stiftung neue verantwortung Impulse 25/13

September 2013 Law and Policy in Internet Programs: United States, Great Britain and Germany1 Many Europeans are outraged about US government surveillance Authors: programs that the leaked NSA documents have documented. Stefan Heumann, PhD, German and European politicians and government officials have Deputy Program Director strongly criticized the US government for disrespecting the privacy of European citizens’ personal data and communications. The [email protected] concerns about Internet surveillance by the NSA and other Ben Scott, PhD, intelligence agencies are certainly warranted. And criticisms by Program Director & Senior close partners and allies will be important to push the US Advisor to the Open Tech- government to reevaluate the scope and scale of these programs nology Institute at the New and to consider meaningful reforms to improve oversight and America Foundation accountability. In order to be credible spokesmen for reform, [email protected] Europeans will have to follow at least the same standards that they would like to see other governments adopt. And they will have to Joint Publication of be transparent about what these standards are and how they will Program “European Digital be applied in practice. Germans have been among the most Agenda” of stiftung neue outspoken critics of the US government. These critics implicitly verantwortung and the make the assumption that Germany has higher standards than the Open Technology Institute US in regard to limiting and controlling its intelligence agencies. of the New America In this paper, we test this assumption by comparing the underlying Foundation law governing signals intelligence programs aimed at non-citizen communications in the US, the UK and Germany. We focus on three areas of analysis:

1) Legal authorization for surveillance programs;

2) Functionality and scope of the collection programs; and 3) Oversight and accountability measures that restrict and control these programs.

1 We would like to thank Tim Maurer of the Open Technology Institute for valuable research support and Kevin Bankston of the Center of Democracy & Technology, Eric King of Privacy International, and Prof. Niko Härting for feedback and comments on previous drafts.

The discussion here is not intended as a than the present debate would suggest. In comprehensive review of all aspects of these all three countries the intelligence agencies issues, but an accurate sketch of legal enjoy great discretion and independence frameworks and practical operations that when it comes to the collection of foreign permits reasonable comparison. The com- intelligence. Legal restrictions and over- parison is intended to offer a baseline sight mechanisms are only concerned with analysis of national surveillance policies and the protection of the rights of each country’s to identify possible areas for reform to align own citizens. And, in most cases, these a new trans-Atlantic policy that balances restrictions come into place mainly after the legitimate electronic surveillance with the interception and collection of tele- right to privacy. communications traffic has already occurred. The differences in the policy structures do Our findings do not support the conclusion not necessarily reflect poorly on the US. For that foreign signals intelligence programs in example, while all three countries lack the US represent a fundamentally different robust systems for judicial review to protect policy choice than two of its most important citizens against undue surveillance, only the European allies. It is certainly true that the United States involves courts in the autho- NSA programs are larger in scope than those rization of some of its programs. The of other governments. And the US intelli- German G-10 Commission, an oversight body gence agencies have more favorable con- of the national parliament, plays a similar ditions for compelling cooperation from the but non-judicial role as the American FISA major Internet service providers because courts. But its mandate is broader. Great many of them are US companies. However, Britain has the weakest oversight there appear to be more similarities than mechanisms, lacking institutionalized review differences between three countries when it of surveillance programs from both the comes to how these programs are autho- legislative and judicial branches of rized, how they function, and what oversight government. The actual work of the mechanisms exist to control them. The laws institutions charged with overseeing and authorizing digital surveillance share a authorizing surveillance programs is common structure, although the inter- shrouded in secrecy in all three countries. pretation of how these laws are applied may diverge. This study seeks to offer a baseline to begin an international dialogue on these questions The reach of NSA’s international cooperation of policy frameworks - starting with trans- and the scale of its programs make clear that Atlantic confidence building. In order to a reform debate in Washington is necessary keep the scope of the paper manageable, the and appropriate. But the US policy is not analysis is focused primarily on surveillance sufficiently different from those of its allies programs by intelligence agencies directed that a unilateral reform will re-establish at the digital communications of non- international norms at a new baseline that is citizens. However, in all three case studies, responsive to citizen outrage over the the rules governing surveillance at home and Snowden revelations. This preliminary surveillance abroad become blurred by the analysis suggests that the current baseline nature of the technology and the methods of internationally is much closer to US policy data acquisition and analysis. First, the

Impulse 25/13 2

Internet is a global infrastructure. This piece together the technical functionality of means that the distinction between foreign each program and the corresponding laws and domestic Internet communications is that authorize and oversee these programs. much harder to discern. Even what we To simplify without doing damage to the would consider as “domestic” communi- basic logic of the entire system, we can cations between two citizens who are identify two major approaches to located inside the geographic boundaries of surveillance. The same framework is their home country may pass through servers common to most intelligence services that around the globe and the communications conduct surveillance. data might be stored or processed abroad. Therefore even intelligence operations that The first approach is the interception of real are focused on communications infra- time information directly from the wires of structure abroad will yield data about telecommunications networks. This is every- citizens at home. Second, the leaked thing from a single wire-tap to the documents also indicate that there is “upstream” collection of massive amounts of extensive cooperation between US, British, Internet and telephone traffic that are and German intelligence agencies. This redirected and stored by agency computer provides ample opportunities for intelli- systems for non-real-time review. The gence agencies to circumvent restrictions by second approach is the collection of stored their home governments through inter- information saved on the computers or national cooperation and data sharing. servers of organizations or companies. In Given the international implications of these both cases, access is typically gained programs, domestic reforms will make little through the presentation of a legally binding sense, if they are not linked to reform efforts instrument to a commercial firm that on the international level. The key question transmits, stores or processes data. The is whether the legal protections afforded to Foreign Intelligence Surveillance Act (FISA) citizens may be extended to certain groups and its amendments are the central elements of non-citizens, and if so, whether these of the statutory authority for foreign intelli- reforms are politically feasible and gence collection through electronic surveil- technically possible. The starting point to lance. These laws authorize both reach these answers begins with this approaches to data collection. Section 215 analysis. of the Patriot Act is also aimed at foreign intelligence investigation. It grants authority to collect a wide variety of records USA from private companies, e.g. phone records. Section 215 is therefore tied to the collection Legal Authorization of stored data.

