Germany’s spies seriously violated the country’s laws multiple times, according to a secret report from its federal data protection commissioner, Andrea Voßhoff.
The legal analysis, leaked to Netzpolitik, was made in July 2015 following a visit by data protection officials to Bad Aibling in southern Germany in the wake of Edward Snowden’s revelations about surveillance activities there. Bad Aibling is jointly run by Germany’s intelligence agency, the Bundesnachrichtendienst (BND), and the NSA.
As well as listing 18 serious legal violations and filing 12 formal complaints—the German data watchdog’s most severe legal instrument—the secret report said that the BND created seven databases without the appropriate legal approval. As a result, commissioner Voßhoff said that all seven databases should be deleted, and could not be used again.
Significantly, one of the illegal databases used the XKeyscore software, sometimes called the NSA’s Google. As Ars reported last year, it was known that the BND had a copy of this program, but the Netzpolitik leak appears to provide details of the huge scale on which it was used:
For the SIGINT [signal intelligence] collection, i.e. as so-called front-end system, XKEYSCORE—using freely definable and linkable selectors [keywords]—scans […] the entire Internet traffic worldwide, i.e. all meta and content data contained in Internet traffic, and saves selected Internet traffic data (e-mails, chats, content from public social media, media, as well as non-public—i.e. not visible to the normal user—messages in Web forums, etc.) and hence all persons appearing in this Internet traffic (sender, receiver, Web forum member, member of social networks, etc.). In real time, XKEYSCORE makes these Internet traffic data—attributed to its users—readable and analysable for …