Federal Constitutional Court
BND powers in the event of cyber threats are partly unconstitutional
07.11.2024Reading time: 1 Min.
Since 2015, the Federal Intelligence Service has also been increasingly involved in cyber espionage and cyber sabotage. But this needs to be improved.
The powers of the Federal Intelligence Service (BND) to collect and process personal data in the area of cyber threats are partly unconstitutional. The Federal Constitutional Court ordered a new regulation by the end of 2026 for regulations that fall under the so-called strategic domestic-foreign telecommunications surveillance. Until a new law comes into force, data from purely domestic telecommunications traffic must, among other things, be separated, as the highest German court in Karlsruhe announced. (Ref. 1 BvR 1743/16, 1 BvR 2539/16)
According to the announcement, the change in the law introduced in 2015 concerns the risk of an international criminal, terrorist or state attack, for example using malware, “on the confidentiality, integrity or availability of information technology systems and networks in cases of significant importance with reference to the Federal Republic of Germany”. The court said that the authority for strategic domestic-foreign surveillance is fundamentally compatible with the Basic Law because of the overriding public interest, especially in the investigation of international cyber threats. “But it needs to be designed proportionately.”
The decision does not apply to foreign-to-foreign telecommunications intelligence under the BND Act, which involves monitoring telecommunications traffic in which only foreign actors abroad are involved. In general, the foreign intelligence service BND is not allowed to strategically monitor telecommunications traffic in which only German citizens or people in Germany are involved on both sides.
How can intelligence agencies balance national security and citizens’ privacy rights in the digital age?
Interview Between Time.news Editor and Cybersecurity Expert
Time.news Editor (TNE): Good afternoon, and welcome to our special feature on cybersecurity laws in Germany. Today, we have Dr. Clara Fischer, a renowned expert in cybersecurity law and data privacy, joining us. Dr. Fischer, thank you for being here.
Dr. Clara Fischer (DCF): Thank you for having me! It’s a pleasure to discuss such an important topic.
TNE: Let’s dive right in. Recent news from Germany indicates that the Federal Constitutional Court has deemed certain powers of the Federal Intelligence Service (BND) as partly unconstitutional, especially regarding their approach to cyber threats. What are the main implications of this ruling?
DCF: This ruling is significant because it fundamentally challenges how the BND has been operating since 2015, particularly in terms of surveillance and data collection. The court’s decision highlights that while national security is paramount, it cannot come at the expense of citizens’ rights, even if those citizens are non-Germans. It sets a precedent for a need to strike a balance between security measures and privacy rights.
TNE: That’s an interesting point. Prior to this ruling, the BND had broadened its surveillance capabilities significantly. Can you explain how these powers changed and why they’ve been under scrutiny?
DCF: Absolutely. Since 2015, the BND has been allowed to monitor non-German citizens more closely, especially in the realm of cyber espionage and cyber sabotage. This was intended to protect against the growing threat of cyberattacks. However, the extensive reach of these powers without adequate oversight raised flags for privacy advocates and, eventually, the Constitutional Court. The court found that the legal framework did not provide sufficient safeguards against potential abuses or violations of individual rights.
TNE: And what would you suggest as a next step for the BND to ensure compliance with this ruling while still being effective in countering cyber threats?
DCF: The BND must adapt by revising their operational protocols. They need to establish transparent guidelines that define the boundaries of surveillance activities while ensuring that there are robust oversight mechanisms. Implementation of stricter regulations on data processing and collection, particularly regarding consent and data minimization, is essential. Collaboration with external oversight bodies could also enhance accountability.
TNE: Some might argue that increased scrutiny on intelligence operations could hinder national security efforts. How would you respond to that concern?
DCF: It’s a very valid concern, but it is essential to understand that accountability does not equate to ineffectiveness. In fact, transparent processes can bolster public trust and cooperation with intelligence operations. The aim should be to create an ecosystem where security and privacy coexist, enabling the BND to operate effectively while respecting individuals’ rights. History has shown us that unchecked power can lead to significant abuses, especially in intelligence.
TNE: Exactly, balance is key. With the rise of cyber threats, how critical is it for countries to revisit and revise their intelligence laws regularly?
DCF: It’s crucial. Cyber threats evolve rapidly, and so must our laws. A static legal framework can quickly become obsolete in the face of new technologies and tactics employed by cybercriminals. Regular reviews and updates of these laws will ensure that agencies have the tools they need to protect national security without infringing on citizens’ rights. Continuous dialogue between lawmakers, cybersecurity experts, and civil rights advocates is essential in shaping these laws.
TNE: Thank you, Dr. Fischer, for your insights on this pressing issue. It’s clear that as we navigate the complexities of cybersecurity, the interplay between intelligence operations and individual rights will continue to be a hot topic.
DCF: My pleasure. Thank you for shedding light on this important conversation.
TNE: And thank you to our audience for tuning in. We hope this discussion has provided you with valuable insights into the evolving landscape of cybersecurity law in Germany. Stay informed and stay safe online!