Several different statutes underlie the Congress adopted FISA in 1978, drawing a authorization for the system of US signals line between the surveillance of foreign intelligence collection. The complexity of the targets and US persons.2 The terrorist constellation of programs and the siloed reporting on the Snowden documents often 2 The NSA regards US citizens, aliens with per- blurs the bigger picture of the overall manent residency, US corporations, and associa- architecture. This makes it challenging to tions of US citizens or residents as US persons. http://www.nsa.gov/sigint/faqs.shtml#sigint4 Impulse 25/13 3

attacks of September 11, 2001 led to a that may not be processed, essentially massive expansion of the national security separating foreign and domestic communi- apparatus. FISA amendments passed in cations. In short, the interception of all 2001 and 2008 broadened the definition of communications traffic has been broadly the kinds of information that can be authorized, and the legally required mini- collected. Prior to 2008, FISA only permitted mization and restriction of use occurs only targeting “foreign powers” or “agents of after collection. foreign powers” with surveillance programs.3 Since 2008, the NSA and other intelligence The surveillance programs authorized by agencies are authorized to collect “foreign FISA also permit law enforcement to compel intelligence information” including “infor- private companies to provide access to data mation with respect to a foreign power or that they store, transmit, and process that foreign territory that relates to … the may be related to intelligence targets. conduct of foreign affairs of the United Section 215 of the Patriot Act also allows the States.”4 This definition goes far beyond government to access data collected by counter-terrorism or national security as the private companies.5 Based on Section 215 main purposes of intelligence gathering. It the FBI can request on behalf of the NSA that permits the kind of of the FISA court issues an order to a US foreign communications exposed by the company for production of foreign intelli- Snowden documents by broadly authorizing gence information needed for an ongoing the acquisition of communications where at investigation. The scope of Section 215 is least one party is outside the US. The very broad, although again collection must information that can be gathered includes distinguish between foreign and domestic the meta-data associated with phone calls communications. Data of US persons may not and emails (e.g. numbers, call duration, be collected unless the investigation relates email addresses) as well as the content of to international terrorism or clandestine communications. intelligence activities by foreign countries.

The bulk collection of real-time data directly Scope and Conditions of Surveillance from the wires requires the legal separation of the act of interception and the act of The Snowden documents show that the US processing the data to look for targets. government has built massive infrastructure Mass interception and collection of Internet to support Internet surveillance. The bulk traffic will inevitably sweep in both foreign collection programs reportedly have access and domestic communications. Since to the major Internet exchange points in the targeting a US person requires a court order, US, which means they can conduct the act of collection itself is not viewed as surveillance on all communications that targeting. The data collected in bulk is travel into and out of the country.6 Because sorted and parsed to eliminate information

5 According to the business records provision of 3https://it.ojp.gov/default.aspx?area=privacy&pa Section 215 - 50 U.S.C. § 1861(b)(2)(A) ge=1286#contentTop 6 See Charlie Savage, “N.S.A. Said to Search Con- 4http://www.theatlantic.com/technology/archive/ tent of Messages to and From U.S.”, 2013/06/us-government-surveillance-bad-for- “http://www.nytimes.com/2013/08/08/us/broad silicon-valley-bad-for-democracy-around-the- er-sifting-of-data-abroad-is-seen-by- world/277335/ nsa.html?pagewanted=all&_r=2& Impulse 25/13 4

