Long handcuffed by court rulings, complex oversight arrangements, and stringent data-protection rules, the Bundesnachrichtendienst (BND) has tended to operate as a simple, if reasonably effective, intelligence-gathering and analysis outfit. In a country where the Gestapo and Stasi cast long shadows, strict limits have been placed on the operations of the secret services. The original BND Act, written in 1990, was in essence a data-protection rule book. “It’s very slow, and very bureaucratic,” says a European former security official of the BND.
The BND must cease monitoring once a target once enters Germany. Foreigners abroad enjoy the same privacy protections as someone in Germany, curtailing the BND’s ability to tap phones or monitor data flows. Personal data must be redacted if the BND is to pass information to other German agencies. These “totally absurd” restrictions do not apply in other countries, says Wolfgang Krieger, a historian who has written extensively on the BND. They limit the trust placed in the BND by partner agencies—and create vulnerabilities foes can exploit. “Putin has no rules, and we respond with our Rechtsstaat [constitutional state],” sighs Marc Henrichmann, an mp on the Bundestag’s intelligence-oversight panel.
An early draft of the bill leaked to German media suggests that the BND’s new powers will include the right to conduct offensive operations, including “hack-back” cyberattacks on adversaries, and to infiltrate private tech companies. It will be given greater powers to grab and review data from internet exchanges (de-cix, one of the world’s largest, is based in Frankfurt); will be able to store it for longer; and will have access to the content of messages, not just their metadata. Another proposal is to grant officials and mps the right to declare a pre-war “special intelligence situation” under which the BND would enjoy expanded powers to combat specific threats.
Source: The Economist: A revolution is coming for Germany’s intelligence services