BND should be allowed to hack IT giants and monitor internet nodes more closely

In the data centers of the Frankfurt Internet exchange point DE-CIX, where Europe's digital lifelines converge in the form of fiber optic cables, a security policy turning point is looming. What has been practiced for years as "strategic reconnaissance" is to be placed on a new legal foundation according to the Chancellor's Office.

This emerges from a draft law, which NDR, WDR, and Süddeutsche Zeitung are reporting on again. The powers of the Federal Intelligence Service (BND) are to be extended as if the Snowden revelations had never happened. The foreign intelligence service could thus act more independently. Above all, the government headquarters wants to reduce dependence on the findings of powerful partners like the NSA.

The core of the planned reform is, according to the report, the way in which data is intercepted and processed at DE-CIX. Previously, the BND was only allowed to secure metadata for a limited period. The agents were only allowed to filter the actual content of emails, chats, or internet calls in real-time according to predefined search terms.

In the future, this process could be carried out in two stages: The service would be granted the power to completely store up to 30 percent of all data traffic for six months – including all content. In a second step, the so-called inspection, the spies could sift through these vast amounts of data for relevant information.

Computer Network Exploitation in NSA Style

The planned practice is reminiscent of the controversial data retention. However, according to the reporters, the lawyers in the Chancellor's Office contradict this classification: Not all providers would be obliged to store data across the board. Rather, the state would selectively access strategically important interfaces itself. Such a level of analysis has long been standard among European neighbors.

The plans are also explosive in the area of active cyber espionage. Under the heading "Computer Network Exploitation", the BND is to receive another official license to hack. If US tech giants like Google, Meta, or X do not cooperate with requests, the BND would be allowed to penetrate their systems secretly. This would even apply to IT infrastructures within Germany, provided it is necessary to defend against hostile cyberattacks. The line between domestic and foreign intelligence gathering would thus be difficult to maintain.

The circle of potential surveillance targets is also being redefined, according to the report. Foreign officials, such as intelligence service employees operating under diplomatic status, will be able to be monitored in Germany in the future just as easily as abroad. At the same time, the draft is shaking a taboo, it says: the protection of confidants like journalists. The Chancellor's Office plans a differentiation here. Employees of state media of authoritarian regimes will no longer enjoy the same source protection as independent journalists, as they are often seen by the federal government as acting more as agents.

With the extensive project, BND agents will also be allowed to enter apartments and install federal trojans. The latest, no less controversial amendment to the BND Act took place in 2021. With it, parliament granted agents, for example, the power to hack foreign switching systems, telecommunications infrastructure, and IT systems of providers.

(mki)