some of the communications traveling over service providers” dating back to 2008.9 the Internet may be pertinent to foreign Prism is authorized by Section 702 of FISA. intelligence investigations, all of these It focuses on foreign targets. In some cases, communications may be monitored from the companies have resisted cooperation. these locations. This logic provides the Shortly after the initial media reports, Yahoo justification for giving the government succeeded in a court case with the FISA access to the vast majority of international Court ruling to release NSA documents telecommunications traffic transmitted demonstrating Yahoo’s resistance to US through the US. Similarly, a FISA court order government requests for customer data.10 In (made public by Snowden) based on the 2011, an undisclosed company brought a Patriot Act requires Verizon and reportedly case before the FISA court, which ruled that AT&T and Sprint to hand over metadata of all the NSA had violated the Fourth Amendment its phone calls “on an ongoing daily basis” by conducting illegal searches of private both within the US and between the US and data.11 abroad.7 This data is then stored at a NSA repository. The authorization has been in The constantly updated databases of place for the past seven years – renewed monitored and stored communications are every three months by the FISA court. The then analyzed for operational intelligence. US government has also established access The most powerful tool is known as to undersea fiber-optic cables for XKeyscore. It is a sophisticated search surveillance purposes – as part of a package interface that enables the analyst to run of programs (including one called queries, pulling data from several collection “Boundless Informant”) that access huge programs. The program allows analysts to quantities of raw data flowing over the search vast databases of intercepted Internet.8 Internet traffic. Analysts can search by name, telephone number, IP address, But NSA’s activities are not limited to keywords, browser type and language to accessing the data flowing over the lines of gain access to the content of emails, online- private network operators. The now famous chats, and other communications. Prism program provides NSA access specific user data compelled through court orders These programs and their legal authoriza- from nine major American Internet content tions permit the collection of global commu- and service providers. According to the nications on an ongoing basis without regard Director of National Intelligence (DNI), to precisely what is collected. Obviously, Prism “is an internal government computer this means they sweep in data that falls system used to facilitate statutorily authorized collection of foreign intelligence 9 http://www.lawfareblog.com/wp- information from electronic communication content/uploads/2013/06/Facts-on-the- Collection-of-Intelligence-Pursuant-to-Section- 702.pdf 10 http://www.nbcnews.com/technology/court- 7 http://business.time.com/2013/07/03/nsa- sides-yahoo-nsa-prism-data-collection-case- scandal-as-tech-giants-fight-back-phone-firms- 6C10651458 stay-mum/ 11http://www.theatlantic.com/technology/archive 8http://www.theguardian.com/world/interactive/ /2013/06/us-government-surveillance-bad-for- 2013/jun/08/nsa-boundless-informant-data- silicon-valley-bad-for-democracy-around-the- mining-slides world/277335/ Impulse 25/13 5

outside the limited scope of foreign be discussed further below. The NSA also intelligence. Minimization procedures then closely works with the German foreign narrow what data can be retained, analyzed intelligence service BND, but very little is and disseminated, once it has been still known about the exact nature and collected, based on whether it was legal to extent of intelligence sharing between the collect it in the first place. For example, any two countries. communication collected off the Internet that later turns out to involve a US person Oversight over Intelligence Agencies must be destroyed unless the NSA director and Surveillance Programs states in writing that this information constitutes foreign intelligence, contains The broad array of US signal intelligence evidence of a crime, information necessary programs carry different forms of oversight to understand or assess a communications conducted by different branches of govern- security vulnerability, or information ment. Most prominently, judicial oversight pertaining to a threat of serious harm to life of the largest collection programs is or property. The American Civil Liberties exercised by the FISA court consisting of Union and the Electronic Frontier Foundation eleven Federal judges appointed by the Chief have filed lawsuits to try to stop many of Justice of the United States. The FISA court these programs from extensive collection meets in secret, only allows the government and targeting of domestic communications to appear before it, and provides an annual on First, Fourth, and Fifth Amendments report to Congress concerning its activities. grounds.12 In light of the minimal number of appli- cations being rejected by the FISA court, A comprehensive overview of all known critics argue it is “rubber stamping” govern- signals intelligence programs at NSA that ment requests.14 However, the nature of the permit the collection of telephone and judicial review does not permit the FISA Internet is beyond the scope of this paper. court to effectively oversee the im- What the leaked documents clearly show is plementation of surveillance programs. FISA that US surveillance capacities are global. minimization standards follow a “collection The NSA exploits the fact that many inter- first, minimization later” model. It therefore national communications are routed through shifts responsibility to determine FISA servers located in the U.S. and serviced by compliance from the FISA court to the US companies. US capacities are further executive.15 enhanced by close cooperation with other countries. The US, Great Britain, New Zea- The Intelligence Committees and Judiciary land, Canada, and Australia have formed the Committees in the Senate and House of “ Alliance” to share intelligence.13 Representatives exercise general oversight The cooperation between the US and Great over all intelligence collection programs and Britain seems to be particularly deep as will committee members are regularly briefed. Members of Congress receive detailed

briefings prior to each reauthorization. 12http://www.dailykos.com/story/2013/07/16/12 24176/-EFF-and-ACLU-Sue-NSA 13 See, for example: 14https://epic.org/privacy/wiretap/stats/fisa_stat http://www.cdfai.org/PDF/Canada%20and%20th s.html e%20Five%20Eyes%20Intelligence%20Commun 15 https://www.cdt.org/files/pdfs/Analysis- ity.pdf Section-215-Patriot-Act.pdf Impulse 25/13 6

