A decision by German Federal Administrative Court has effectively confirmed that Bundesnachrichtendienst (BND), Germany’s out-of-control intelligence agency can continue spying on its own citizens – legally.
Last week, the court dismissed a case brought by the German Commercial Internet Exchange (De-Cix) over mass surveillance, and that is not good news for Internet privacy.
An Internet exchange point is an essential element of the World Wide Web and in a way functions as an airport of the Internet: Many different airlines (Internet service providers, such as Verizon and AT&T) send planes (data) through one central hub (the Internet exchange point).
The De-Cix exchange, the world’s largest Internet hub located in Frankfurt, can handle up to 6 terabytes of data per second, which is roughly equivalent to 2.6 billion single-spaced typed pages. This traffic comes not only from Europe but also from Asia, the Middle East, and Africa.
In 2016, De-Cix filed a lawsuit against the tapping of its massive data flows by the BND, German foreign intelligence service. Officially, Germany’s telecommunications law only licenses the surveillance of international, cross-border communication data. However, De-Cix’s complaint claimed the BND was scooping up the whole load without any targeting.
What’s more, a 2014 parliamentary inquiry had established that, between 2004 and 2008, the BND had been siphoning off raw data from De-Cix and forwarding it to the NSA. At the time, the BND maintained that information on German citizens had been left out, but internal documents demonstrated that at least 5 percent of German citizens’ communications data could not be filtered.
Considering the mass of daily chat messages, emails, Internet searches, phone calls, streamed videos and other online communications, a functional filter of only German communications is unrealistic, De-Cix argued.
In the complaint, De-Cix referred to the article 10 of Germany’s post-war Basic Law (also known as G-10), which guarantees the privacy of communications.
However, the article 10 stipulates exceptions for intelligence services in cases related to national security. The government representative in the court said that the government had installed the parliamentary G-10 Commission to protect those affected by surveillance. This commission is comparable to the American FISA court, which has been in the news a lot this year because of the Trump campaign surveillance scandal.
In its ruling, the court said De-Cix was not entitled to cite G-10 because as the operator of the network facility it was not directly affected by the BND operations. It also claimed that the lawfulness of the Internet exchange monitoring was not the concern of De-Cix but rather of the federal government and its institutions.
Following the court decision, De-Cix said in a statement that it believed the ruling shielded the exchange from criminal liability for breaches of the law protecting German domestic communications.
“The sole responsibility for the protection of the rights of citizens and companies is therefore the responsibility of the G10 Commission, which apparently now also has to be responsible for the treatment of internal German communications,” De-Cix said.
“We always have a duty to our customers to ensure that strategic telecommunications monitoring of their telecommunications takes place only in a lawful manner,” De-Cix added.
Even when the BND isn’t sharing its surveillance data with the NSA, there is a constant undercurrent of shady dealings between the two agencies and the countries whose national interests they are supposed to protect.
Back in 2013, Edward Snowden revealed that the US had been spying on Germany as part of his extensive reporting on the NSA surveillance. Chancellor Angela Merkel, who grew up in communist East Germany where espionage on citizens by the authorities was rife, seemed livid and repeatedly stated that “spying among friends is not on,” while also acknowledging Germany’s confidence in the US in security matters.
But last year, Der Spiegel revealed that the BND had been spying on American targets as well, including various military facilities and NASA. And that’s not the only case of the German agency’s cloak-and-dagger ventures. Previously, the BND had been discredited by reports that it had tapped into the phone of US Secretary of State John Kerry and ran surveillance on other European countries.
Whether you live in Germany or any other country, this story is yet another reminder that your online privacy is always the first victim of the cyber battle of national security.
Many Germans, disturbed by the trend of weakening digital privacy, have turned to various online security services. Virtual private networks (VPN) are among the tools that offer the most effective protection. A VPN service, such as NordVPN, reroutes all Internet traffic through a strongly encrypted tunnel, hiding it from surveillance by government agencies, ISPs or advertisers. Besides, NordVPN keeps no logs of its customers’ activities, meaning it cannot supply any data to the authorities.