Privacy win: Surveillance of German BND is unconstitutional.

Basic rights such as freedom of the press and the secrecy of telecommunications also apply to foreigners. Thus, their communication must not be monitored.

Since the Snowden leaks in 2013 everybody knows that secret services around the world are monitoring online traffic. The German BND is no different. However, in Germany privacy rights are strictly protected by the German constitution. Now, the Federal Constitutional Court has ruled that the surveillance by the BND is unconstitutional and must change. A win for privacy - and another reminder that only end-to-end encryption can protect our data.

BND suveillance in its current form unconstitutional

The BND - as any other secret service - monitors online traffic by diverting large amounts of data at Internet nodes such as De-Cix in Frankfurt/Main without any concrete suspicion. The BND can branch up to 1.2 trillion connections per day. Then the BND searches the data obtained with the help of so-called selectors - such as email addresses, telephone or device numbers.

According to current legislation, the German Federal Intelligence Service (Bundesnachrichtendienst - BND) must make sure to only sift through data of foreigners. Data of German citizens is protected by the privacy rights declared in the German constitution. For instance, the BND must not use search terms like email addresses that end in .de or phone numbers that include the German country code 0049.

While the BND is trying to sort out communications of German citizens before the data is evaluated for content, this often fails as the Spiegel describes.

Monitoring foreigners is also illegal

Now, the Federal Constitutional Court in Karlsruhe has declared the Internet surveillance of foreigners by the BND to be unconstitutional as well. The German government must therefore amend the BND law, which was amended at the end of 2016, once again.

The civil rights organisation "Gesellschaft für Freiheitsrechte" (GFF), Reporters Without Borders and several journalists had lodged a constitutional complaint against the so-called strategic overseas telecommunications surveillance. They fear that journalists and their sources are also being monitored, although their communication is actually protected by law.

According to the Spiegel, the judges of the German constitutional court now clarified that:

  • German basic rights such as freedom of the press and the secrecy of telecommunications are not "German basic rights"; foreigners abroad can also invoke them. The "defence rights against telecommunication surveillance" extend "also to foreigners abroad".

  • The BND's Internet surveillance goes too far, it is "not limited to sufficiently specific purposes and structured in a way that makes it controllable" and there is a lack of "protective measures, for example to protect journalists or lawyers". The passing on of findings from telecommunications surveillance to other secret services must also be more strictly regulated.

  • The independent control of the BND must be expanded.

  • The BND law in the version that has been in force since the beginning of 2017 is unconstitutional. The German government now has until the end of 2021 to amend it - until then the regulations in question will continue to apply.

Only encryption can fight surveillance

While this ruling is a clear win for the right to privacy, the discussion makes clear once again that only end-to-end encryption can protect data while it is being sent through the internet.

That's why at Tutanota we focus on making email encryption so easy that anyone can use it. For journalists who need to protect their source, we donate the encrypted contact form Secure Connect.

Encryption is the only tool we have to protect our data online. That's why we also must oppose any attempt to implement backdoors to encryption.

As this ruling shows: Privacy is a basic Human Right and we must keep fighting for it.

Black and white picture of Matthias thinking and looking to the right side.
Matthias is co-founder and developer of Tuta, focusing on backend development, architecture and email processing. He writes code and political comments to fight for our human right to privacy. He wants to create an encrypted cloud collaboration platform which is so easy to use and so secure that it locks out all the spies. We all deserve a better internet - one where privacy is the default.
Top posts
Latest posts