However, Members of Congress are barred Great Britain from disclosing relevant information publicly and the FISA court’s opinions are secret. Legal Authorization Members of Congress have complained that they are not sufficiently informed about NSA The Intelligence Services Act (ISA) 1994 and and other intelligence agencies’ activities to the Regulation of Investigatory Powers Act exercise effective oversight.16 (RIPA) 2000 provide the legal framework for the Government Communication Head- Other mechanisms for accountability do quarters (GCHQ), Britain’s intelligence exist, and they are attached to specific agency responsible for signals intelligence authorizing legislation. For example, the and information assurance. ISA authorizes oversight regime regarding section 215 of the work of the intelligence services for the the Patriot Act includes all three branches purposes of national security, foreign policy, and consists of (1) a semi-annual report to economic interests, and the prevention or Congress, (2) a meeting at least once every detection of serious crimes. GCHQ is under 90 days between the executive agencies the authority of the Secretary of State. The Department of Justice, Office of the DNI, and director of GCHQ is supposed to ensure that the NSA, and (3) a report filed with the FISA “no information is obtained by GCHQ except court every 30 days. Foreign surveillance is so far as necessary for the proper discharge subject to less oversight from the executive, of its functions.“ GCHQ and other intelli- judicial, and legislative branches of the US gence agencies such as the Security Service government. The regime includes (1) annual (MI5) and the Secret Intelligence Service reviews from the NSA Inspector General, (2) (MI6) must apply for a warrant issued by the a semi-annual reports to the FISA court and Secretary of State to conduct telecommuni- Congress on the program’s implementation, cations surveillance. The Secretary of State (3) semi-annual reports to the FISA court determines whether the requested surveill- and Congress on compliance by Attorney ance activity falls within the statutory General and DNI, and (4) a quarterly report function of the intelligence agencies. to the FISA court on compliance. Within the executive, the NSA must report to the RIPA regulates a wide range of surveillance Department of Justice and the office of the activities by law enforcement and intelli- DNI any incidents of non-compliance with gence agencies. RIPA mandates cooperation FISA such as intentional targeting or persons and the provision of interception capacities believed outside the US being in the US. from telecommunication operators for autho- Finally, there is a new and untested rized surveillance programs.18 Surveillance oversight body – the Privacy and Civil warrants issued by the Secretary of State Liberties Oversight Board (PLCOB). It is now have to be proportionate and necessary for engaging in a review of the NSA’s the defined purposes of the intelligence surveillance activities.17 agencies as stated above. Warrants must be kept secret and be renewed every six months. A warrant can either target a single

16http://www.theguardian.com/commentisfree/2 18 http://www.liberty-human- 013/aug/04/congress-nsa-denied-access rights.org.uk/materials/introduction-to-ripa- 17 http://www.pclob.gov/newsroom august-2010.pdf Impulse 25/13 7

person or a set of premises. For example, an and Cyprus.”21 office could be targeted as a premise, putting all communications to and from that Scope and Conditions of Surveillance location under surveillance. The language on “safeguards” is broad, leaving much room The structure and functionality of the UK’s for interpretation by the intelligence surveillance programs appear to be similar agencies. RIPA requires the minimization of to the US and nearly as broad in scope. Due the number of people given access to data, to the UK’s geographical position, a large the extent to which it is disclosed, and the number of undersea fiber-optic cables that number of copies made. No specification of carry Internet traffic land in the UK before targeted individuals or premises is needed they cross the Atlantic Ocean. for requests for the surveillance of foreign reported that by the summer of 2001, GCHQ communications.19 had attached probes to more than 200 of these cables to filter and store data for According to the documents made public by intelligence purposes.22 This program is Snowden, RIPA serves as legal basis for the codenamed and part of two taps that have been placed on fibre-optic projects entitled “Mastering the Internet” cables. GCHQ refers to paragraph 4 of and “Global Telecoms Exploitation” that section 8 of RIPA to request warrants related reflect GCHQ’s sweeping ambitions for to the interception of communications Internet surveillance. As a member of the external to the UK.20 They allow the agency Five Eyes intelligence community, an to intercept external communications where, alliance between the United States, Canada, for instance, one of the people being Great Britain, New Zealand and Australia, targeted is outside Britain. In most RIPA Great Britain closely collaborates with the cases, a minister has to be told the name of NSA for the purpose of intelligence an individual or company being targeted collection and sharing. The Guardian cites before a warrant is granted. But section 8 leaked documents stating that “GCHQ and permits GCHQ to perform more sweeping and NSA avoid processing the same data twice indiscriminate trawls of external data, if a and proactively seek to converge technical minister issues a "certificate" along with the solutions and processing architectures.”23 warrant. According to the documents, the Currently, 300 analysts from GCHQ and 250 current certificate authorizes GCHQ to search from NSA are directly assigned to examine for material under a number of themes, the collected material. Full access was including: intelligence on the political provided to NSA in fall 2011. A key question intentions of foreign governments; military (which we have not yet been able to answer postures of foreign countries; terrorism, with our research) is how domestic international drug trafficking and fraud. communications that are inadvertently Reportedly there are “10 basic certificates, captured along with the foreign communi- including a “global” one that covers the agency’s support station at Bude in 21 Cornwall, Menwith Hill in North Yorkshire, http://www.theguardian.com/uk/2013/jun/21/l egal-loopholes-gchq-spy- world?INTCMP%3DSRCH 19 http://ohrh.law.ox.ac.uk/?p=2056 22http://www.theguardian.com/uk/2013/jun/21/g 20 http://ohrh.law.ox.ac.uk/?p=2056 and chq-cables-secret-world-communications-nsa http://www.theguardian.com/uk/2013/jun/21/leg 23http://www.theguardian.com/uk/2013/jun/21/g al-loopholes-gchq-spy-world chq-mastering-the-internet Impulse 25/13 8

