• Buro Jansen & Janssen is een onderzoeksburo dat politie, justitie, inlichtingendiensten, de overheid in Nederland en Europa kritisch volgt. Een grond-rechten kollektief dat al 30 jaar publiceert over uitbreiding van repressieve wetgeving, publiek-private samenwerking, bevoegdheden, overheids-optreden en andere staatsaangelegenheden.
    Buro Jansen & Janssen Postbus 10591, 1001EN Amsterdam, 020-6123202, 06-34339533, signal +31684065516, info@burojansen.nl (pgp)
    Steun Buro Jansen & Janssen. Word donateur, NL43 ASNB 0856 9868 52 of NL56 INGB 0000 6039 04 ten name van Stichting Res Publica, Postbus 11556, 1001 GN Amsterdam.

  • Categorieën

  • Germany trades citizens’ metadata for NSA’s top spy software

    Spies keen to use XKeyscore, less keen to tell German government or citizens.

    In order to obtain a copy of the NSA’s main XKeyscore software, whose existence was first revealed by Edward Snowden in 2013, Germany’s domestic intelligence agency agreed to hand over metadata of German citizens it spies on. According to documents seen by the German newspaper Die Zeit, after 18 months of negotiations, the US and Germany signed an agreement in April 2013 that would allow the Federal Office for the Protection of the Constitution (Bundesamtes für Verfassungsschutz—BfV) to obtain a copy of the NSA’s most important program and to adopt it for the analysis of data gathered in Germany.

    This was a lower level of access compared to the non-US “Five Eyes” nations—the UK, Australia, Canada, and New Zealand—which had direct access to the main XKeyscore system. In return for the software, the BfV would “to the maximum extent possible share all data relevant to NSA’s mission.” Interestingly, there is no indication in the Die Zeit story that the latest leak comes from Snowden, which suggests that someone else has made the BfV’s “internal documents” available.

    Unlike Germany’s foreign intelligence service, the Bundesnachrichtendienst (BND), the domestic-oriented BfV does not employ bulk surveillance of the kind also deployed on a vast scale by the NSA and GCHQ. Instead, it is only allowed to monitor individual suspects in Germany and, even to do that, must obtain the approval of a special parliamentary commission. Because of this targeted approach, BfV surveillance is mainly intended to gather the content of specific conversations, whether in the form of e-mails, telephone exchanges, or even faxes, if anyone still uses them. Inevitably, though, metadata is also gathered, but as Die Zeit explains, “whether the collection of this [meta]data is consistent with the restrictions outlined in Germany’s surveillance laws is a question that divides legal experts.”

    The BfV had no problems convincing itself that it was consistent with Germany’s laws to collect metadata, but rarely bothered since—remarkably—all analysis was done by hand before 2013, even though metadata by its very nature lends itself to large-scale automated processing. This explains the eagerness of the BfV to obtain the NSA’s XKeyscore software after German agents had seen its powerful metadata analysis capabilities in demonstrations.

    It may also explain the massive expansion of the BfV that the leaked document published by Netzpolitik had revealed earlier this year. As Die Zeit notes, the classified budget plans “included the information that the BfV intended to create 75 new positions for the ‘mass data analysis of Internet content.’ Seventy-five new positions is a significant amount for any government agency.”

    FURTHER READING

    GERMANY’S TOP PROSECUTOR FIRED OVER NETZPOLITIK “TREASON” PROBE
    Heads begin to roll, but the investigation has not yet been dropped.
    The BfV may have been keen to deploy XKeyscore widely, but it wasn’t so keen to inform the German authorities about the deal with the NSA. Peter Schaar, who was data protection commissioner at the time, told Die Zeit: “I knew nothing about such an exchange deal [of German metadata for US software].” He says that he only discovered that the BfV was using XKeyscore when he asked the surveillance service explicitly after reading about the program in Snowden’s 2013 revelations. The same is true for another key oversight body: “The Parliamentary Control Panel learned that the BfV had received XKeyscore software and had begun using it. But even this very general briefing was only made after the panel had explicitly asked following the Snowden revelations,” according to Die Zeit.

    This post originated on Ars Technica UK
    by Glyn Moody (UK) – Aug 27, 2015 5:32pm CEST

    Find this story at 27 August 2015

    © 2015 Condé Nast