German BND Intelligence Cooperation with NSA has Actually Expanded.

apes.png

Late last month Der Spiegel reported that the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, participated in and directly supported the National Security Agency’s efforts much more broadly than originally revealed by the Snowden documents. 

The Der Spiegel story revealed that nearly five percent of the searches conducted according to NSA requests were violations of German intelligence policies, which, among other things, prohibit spying on European targets. On a daily basis, the NSA requested that the BND run searches on specific selectors (like phone numbers, IP addresses, and email addresses) and share the information with the US agency. These revelations are important on at least two fronts. First, the sheer quantity of selectors that the NSA sent to the BND raises questions about the level of cooperation between German and American spy agencies. Second, the degree to which the NSA’s requests were driven by economic interests rather than terrorism concerns may undercut the agency’s claims that it doesn’t engage in forms of economic espionage.

Before delving into these developments, it is important to consider them in light of the background history of relations between the US intelligence community and the BND. A Just Security post by Prof. Jefferson Adams traced some of the rocky relationship over time and the different institutional cultures today surrounding state surveillance. He called for a high-level review of US policies toward Germany and other NATO countries. 

According to the news from a few days ago, the relationship may have also borne fruit in the form of the BND played a fundamental role in tracking down Osama bin Laden before his death. So what do the new revelations about NSA and BND cooperation tell us?

Between 2002 and 2013, the NSA sent the BND roughly 800,000 selectors to run searches against, which averages out to nearly 200 per day, according to Zeit Online. By 2008, analysts at the BND started to worry that some of the selectors were targeting German and European individuals and companies, but it wasn’t until the Snowden revelations that the German public was made aware of the NSA’s requests or that the fulfillment of those requests included a number of violations of the country’s intelligence policies. 

Indeed, according to Der Spiegel, neither the leadership of the BND nor the Chancellery, the body charged with monitoring the BND, were made aware of the violations before 2013. In October of that year, the BND estimated that it had run searches on approximately 2,000 selectors that were aimed at information about European (including even German) individuals and companies. However, Der Spiegel’s recent report indicates that the number of violations committed by the BND at the request of the NSA was 40,000, not 2,000. (These “violations” are distinct from the NSA’s violations of the countries’ intelligence agreement — which bars spying on each other’s citizens — by, for example, directly monitoring Angela Merkel’s phone.)

The NSA maintains that it has broad authority to collect information on non-US persons abroad, whether pursuant to Section 702 of the FISA Amendments Act or under other authorities like Executive Order 12,333. Why did the NSA need to ask the Germans to run the searches in the first place? Were there restrictions under American law that would prevent the NSA from conducting those queries on its own?

There are longstanding concerns that the United States and its allies rely on each other to gather and share information that they cannot obtain under their own domestic laws. Many countries place significant restrictions on spy agencies gathering intelligence information about their own citizens, but the rules for spying on allies’ citizens are often looser. Intelligence agreements like the one between the US and Germany dictate what sorts of information can be collected and shared. 

Experts have long worried that, for example, if a search can legally be conducted under German law by the BND (but not under American law by the NSA), the Germans will run the search and share the results with the US, thereby allowing the NSA to gain access to information it may not lawfully have been able to get on its own.

Until now, stories of such practices have largely been confined to the Five Eyes community and haven’t extended to the US’s broader intelligence coalitions (see here, here, and here for examples). Der Spiegel’s report may indicate that the practice is far more widespread than previously known considering the fact that Germany enters the NSA’s intelligence coalition at the Fourteen Eyes level. There may well be valid reasons for the NSA requesting the BND to run so many searches, but the fact that none are particularly evident is concerning in-and-of itself.

Reports indicate that various European politicians and EADS, the European defense company, now known as the Airbus Group, were among the NSA’s targets. So while the US may not be stealing trade secrets, some of the selectors, sent to the BND, were apparently, driven by economic interests rather than counterterrorism efforts. 

The drama over these surveillance activities and Germany’s complicity is just starting to heat up. Austria filed a legal complaint two weeks ago so it could begin its own investigation into the extent of Germany spying on Austrian targets on behalf of the NSA. And Airbus is preparing to file a criminal complaint over the disclosures. This is to say nothing of last week’s revelations that, in addition to assisting the NSA with searches of particular selectors, the BND also sends the NSA roughly 1.3 billion metadata records every month.

Clearly, German and US intelligence agencies are cooperating on a scale and in ways that we are just now finding out about. It’s worth noting that in the wake of all of these new public revelations, the BND has suspended the online surveillance activities it was conducting for the NSA and has otherwise reduced its cooperation while the investigations are pending. Needless to say, it will be worth watching this space and to see whether and how these types of events undermine US-German cooperation on actual counterterrorism efforts.
Just Security:  http://bit.ly/1PAF4fl

« Nine Strange Flying Robots from the 2015 Drone Show
Snowden Sees Victory – But it’s From a Distance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Security Mentor

Security Mentor

Security Mentor provides innovative, online security awareness training designed for how people learn and work.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

Conscia

Conscia

Conscia provides IT infrastructure solutions and 24/7 services in network, data center, security and mobility.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

National Academy of Cyber Security (NACS)

National Academy of Cyber Security (NACS)

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

Schneider Downs

Schneider Downs

Schneider Downs & Co. provides accounting, tax and business advisory services through innovative thought leaders who deliver their expertise to meet the individual needs of each client.

BigBear.ai

BigBear.ai

BigBear.ai delivers high-end analytics capabilities across the data and digital spectrum to deliver information superiority and decision support.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

TempoCap

TempoCap

TempoCap is a European growth-stage technology fund with offices in London and Berlin. We invest across a variety of high- growth sectors including cybersecurity.