cations are treated by the British to prepare an annual report for the Prime intelligence agencies. Minister and the Secretary of State. In addition, the Interception of Communi- The cooperation between NSA and GCHQ cations Commissioner (ICC) ensures that seems to go much deeper than the Tempora government agencies act in accordance with program. According to reports by the their legal responsibilities as stated in RIPA Guardian the NSA has paid GCHQ £100 when intercepting communications.27 The Million for surveillance programs.24 Commissioner also reviews the role of the Apparently British intelligence officials used Home Office Secretary of State in issuing low data protection standards and a interception warrants. However, the ICC forgiving regulatory regime as “selling appears to review only a small portion of points” for NSA officials. NSA funding seems warrants and only after the Secretary of to be an important source of income for State has already issued them.28 If she finds GCHQ and provides US intelligence officials wrongdoing, the ICC has to report to the PM, not only access to British programs but also but there is no obligation to make the puts them in a position to shape them. More finding public. Thus the authorization and recent reports reveal that NSA and GCHQ the review process are entirely contained also work together to compromise widely within the executive branch. used encryption standards for Internet communications.25 The Investigatory Powers Tribunal, composed of nine senior members of the GCHQ also has programs that compel legal profession, hears complaints from cooperation from UK based Internet individuals who allege that they have been companies that offer network access, content subject to illegal surveillance.29 However, and services. The German newspaper the Tribunal cannot initiate its own Sueddeutsche Zeitung reported that GCHQ investigations. People outside of the intelli- closely works with telecommunication gence agencies hardly ever learn about mis- service providers British Telecom, Verizon, conduct so that they can file a complaint. In Vodafone, Global Crossing, Level 3, Viatel addition, strict standards of secrecy apply to and Interroute not only to gain access to the work of the Tribunal to protect infor- their communication networks but also to mation whose non-disclosure is considered develop surveillance programs and to serve public or national interests. software.26 The Intelligence and Security Committee of Oversight over Intelligence Agencies Parliament (ISC) exercises statutory and Surveillance Programs oversight of the UK intelligence community, including the expenditure, administration According to ISA, the director of GHCQ has and policies of the intelligence agencies.30

24 http://www.theguardian.com/uk- news/2013/aug/01/nsa-paid-gchq-spying- 27 http://www.iocco-uk.info/ edward-snowden 28http://www.justice.org.uk/data/files/resources/ 25http://www.theguardian.com/world/2013/sep/ 305/JUSTICE-Freedom-from-Suspicion- 05/nsa-gchq-encryption-codes-security Surveillance-Reform-for-a-Digital-Age.pdf, p. 50 26 http://www.sueddeutsche.de/digital/internet- 29 http://ipt-uk.com/default.asp ueberwachung-snowden-enthuellt-namen-der- 30http://www.legislation.gov.uk/ukpga/1994/13/ spaehenden-telekomfirmen-1.1736791 section/10 Impulse 25/13 9

The ISC publishes an annual report. The challenging the legality of the Tempora most recent report for 2012/2013 focuses on program and the cooperation between GCHQ the performance, effectiveness, and budget and Internet Service Providers in court.33 of the intelligence agencies. It does not examine intelligence activities with regard to their implications for civil liberties, Germany privacy or data protection. On July 17, the ISC published a statement on GCHQ’s Legal Authorization alleged interception of communications under the US Prism program.31 After The German foreign intelligence service BND receiving “detailed evidence from GCHQ,” operates based on a law passed by the the committee concluded that allegations of German parliament in 1990.34 §1, Section 2 unlawful conduct by the GCHQ were of the BND law authorizes the BND to gather unfounded. However, the ISC also foreign intelligence relevant to German announced an examination of the “complex foreign policy and national security interaction between the Intelligence interests. The law requires a strict sepa- Services Act, the Human Rights Act and the ration of the intelligence service from police RIPA” as well as the “policies and pro- and law enforcement functions. §2, Section cedures that underpin them.” This review 4 mandates the BND to use the method of appears to be ongoing. intelligence gathering with the least disruptive impact on the targeted person. It does not appear that the British surveill- There also has to be a balance between ance programs require judicial review. The negative consequences of the surveillance RIPA powers generally do not require court and the intended benefit. As this language approval and may be used for a wide range above indicates, the law is written so of purposes. While the position of the broadly that it offers very little concrete Commissioner is filled with a former high guidance regarding the legal limits of court judge, critics of the current surveill- surveillance programs. The law also authori- ance regime believe that court authori- zes the BND to request data from zations would provide the most meaningful telecommunications providers for the improvement of the current system.32 purposes stated in §1, Section 2. Overall, the oversight of the UK surveillance program is quite limited. There seems to be While the BND has a broad mandate to very limited legislative and no judicial collect foreign intelligence information that review. Little is known about the specific serves German foreign policy and national minimization procedures that GCHQ may use security interests, any activities that to restrict access or delete information from interfere with Article 10 of the Constitution the raw traffic databases that was (protection of the privacy of correspondence, inappropriately collected. Privacy Inter- posts, and telecommunications) are subject national has announced that it is considering to the G-10 Law and to the approval of the G-

31 http://isc.independent.gov.uk/news- 33 http://www.theguardian.com/uk- archive/17july2013 news/2013/aug/08/privacy-international- 32http://www.justice.org.uk/data/files/resources/ challenges-bt-vodafone-gchq 305/JUSTICE-Freedom-from-Suspicion- 34 http://www.gesetze-im- Surveillance-Reform-for-a-Digital-Age.pdf internet.de/bndg/BJNR029790990.html Impulse 25/13 10

