German BND Intelligence Cooperation with NSA has Actually Expanded.

apes.png

Late last month Der Spiegel reported that the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, participated in and directly supported the National Security Agency’s efforts much more broadly than originally revealed by the Snowden documents. 

The Der Spiegel story revealed that nearly five percent of the searches conducted according to NSA requests were violations of German intelligence policies, which, among other things, prohibit spying on European targets. On a daily basis, the NSA requested that the BND run searches on specific selectors (like phone numbers, IP addresses, and email addresses) and share the information with the US agency. These revelations are important on at least two fronts. First, the sheer quantity of selectors that the NSA sent to the BND raises questions about the level of cooperation between German and American spy agencies. Second, the degree to which the NSA’s requests were driven by economic interests rather than terrorism concerns may undercut the agency’s claims that it doesn’t engage in forms of economic espionage.

Before delving into these developments, it is important to consider them in light of the background history of relations between the US intelligence community and the BND. A Just Security post by Prof. Jefferson Adams traced some of the rocky relationship over time and the different institutional cultures today surrounding state surveillance. He called for a high-level review of US policies toward Germany and other NATO countries. 

According to the news from a few days ago, the relationship may have also borne fruit in the form of the BND played a fundamental role in tracking down Osama bin Laden before his death. So what do the new revelations about NSA and BND cooperation tell us?

Between 2002 and 2013, the NSA sent the BND roughly 800,000 selectors to run searches against, which averages out to nearly 200 per day, according to Zeit Online. By 2008, analysts at the BND started to worry that some of the selectors were targeting German and European individuals and companies, but it wasn’t until the Snowden revelations that the German public was made aware of the NSA’s requests or that the fulfillment of those requests included a number of violations of the country’s intelligence policies. 

Indeed, according to Der Spiegel, neither the leadership of the BND nor the Chancellery, the body charged with monitoring the BND, were made aware of the violations before 2013. In October of that year, the BND estimated that it had run searches on approximately 2,000 selectors that were aimed at information about European (including even German) individuals and companies. However, Der Spiegel’s recent report indicates that the number of violations committed by the BND at the request of the NSA was 40,000, not 2,000. (These “violations” are distinct from the NSA’s violations of the countries’ intelligence agreement — which bars spying on each other’s citizens — by, for example, directly monitoring Angela Merkel’s phone.)

The NSA maintains that it has broad authority to collect information on non-US persons abroad, whether pursuant to Section 702 of the FISA Amendments Act or under other authorities like Executive Order 12,333. Why did the NSA need to ask the Germans to run the searches in the first place? Were there restrictions under American law that would prevent the NSA from conducting those queries on its own?

There are longstanding concerns that the United States and its allies rely on each other to gather and share information that they cannot obtain under their own domestic laws. Many countries place significant restrictions on spy agencies gathering intelligence information about their own citizens, but the rules for spying on allies’ citizens are often looser. Intelligence agreements like the one between the US and Germany dictate what sorts of information can be collected and shared. 

Experts have long worried that, for example, if a search can legally be conducted under German law by the BND (but not under American law by the NSA), the Germans will run the search and share the results with the US, thereby allowing the NSA to gain access to information it may not lawfully have been able to get on its own.

Until now, stories of such practices have largely been confined to the Five Eyes community and haven’t extended to the US’s broader intelligence coalitions (see here, here, and here for examples). Der Spiegel’s report may indicate that the practice is far more widespread than previously known considering the fact that Germany enters the NSA’s intelligence coalition at the Fourteen Eyes level. There may well be valid reasons for the NSA requesting the BND to run so many searches, but the fact that none are particularly evident is concerning in-and-of itself.

Reports indicate that various European politicians and EADS, the European defense company, now known as the Airbus Group, were among the NSA’s targets. So while the US may not be stealing trade secrets, some of the selectors, sent to the BND, were apparently, driven by economic interests rather than counterterrorism efforts. 

The drama over these surveillance activities and Germany’s complicity is just starting to heat up. Austria filed a legal complaint two weeks ago so it could begin its own investigation into the extent of Germany spying on Austrian targets on behalf of the NSA. And Airbus is preparing to file a criminal complaint over the disclosures. This is to say nothing of last week’s revelations that, in addition to assisting the NSA with searches of particular selectors, the BND also sends the NSA roughly 1.3 billion metadata records every month.

Clearly, German and US intelligence agencies are cooperating on a scale and in ways that we are just now finding out about. It’s worth noting that in the wake of all of these new public revelations, the BND has suspended the online surveillance activities it was conducting for the NSA and has otherwise reduced its cooperation while the investigations are pending. Needless to say, it will be worth watching this space and to see whether and how these types of events undermine US-German cooperation on actual counterterrorism efforts.
Just Security:  http://bit.ly/1PAF4fl

« Nine Strange Flying Robots from the 2015 Drone Show
Snowden Sees Victory – But it’s From a Distance »

Perimeter 81

Directory of Suppliers

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Titus

Titus

Titus is a global leader in enterprise-grade data protection solutions.

Engineering Ingegneria Informatica

Engineering Ingegneria Informatica

Ingegneria Informatica is a leading Italian provider of Information Technology consulting, services and solutions including cyber security.

CSL Group

CSL Group

CSL solutions provide complete end-to-end connectivity services for Security, Fire, Telecare and other mission critical M2M/IoT applications.

ISA Global Cybersecurity Alliance (ISAGCA)

ISA Global Cybersecurity Alliance (ISAGCA)

Objectives of the ISA Global Cybersecurity Alliance include the acceleration and expansion of standards, certification, education programs, advocacy efforts, and thought leadership.

Responsible Cyber

Responsible Cyber

Protect yourself with Responsible Cyber’s 360° platform, IMMUNE, arming you with comprehensive support for your business.

Sentor Managed Security Services

Sentor Managed Security Services

Sentor Managed Security Services is a cybersecurity company that enables organizations to exist in a digitally connected world.

TryHackMe

TryHackMe

TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers.

Bowhead Cybersecurity Solutions and Services (BCSS)

Bowhead Cybersecurity Solutions and Services (BCSS)

Bowhead Cybersecurity Solutions and Services provides high-end technical and professional services with an emphasis on providing Cyber Solutions.