Tailor-made laws: The state of surveillance in Germany


What is worse: intelligence services gathering data without any legal basis or secret services operating within a legal framework that allows them to obtain vast amounts of personal information? This is the key question regarding Germany’s surveillance apparatus, as a new law regarding its foreign intelligence agency, the Federal Intelligence Service (BND), was passed through parliament on Friday 21 October.

Following the 2013 uncovering of the mass-scale surveillance by America’s National Security Agency, including details of the tapping of German chancellor Angela Merkel’s phone, there was a sense in German public debate that secret services were out of control. In early 2014, a parliamentary committee was established in the national chamber of the Bundestag to investigate the scale of surveillance activities of foreign intelligence in Germany. Attention soon shifted to the role of the BND, after former NSA employee Thomas Drake called the agency “an addendum appendix of the NSA” in his testimony to the committee in July of that year.

While the German government began the process to reform the legal framework of the BND, the governmentally-appointed officer for data protection and freedom of information took a closer look at the work of the service’s telecommunications unit in the southern town of Bad Aiblingen.

What it found was remarkable: across 60 pages, the expert report from March 2016 listed legal breaches by the BND. Although the intelligence service had been “repeatedly and heavily obstructing my work”, the officer was able to gain a picture full enough to pinpoint 18 “serious transgressions” and submit 12 official complaints, which, according to the investigative tech-blog Netzpolitik.org, is a record unrivalled by any governmental office in Germany to receive at one point in time.

Netzpolitik.org also made public the “top secret” labelled report in September.

Surveillance-critical civil society in the country may have been hopeful to see the intelligence service face consequences for past transgressions and future limitations for its activities. They were in for a surprise, though, as the BND law put forward in June this year proposed to legalise all surveillance activities that had thus far been taking place and further expand their scope additionally. The new law allows the foreign secret service thus-far illicit in-country surveillance.

In theory, any German-to-German communication would have to be excluded from surveillance, but two independent reports by experts, including one by Chaos Computer Club, found that online traffic does not carry a clearly discernible nationality. The constitutionally stipulated freedom of privacy of communication suddenly appears less convincing. It also follows that any non-EU national is not considered bearer of fundamental rights enjoyed, on paper, by anyone living in Germany, as all electronic communication including at least one foreign-based party can now be analysed and stored for up to six months, including all metadata. This will include foreign journalists and the sources they are in contact with. The previous 20%-rule, whereby the BND was limited to only intercept and analyse so much of the traffic available, was lifted altogether. The extended competencies were not left without a new and grand mission: surveillance can now take place to reap “insights into foreign and security policy [which] may be of relevance”.

Senior investigative journalist David Crawford spoke to Index on Censorship about an opportunity missed in the sense that the “legislative process had not been used as a forum what intelligence services should do but…to legalise practices that were already going on”. A “silent consensus” across the grand coalition seemed to exist and it appears that policy-makers close to the intelligence services had successfully dominated the reform process and delivered a law tailor-made for the BND.

Although the result may be unsatisfactory Crawford said that, in the German context, it was generally “positive to write down the rules of behaviour” for a practice that have been ongoing for decades and employed by more resourceful intelligence services worldwide. While especially the aspect of information sharing between foreign secret services appears worrying to Crawford, the investigative journalist points out that this professional group never had any “real protection, they are treated like any citizen” under German law. Thus, he emphasised that no journalist should pass the responsibility for safeguarding his or her sources to the state law or EU regulations: “It is up to the person to get the training they need, to put a lot of thought into how they can do this without somebody getting hurt”.

While extensive electronic surveillance by multiple states has to be reckoned with, regardless of a legal basis for the practices, the journalist should employ the right kinds of “tricks of the trade” to make sure that any whistleblower who helped uncover a story will, under no circumstances, suffer: “a lot of the time it is just going out meeting people, not using the phone, not even using the mail…I figure out a way to meet them, knocking on people’s doors or meeting them in a supermarket or somewhere, where you are unlikely to be monitored and they would feel a lot more comfortable talking…Use less technology, use a pencil, cite documents rather than announcing you have a whistleblower.”