10 Commission (discussed below). It applies the BND is only subject to data protection to all German intelligence agencies including laws, if the agency operates in Germany.37 BND, the Military Intelligence Agency, and Those are not the only controversial issues. the Federal and State Offices for the Härting also argues that the current legal Protection of the Constitution. The G-10 Law regime does not allow the BND to collect defines more narrowly the purposes for the metadata.38 authorization of surveillance programs of international telecommunications. It lists According to the BND law, the BND is among others the threat of an imminent authorized to collect, store, change, and military attack against Germany, threat of analyze personally identifiable information international terrorist attacks related to in accordance with its mission. The creation Germany, or international proliferation of of new databases with personally identi- military equipment as legitimate purposes fiable information has to be approved by the for surveillance. But the mandate is still Chancellery. The data protection provisions broadly defined. It also includes drug of the Office for the Protection of the trafficking, international money laundering, Constitution apply. Data that is no longer and trafficking of persons. needed for specified purposes or was obtained by unauthorized methods has to be There is a dispute among legal scholars, deleted. The data protection provisions of whether Article 10 of the Constitution also the G-10 law are stricter. §5 prohibits the protects the communications between capture of data concerning the core of foreigners abroad and the G-10 Law thus personal privacy. §6 obligates the also applies to them.35 Berthold Huber, a intelligence services to evaluate (once judge and a member of the G-10 information is obtained, afterwards at least Commission, wrote in recent law journal every six months) regularly whether article that the government treats foreign captured data is needed for authorized communications abroad as not covered by purposes. If this is not the case, the data Article 10 of the Constitution and thus not has to be immediately deleted. The deletion subject to the G-10 Law and oversight by the of the data has to be documented. The law G-10 Commission.36 Niko Härting claims that also puts strict limitations on how and under what conditions data obtained under the G- 10 law can be shared with other government agencies or foreign intelligence services. 35 http://www.golem.de/news/datenueberwachun The structure of the intelligence collection g-die-bnd-auslandsaufklaerung-im-rechtsfreien- raum-1309-101324.html system is similar to the UK and the US. The 36 Dr. Berthold Huber, „Die Strategische Raster- law permits broad collection of information fahndung des Bundesnachrichtendiestes – consistent with foreign intelligence needs Eingriffsbefugnisse und Regelungsdefizite“ Neue Juristische Wochenschrift, 2013, Heft 35, page 2576 See also point 9 in the Chancellory’s re- nternationale-datenaffaere-die-aussenwelt-der- sponse to parliamentary inquiry by the Left Par- innenwelt-12243822.html ty. A link to the document can be found here: 37 http://www.cr-online.de/blog/2013/07/26/nsa- http://www.cr- und-bnd-rechtsgrundlagen-gemeinsamkeiten- online.de/blog/2012/05/24/bundesregierung- unterschiede/ bestatigt-bnd-prufte-2010-die- 38http://www.cr- nachrichtendienstliche-relevanz-von-37-mio- online.de/blog/2013/08/06/warum-die- mails/ Georg Mascolo makes this argument here: erhebung-von-metadaten-durch-den-bnd- http://www.faz.net/aktuell/feuilleton/debatten/i verfassungswidrig-ist/ Impulse 25/13 11

and interests. The restrictions and filters Internet traffic on a large scale.41 The minimization – while perhaps stronger in BND claims that the very high number of Germany – are only applied after initial captured telecommunications was the result monitoring has occurred. of an unusual amount of spam Email. For 2011 the report lists just less than 3 million Scope and Conditions of Surveillance captured telecommunications.42 Since the number of keywords dropped only slightly, Very little is known about specific German the most likely explanation for the foreign intelligence service (BND) surveil- substantial decrease of captured tele- lance programs. According to reports in the communication is the improvement of media the BND routinely monitors automated filtering functions.43 The Left international telecommunications on Party used a parliamentary information Germany’s largest Internet exchange point request to learn more about the BND DE-CIX in Frankfurt.39 The authority for this surveillance of telecommunications. The network surveillance is based on sections in response from the Chancellery confirmed the G-10 Law (§5 and §10, Section 4). They that the BND performs automatic searches of state that general surveillance of inter- Internet communications. The report national telecommunications can be con- contains very little information regarding the ducted for authorized, broadly defined scope of the programs and minimization purposes, but only using up to 20% of the procedures. This information remains “telecommunication transmission capacity.” classified since according to the BND it could It is unclear what exactly is meant by reveal methods and capacities of the BND “telecommunications transmission capacity” and thus undermine the ability of the and how this standard limits surveillance German government to protect the country. programs of the BND. A definition based on However, it is stated that after the automatic capacity grants a much broader reach for the filtering process several layers of evaluation BND into Internet data than the commonly and assessment by analysts are supposed to reported figure of 20% of traffic. ensure that only data relevant to the mission of the BND is stored for further analysis. All Every year the parliamentary control other data is supposed to be deleted. committee issues a brief, general report on surveillance activities. The report for the German intelligence services have strong year 2010 received a lot of attention in the historic ties with US intelligence agencies media because it stated that automatic based on close cooperation during the Cold searches with more than 15,000 keywords War.44 It is well known that the NSA and identified over 37 million telecommuni- cations, mostly Emails, for further 41 Link to the report: examination.40 In the end, 213 of these http://dipbt.bundestag.de/dip21/btd/17/086/17 telecommunications were deemed relevant 08639.pdf for investigation and stored. The report 42http://dip21.bundestag.de/dip21/btd/17/127/17 provides further evidence that the BND 12773.pdf 43 http://www.cr- online.de/blog/2013/04/04/der-bnd-liest-mit- 39 http://www.phoenix.de/content//713040 knapp-3-mio-mails-wurden-2011-kontrolliert/ 40 http://www.cr- 44http://www.sueddeutsche.de/politik/historiker- online.de/blog/2012/02/28/massive-eingriffe-in- foschepoth-ueber-us-ueberwachung-die-nsa-darf- grundrechte-bnd-filtert-systematisch-e-mails/ in-deutschland-alles-machen-1.1717216 Impulse 25/13 12

