German spies cede citizen data in exchange for NSA spyware
Thu 27 Aug 2015
Germany’s top intelligence agency gave up details related to citizen metadata in return for National Security Agency (NSA) spyware, local reports [German] have claimed.
Keen to use a copy of spy software XKeyscore, the NSA’s key surveillance programme revealed by Edward Snowden in 2013, German spies reportedly handed over information collected on their fellow citizens.
German newspaper Die Zeit wrote yesterday that internal documents showed evidence that the Federal Office for the Protection of the Consititution (Bundesamtes für Verfassungsschutz—BfV) had entered into an 18-month-long negotiation with the U.S., before signing an agreement to receive the NSA spyware and deploy it for analysing data gathered on German citizens. In return the BfV promised to share “to the maximum extent possible […] all data relevant to NSA’s mission.”
The German intelligence group still received a lower access level than other non-U.S. countries, including the UK, Canada, Australia and New Zealand who all enjoyed direct access to the main XKeyscore system.
The BfV, Germany’s domestic surveillance agency, is only permitted to track individual suspects on German soil, with parliamentary permission. However, as Die Zeit pointed out, legal experts are debating whether the collection and ceding of metadata in this case was truly “consistent to the restrictions outlined in Germany’s surveillance laws.”
Before 2013 the BfV processed all metadata by hand, despite its large-scale nature. It is therefore unsurprising that the agency was desperate to obtain a copy of XKeysore to help automate the process and achieve greater analysis than it was formerly capable of.
Die Zeit also noted the hesitance of the BfV to inform the German government of their NSA agreement. Former data protection commissioner Peter Schaar said he “knew nothing about such an exchange deal,” adding that he had only discovered that the BfV was using the software following the Snowden revelations.
The German paper concluded that even the Parliamentary Control Panel was only made aware of the XKeyscore access having “explicitly” asked the agency after the programme’s existence had been uncovered in 2013.