According to Crawford, the lack of investigative journalism in general and the unawareness of some journalists engaging in serious investigative projects may be at the root of a sloppiness with the more time-consuming methods that the job requires in a reality of surveillance.

However, civil society activists maintained a responsibility of ethics reflected in legislation and protested with petitions and a solemn vigil on the evening prior to the final vote. As the law was being passed on the morning of Friday 21 October, the former liberal justice minister Sabine Leutheuser-Schnarrenberger announced constitutional charges against it. Meanwhile, the German intelligence service has other legal cases pending against it: the worldwide largest data transmission exchange business based in Frankfurt, DE-CIX, is seeking to get a “judicial review for the practices of telecommunication surveillance” for its customers. Another lawsuit filed by the German branch of Reporters Without Borders in June last year is based on the office for data’s annual report for 2014 and is seeking to defend all journalists and their sources against the transgression of the privacy of communication as an attack on press freedom.

Mapping Media Freedom

Click on the bubbles to view reports or double-click to zoom in on specific regions. The full site can be accessed at https://mappingmediafreedom.org/

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_basic_grid post_type=”post” max_items=”3″ grid_id=”vc_gid:1478541493543-29b41d55-076a-3″ taxonomies=”6564″][/vc_column][/vc_row]

Bringing global human rights into the surveillance debate

(Photo illustration: Shutterstock)

(Photo illustration: Shutterstock)

Around the world, there is confusion and alarm over the impact of the U.S. National Security Agency’s (NSA) surveillance program on human rights. In the U.S., the debate is focusing on the gross violations of privacy rights of Americans. Barely a word is being spoken about the human rights of people outside the country whose personal communications are being targeted, and whose communications content is collected, stored, analyzed and used with little legal protection.

A growing group of international civil society groups and individuals wants that to change and is coming together to present the newly empowered U.S. Privacy and Civil Liberties Board (PCLOB) with a joint letter, asking the Board to make “recommendations and findings designed to protect the human rights not only of U.S. persons, but also of non-U.S. persons.” Before PCLOB’s mid-September deadline for public comments, I encourage global civil society to add their name to this powerful statement.

As the letter makes clear, there is great concern from the global community that the recently revealed surveillance program conducted under Section 702 of the Foreign Intelligence Surveillance Act (FISA) poses a severe threat to human rights. It rightly notes that the surveillance “ strikes at the heart of global digital communications and severely threatens human rights in the digital age.” “The use of unnecessary, disproportionate, and unaccountable extra-territorial surveillance not only violates rights to privacy and human dignity, but also threatens the fundamental rights to freedom of thought, opinion and expression, and association that are at the center of any democratic practice. Such surveillance must be scrutinized through ample, deep, and transparent debate. Interference with the human rights of citizens by any government, their own or foreign, is unacceptable.”

Why then is all the attention in the U.S. focused on just the rights of Americans? The U.S. draws its obligations to protect rights in conducting surveillance from the U.S. Constitution, specifically the Fourth Amendment, which protects “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” The “people” generally means all people located within the United States regardless of citizenship, and then only when they have a “ reasonable expectation of privacy.”

Except in the most extraordinary circumstances, and for U.S. citizens and lawful residents when they are travelling abroad, people outside the U.S. have no privacy protections under the Fourth Amendment. This is a feature in the U.S. Constitution and it animates every part of U.S. surveillance law and practice. That is why Section 702 of FISA requires targeting and minimization guidelines that are aimed (albeit inadequately) at ensuring that the communications being targeted are those of people reasonably believed to be outside the U.S. It’s also why they provide some level of protection for ordinary Americans whose communications are ensnared in foreign intelligence activities and take no notice of the rights of ordinary people all over the world whose personal communications now reside in NSA databases.