other American intelligence agencies have information requests and breakdowns facilities and staff on US military bases in according to each intelligence service and Germany. After 9/11 cooperation between the type of information requested. German and U.S. intelligence agencies was further expanded. Documents leaked by The parliamentary control committee also Snowden give some insights into the nature appoints the four standing and the four of this close cooperation. US officials claim deputy members of the G-10 Commission that the director of BND lobbied the German which serves as a permanent control body government for a legal interpretation of data for intelligence activities. The Commisssion protection standards that would facilitate reviews and authorizes all requests for data sharing with US intelligence agencies.45 surveillance activities subject to the G-10 The Spiegel reports that the BND sends huge law.47 The chair of the G-10 Commission amounts of metadata to the NSA on a regular needs to have the qualifications to serve as a basis.46 The BND claims that the data stems judge. It meets at least once a month and from foreign communications and is stripped can schedule on-site “control visits” at of any data concerning communications of German intelligence facilities. The G-10 German citizens. The documents also Commission does not only authorize revealed that the BND is using NSA's surveillance programs, but also controls how “Xkeyscore“ system which is supposed to these programs are implemented regarding give analysts access to all telecommuni- the collection, storage, and analysis of cations of a target. personal data. The intelligence agencies have to justify their surveillance requests Oversight over Intelligence Agencies and specify their scope and targets. The G- and Surveillance Programs 10 Commission also receives complaints by citizens and investigates potential abuses. The parliamentary control commission exer- Placed under the authority of the German cises legislative oversight over the intelli- parliament, the German oversight gence agencies. The Chancellery is obli- mechanism belongs to the legislative branch gated to regularly (at least once every six and does not include judicial review. months) inform this committee about the activities of the intelligence services. The Other oversight procedures flow through the commission can request documents and data executive institutions. The BND has to and conduct hearings with members of the report its activities to the German intelligence services. The parliamentary Chancellery. The Chancellery, the Ministry control committee’s deliberations are kept of Interior (to which the office for the secret. However, it can request public protection of the Constitution reports), and deliberations with a two-thirds majority. the Ministry of Defense (to which the The parliamentary control committee issues military intelligence service reports) have to an annual report with the total number of inform the parliamentary control commission about the activities of German intelligence

agencies at least every six months. 45http://www.spiegel.de/politik/deutschland/bnd According to the G-10 law the BND needs the -und-bfv-setzen-nsa-spaehprogramm-- ein-a-912196.html 46http://www.spiegel.de/international/world/ger man-intelligence-sends-massive-amounts-of- 47http://www.bundestag.de/bundestag/gremien/ data-to-the-nsa-a-914821.html g10/ Impulse 25/13 13

approval of the Chancellery to share correct, subsequent disclosures about information collected under this law with surveillance programs are likely to fill in the foreign intelligence agencies of other details of operations within this common countries. framework. For now, we can assert the following conclusions: Citizens who believe that they have been under surveillance can request from the BND Legal Authorization: In each country, the information collected about them.48 The laws authorizing the programs targeting request needs to explain why the citizen foreign communications are broadly worded believes that he has been under surveillance and permit wide discretion to intelligence and indicate a special interest in the agencies to pursue their missions. There are disclosure of this information. The BND can much stricter standards for domestic reject the request, if disclosure would surveillance versus foreign surveillance. threaten its mission, sources, or public However, each country intercepts data that safety or if there are compelling reasons of a is a mixture of foreign and domestic third party to keep the information secret. communications. Because of the difficulties of parsing domestic from foreign data in German data protection officers have real-time filtering on the Internet, the publicly criticized the German government minimization procedures (i.e. the for its refusal to investigate the scope of restrictions on access and utilization of surveillance of German citizens by German collected data) are often applied after the and foreign intelligence agencies and called initial interception and collection occurs. for a reform of oversight mechanisms in This means that the act of interception or order to put German surveillance programs monitoring is permitted irrespective of the under greater scrutiny.49 They also would origin or content of the communication. It is like to see their authority to examine data the targeting or search of the resulting data- protection procedures for data collected bases and the operational dissemination of under the G-10 law expanded. that data which is subject to legal restriction and oversight. The logic of these minimi- zation practices as a form of meaningful Findings oversight is circular. The collecting agencies intercept all communications on the network Although we do not have all of the relevant because a tiny fraction will have relevance to facts for each case to accomplish a clear foreign intelligence matters. If some of the “apples to apples” comparison, this analysis communications are later discovered to be demonstrates that all three countries studied restricted (i.e. originating from a citizen), share a similar approach to the collection of they are deleted - but only if they do not signals intelligence from telecommuni- contain information relevant to foreign cations networks. If this hypothesis is intelligence. In other words, all communications swept up from the Internet

that have relevance to foreign intelligence 48http://www.bfdi.bund.de/cln_029/nn_531474/D are kept and disseminated regardless of E/Themen/InnereSicherheit/Nachrichtendien- ste/Artikel/Bundesnachrichtendienst.html__nnn=t what legal regime technically governs their 49ruehttp://www.spiegel.de/netzwelt/netzpolitik/nsa collection. -affaere-datenschuetzer-fordern-aufklaerung-von- der-bundesregierung-a-920592.html Impulse 25/13 14

