strategic telecommunications intelligence. The Karlsruhe judges declared the data vacuum cleaner used by the foreign secret service to be unconstitutional.
Government coalition defies constitutional court
The members of the government parliamentary groups consider this tool and data collection from IT systems in other countries to be indispensable in principle. As before, withdrawn network communication should be allowed to be searched using selectors. Fishing in the data volumes with the help of thousands of search terms used in 2018 did not produce any usable results.
From now on, the BND may raster through up to 30 percent of all networks worldwide. Until now, the limit was 20 percent for “individual” networks. Providers had already called Foul here because they were not using their lines to full capacity and the agents ended up with a larger volume of data.
In bed with the NSA
Since the data vacuum cleaner is not trivial to control, the BND should be able to use the help of friendly secret services such as the NSA or the British GCHQ. He “may request foreign public authorities to carry out strategic information measures”. This is not a problem, since the selectors used must meet the same requirements as with the BND. Personal data of citizens and institutions of the EU as well as of public authorities of the member states may not be collected “specifically”. There are more stringent requirements.
The foreign spies should also be allowed to use the selected selectors “for their own purposes” if the BND has agreed and this is fundamentally permissible. Nevertheless, the Bundestag refers to the goal of excluding the “so-called ring swap” when collecting data between secret service partners. Observers assume that with these clauses the local agents will be able to outsource the operation of the controversial NSA tool XKeyscore and also use the huge data center of the US secret service in Utah.
Spy for Copyright Enforcement
Parliament is also significantly expanding the danger areas in which the BND is allowed to start the data vacuum cleaner. So far, the competence has been limited to the sectors of international terrorism, the passing on of nuclear weapons material, illegal locks and “cyber”. In the future there will be for example “critical developments abroad”, international extremism, money laundering, the protection of critical infrastructures, the proliferation of technologies and “data processing programs of considerable importance” as well as “cases of theft of intellectual property”.
For data from a confidentiality relationship, for example with clergy, defense lawyers, lawyers and journalists, higher requirements apply. In relation to the government draft, the Bundestag made it clear that in general all media representatives reporting “freely and independently” as well as bloggers critical of the government should be protected in states “in which the freedom of the press is very much threatened”. In addition, the BND has to document a decision on whether a person belongs to the group of professional confidentiality holders.
“Judicial review similar to that of a court”
Measures for individual and mass surveillance must be approved by the head of the BND and checked by a new “independent control council” as soon as this order is implemented. According to the draft, this body will complement the work of the Parliamentary Control Committee (PKGr) and the G10 Commission. It should be allowed to view selectors, for example, in order to prevent a second GAU as after the unchecked use of NSA search terms.
The Bundestag explains that the council will undertake a “judicial review”. The two ruling chambers may only be occupied by judges from the Federal Court of Justice or the Federal Administrative Court. A total of 62 employees at the supervisory authority should watch the fingers of the BND. The MPs underline in a new paragraph that the PKGr takes on the central role in the control of the secret service. Whistleblowers who approach the committee can remain anonymous to the outside world.