It may be hard to fathom now, but Congress created the FISA Court to rein in surveillance after revelations about illegal political spying on Americans surfaced in the 1970’s. The Court had a narrow charge:  to ensure that electronic surveillance conducted in the United States for intelligence purposes is conducted pursuant to a warrant. The warrant protection did not apply to surveillance conducted outside the U.S., so it did not protect the rights of foreigners outside the U.S.  However, in those days, communications surveillance within the U.S. was a limited and highly targeted activity aimed at hostile foreign powers and their agents. The phone conversations of ordinary people were of no interest. International phone calls between a person in the U.S. and person abroad were quite expensive and relatively rare.

Today, the assumptions that informed the enactment of FISA have been worn thin by a radical shift in threats – from states to diffuse non-state actors – and an even more radical shift in technology. The advent of the internet, the data storage revolution and big data analytics, fueled by fears about terrorism, have, in the post-PATRIOT Act world, fueled a growing government appetite for data. Today, the NSA isn’t just trying to listen in on the embassy abroad of a Cold War rival; instead, it doesn’t know whom to listen in on because it does not know who might pose a threat.  In the process, individualized targeting based on specific indicia of threat has given way to bulk programmatic targeting of foreign communications without any consideration of human rights of people beyond our borders.

This position is simply untenable in today’s much smaller world, where the Cold War line between “us” and “them” has blurred.

When FISA was enacted, there was no global internet and the cost of international calls was prohibitive. Large parts of the world were unreachable for political or technical reasons. Now, we are a nation of more immigrants, global businesses and frequent travelers. We live online and carry our cell phones everywhere. The cost of an international call has plummeted by more than 90% and the number of U.S. billed international calls and the use of VOIP has skyrocketed.  Skype calls worldwide alone grew 44% to 167 billion minutes in 2012.

Everyday, Americans are calling, emailing, texting and “friending” family, friends, colleagues and customers around the world, engaging in so-called “foreign communications.” For those on the other side of our emails and calls, there is no protection for free expression or privacy rights. In fact, their communications may be collected, examined and used by the government for any legal purpose.

The U.S. is certainly not alone in the breadth of its surveillance activities. Britain’s spy agency monitors the cables that carry the world’s phone calls and internet traffic in close cooperation with the NSA. Indeed, according to leaked documents, Britain’s GCHQ collects more metadata than the NSA with fewer limitations. Germany’s foreign intelligence agency, the BND, is monitoring communications at a Frankfurt communications hub that handles international traffic to, from and through Germany, and the BND is seeking to significantly extend its capabilities. Le Monde reports that France runs a vast electronic spying operation using NSA-style methods, but with even fewer legal controls. And Russia’s notorious SORM system is reportedly even more advanced than the American system.

The U.S. is also not alone in focusing most of the protections of its surveillance laws internally.  Such focus is also a feature of the surveillance laws and practices in democratic countries around the world, most of which take a highly territorial view of their human rights obligations and are unlikely to willingly give them extraterritorial application.

There is an urgent conversation to be had in the U.S and beyond about the implications of cross-border surveillance. Given the globalization of information society services, we now must assume that the data pertaining to the citizens of one country will flow through the infrastructure of another and be subject to collection and use for national security purposes. Surveillance standards must be strengthened everywhere to ensure that robust judicial oversight and that principles of specificity, necessity, proportionality, data minimization, use limitation and redress for misuse are the norm. In a globally networked world, legal standards must also recognize the human rights implications of cross-border surveillance and set out a way forward to protect the rights of people beyond state borders. There is ambiguity about whether our largely territorial human rights paradigm is adequate to meet the challenge.

That is why the call to PCLOB to speak to the rights of non-Americans is so important. PCLOB has a simple mission: to make sure privacy and civil liberties are at the table as new security measures to protect the nation are considered. It has boldly taken on the NSA surveillance program as its first task, but it is too soon to know whether it has the muscle or the will power to push meaningful reforms.  It has an opportunity to show global leadership by heeding the call to make concrete recommendations about the rights of non-U.S. persons that can frame the global discussion about surveillance and human rights going forward. Add your name to the letter and tell PCLOB to seize the opportunity.