Scope and Conditions: Each government programs but holds responsibility for their seeks to intercept large amounts of data implementation and holds investigative traveling over telephone or Internet powers. The FISA court and the G-10 Com- networks - either utilizing their own capa- mission, even though they are located in bilities or in cooperation with one another. different branches of the government, And each nation’s intelligence services actually operate on quite similar terms. appear to use similar tools for finding, Their main responsibility is to weigh govern- analyzing, and operationalizing information ment requests for surveillance to protect na- that pertains to their intelligence goals. tional security against the constitutional Available evidence indicates that intelli- rights of each country’s citizens. But in none gence services of allies such as Britain and of the countries studied does any form of Germany are eager to cooperate with the US oversight appear to have created a signifi- in order to get access to its powerful cant barrier to the expansion of these pro- surveillance capacities. The relationship grams. And in all cases, the proceedings of between Britain and the US is particularly the oversight bodies are almost entirely close. As member of the Five Eyes intelli- secret and the results of any internal con- gence community Britain enjoys privileged flicts over policy or implementation remain access to US intelligence operations and unknown. closely cooperates with US intelligence agencies. In addition, GHCQ receives direct Conclusion financial support from the NSA. The German foreign intelligence service BND also has pulled back the curtain on strong ties to the NSA dating back to Cold massive Internet surveillance programs run War era partnerships that have been by Western intelligence agencies. Media, updated for global counter-terrorism efforts. government officials, civil society, and The exact nature and extent of these businesses around the globe are struggling partnerships remains unknown. However, it to assess the implications and prepare for is clear that the opportunity exists through the consequences. This is a huge challenge such cooperation to rely on other with high stakes. intelligence agencies to monitor domestic communications that would be legally The global Internet relies upon a relatively impermissible for national intelligence fragile system of cooperative technocratic agencies to process. governance and a mutual commitment among nations to maintain an open market Oversight: Review and accountability for for ideas and commerce despite the risks to these surveillance programs are limited in privacy and security that are tied to open all cases. Each government has direct exe- communications. It is a system that depends cutive oversight and reporting requirements. on trust. The Snowden revelations have The British system is the most lenient as dealt a powerful blow to that trust. If trust neither courts nor the legislative branch are declines too sharply, markets and significantly involved. The US is the only information flow on the Internet will be case that requires some degree of court disrupted. National governments will pursue supervision - though it rarely contests intelli- a self-interested course and balkanize this gence requests. Germany is the only case in global resource into a system of national which the oversight body not only authorizes networks guarded and restricted by national

Impulse 25/13 15

interests. Few desire this outcome; and yet even fewer have presented concrete ideas for how to prevent it. Ironically for both intelligence agencies (whose programs have battered public trust in the Internet) and Edward Snowden (who professes to protect the free and open Internet), the most likely result of this debate is that the goals of both will be undermined.

As a matter of public policy, the capabilities of surveillance technology in many countries have extended far beyond what the under- lying laws could anticipate and contain in current legal frameworks. To address this problem requires national debates about updating laws to re-set the balance between security and liberty in accordance with national values. But because the Internet is a global system, the policies of one nation impact the people in others. And so the prospect of rebooting trust in the policies that govern the Internet will require an international process to set standards for expected behavior, to draw red lines around illegitimate conduct, and to align national policies to international standards. The solution will require much more than reform in Washington, and we need to identify a starting point for international engagement. This paper makes a contribution to that work

Impulse 25/13 16

| About the program European Digital Agenda The Program European Digital Agenda combines the expertise of thought-leaders and experience of practitioners in technology business, law and politics to deliver innovative ideas and expert analysis to digital policy debates. The program brings together stakeholders from government, business, academia, and civil society to discuss the challenges of digitalization, to develop poli- cies to realize its potential, and to engage with government from concept to implementation. This work seeks to raise public awareness about the importance of technology policy issues, elevate digital solutions as political priorities, and provide neutral forums for cross-sectoral debate, dis- cussion, and coalition building.

| About the Open Technology Institute

New America's Open Technology Institute formulates policy and regulatory reforms to support open architectures and open source innovations and facilitates the development and implementa- tion of open technologies and communications networks. OTI promotes affordable, universal, and ubiquitous communications networks through partnerships with communities, researchers, indu- stry, and public interest groups and is committed to maximizing the potentials of innovative open technologies by studying their social and economic impacts – particularly for poor, rural, and other underserved constituencies. OTI provides in-depth, objective research, analysis, and fin- dings for policy decision-makers and the general public.

| About stiftung neue verantwortung

Stiftung neue verantwortung is an independent, non-profit, and non-partisan German think tank located in Berlin. It promotes interdisciplinary and intersectoral thinking about the most impor- tant societal and political challenges of our time. Through its Fellow- and Associate-Programs the think tank brings together young experts and thought leaders from politics and administration, business, academia, and civil society to develop creative ideas and solutions and introduce these into public discourse through a variety of publications and events.

Impressum

All rights reserved. No part of this stiftung neue verantwortung e.V. publication may be reproduced or copied Stefan Heumann, Deputy Program without written permission by stiftung neue Director verantwortung. Beisheim Center © stiftung neue verantwortung, 2013 Berliner Freiheit 2 10785 Berlin T. +49 30 81 45 03 78 80 F. +49 30 81 45 03 78 97 www.stiftung-nv.de [email protected]

Impulse 25/13 17