Leaked Report reveals German Intelligence Agency bulk data collection

German video

It is beginning to feel like no matter where in the world you live, your personal data is not safe from the intelligence agencies supposedly there to protect you. The actions of the NSA in America are now well-known thanks to Edward Snowden and more recently the extent of bulk data collection in the UK has also become more apparent.

And now it is the German Intelligence Agency, the Bundesnachrichtendienst or BND, which has come under fire.

A classified report [in German] from the German Federal Data Protection Commissioner, Andrea Voßhoff, which has been leaked, reveals that the BND has been illegally collecting and storing bulk data on German citizens. She also condemned the agency for systemic efforts to undermine and restrict her oversight capabilities.

18 Legal Violations

In total, the report highlights what have been described as 18 severe legal violations and it has filed 12 formal complaints. A formal complaint is the strongest tool at the disposal of the Data Protection Commissioner and issuing one requires the German Government to issue a statement in response.

Usually, there would be no more than a dozen such complaints raised in a year, so for that number to be included in a single report is unprecedented.

And this report is not based on evidence gathered across the German Intelligence network either. It is a result of a visit to a single intelligence station, the joint BND/NSA-station Bad Aibling in southern Germany. No-one seems to be under the impression that Bad Aibling is the only station where these activities were taking place.

It was also not as a result of a full report. This is because, according to the Data Protection Commissioner, the BND “illegally and massively restricted my supervision authority.” As a result of this, she states that producing a full and comprehensive report has not been possible.

Illegal Data Collection

According to the report, the BND has created no fewer than seven illegal databases which have been created without the required legal process being carried out. The Data Protection Commissioner has ordered these databases to be deleted immediately.

One of these databases contained the NSA tool XKeyStore. This is a tool which can collect pretty much everything a user is doing online. The Data Protection Commissioner asserted that this was being used not just against terrorist suspects but also many people she describes as being “irreproachable”; in other words, they are not suspected of having done anything wrong.

She also notes that the BND has been collecting personal data without a legal basis for doing so and that this data has been processed at the Bad Aibling station. The BND has argued that this data is necessary, but she has dismissed such statements, saying that whether something is necessary or not “cannot substitute a missing legal basis”.

The Data Protection Commissioner has also noted that German Constitutional Law must also apply to personal data collected by the BND overseas if it is then processed within Germany.


The revelations will come as a huge embarrassment to the German Government and the BND itself at what is a difficult time for them. The ruling Christian Democratic Union party has suffered in recent elections and their policy of allowing mass immigration into German is wildly unpopular.

Opposition politicians have inevitably leapt on this report as another stick to beat them with. Martina Renner of the Left Party described the findings as “shocking” while Green Party leader Konstantin von Notz told German public broadcaster Deutschlandfunk the report had been “swept under the carpet” and called on the BND to stop surveilling all citizens and focus on potential criminal and terrorist suspects alone.

Unfortunately, it doesn’t seem that the report is going to see the BNDs working practices changing for the better. Rather, the German Government has drafted legislation which will not only legalise these current activities but give the BND further powers as well.

These new laws are expected to come into force at the start of next year. And they are likely to act as a significant push factor to German netizens to begin to take steps, such as using a VPN, to protect their own online privacy from the very Government and Intelligence Service, which is supposed to be defending their interests.

Leave a Reply

Your email address will not be published. Required fields are marked *