The big scandal in Germany is how the BND (Bundesnachrichtendienst) has been spying for many years on European politicians, institutions and industries (though the BND deny the latter category). Intelligence garnered is passed to the US National Security Agency. According to one report (see below) the number of selectors – IP addresses, search terms and names – used by the BND is not 40,000, as widely reported, but far more. Below is a document, marked ‘Top Secret’, on the close relationship between the BND and the NSA. Also, below, are two European Parliament reports on mass surveillance (one of which proscribes certain espionage activities – activities that Germany and other EC member states flout).
UPDATE: Wikileaks release of Bundestag Inquiry into NSA/BND.
A. The mystery ‘selectors’
First, the ‘selectors’… According to Zeit Online around 800,000 selectors, not 40,000, have been provided by the NSA to the BND. The BND downloads the selectors several times each day from the NSA and these are then entered into its databases and systems. The results are then sent to BND HQ in Pullach for evaluation and after that are returned to the NSA.
The magic number 40,000 also appears in an article in the Guardian, but in relation to selectors handled by GCHQ…”The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to “selectors” – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is “content”, such as recordings of phone calls or the substance of email messages. The rest is metadata.”
(The above Selector slide courtesy of Edward Snowden.)
According to The Intercept… “The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter. Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.
Also according to Zeit Online the BND forwards up to 1.3 billion metadata records to the NSA every month, without knowing how that information is used.
(Three European companies who are believed to have been subject to GCHQ surveillance on behalf of BND are Stellar, Cetel and IABG. Under review are allegations that the NSA monitored the German chancellor’s mobile phone and also conducted mass surveillance on the communications of millions of Germans.)
B. European Parliament report on mass surveillance
There are two reports to examine here. while both date back to circa 2000, they are of interest because they provide insight into the fundamentals of what the European Union countries agreed (though only in principle).
Firstly, here is the report on a 2001 European Parliament resolution that sets out the intelligence agreements across the EU, including interception rules, industrial espionage protocols, etc and with reference to Echelon. These agreements – arguably, they had no legal standing – have been widely flouted (and not just by Germany). The document deserves to be read in full.
One crucial paragraph reads:
As regards the question of the compatibility of a system of the ECHELON type with EU law, it is necessary to distinguish between two scenarios. If a system is used purely for intelligence purposes, there is no violation of EU law, since operations in the interests of state security are not subject to the EC Treaty, but would fall under Title V of the Treaty on European Union (CFSP), although at present that title lays down no provisions on the subject, so no criteria are available. If, on the other hand, the system is misused for the purposes of gathering competitive intelligence, such action is at odds with the Member States’ duty of loyalty and with the concept of a common market based on free competition. If a Member State participates in such a system, it violates EC law.
In relation to co-operation with the NSA:
Germany and the United Kingdom are called upon to make the authorisation of further communications interception operations by US intelligence services on their territory conditional on their compliance with the ECHR, i.e. to stipulate that they should be consistent with the principle of proportionality, that their legal basis should be accessible and that the implications for individuals should be foreseeable, and to introduce corresponding, effective monitoring measures, since they are responsible for ensuring that intelligence operations authorised or even merely tolerated on their territory respect human rights.
Secondly, here is a report to the Director General for Research of the European Parliament (Scientific and Technical Options Assessment programme office) on the development of surveillance technology and risk of abuse of economic information. (Again, worth reading in full.)
Note: investigative journalist Duncan Campbell in a document on Echelon states that “Although routinely denied, commercial and economic intelligence is now a major target of international SIGINT activity”.
B. The NSA/BND relationship
Incidentally, the precise relationship between the NSA and BND can be found in this Top Secret document. The document also refers to the use of XKEYSCORE technology. According to documents supplied by Snowden of the more than 500 million data records in Germany to which the NSA has access every month about 182 million of them are collected with XKeyscore. (An article in Der Spiegel details the closeness of the relationship between the NSA and the BND.)
C. Nymrod and the Centre for Content Extraction
A secret NSA document, dealing with high-ranking targets, has provided further indications that Angela Merkel was an NSA target. The document is a presentation from the NSA’s Center for Content Extraction, whose multiple tasks include the automated analysis of all types of text data. The lists contain 122 country leaders, including Merkel’s. Twelve names are listed in the image below as an example.
The list begins with “A,” as in Abdullah Badawi, the former Malaysian prime minister, and continues with the presidents of Peru, Somalia, Guatemala and Colombia right up to Belarusian President Alexander Lukashenko. The final name on the list, No. 122, is Yulia Tymoshenko, who was Ukrainian prime minister at the time. The NSA listed the international leaders alphabetically by their first name, with Tymoshenko listed under “Y”. Merkel is listed under “A” as the ninth leader, right behind Malawian President Amadou Toumani Touré, but before Syrian dictator Bashar Assad.
The Nymrod database of citations – derived from intelligence agencies, transcripts of intercepted fax, voice and computer-to-computer communication – includes 300 references alone to Merkel. The document indicates that Merkel has been placed in the so-called “Target Knowledge Database” (TKB), the central database of individual targets. An internal NSA description states that employees can use it to analyze “complete profiles” of target persons. The responsible NSA unit praises the automated machine-driven administration of collected information about high-value targets. Each of the names contained in Nymrod is considered a “SIGINT target.”