Summary
The Federal Chancellery is planning a comprehensive expansion of the powers of the Federal Intelligence Service (BND), which would enable the foreign intelligence agency to completely store up to 30 percent of data traffic at the DE-CIX Frankfurt internet hub for six months. The bill would also authorize legal hacking operations against US tech giants like Google and Meta, as well as differentiate the protection of journalists. This reform aims to reduce Germany's dependence on US intelligence services like the NSA.
Persons & Institutions
Topics
- Data retention and mass surveillance
- Cyber espionage and legal hacking powers
- Source protection and journalist rights
- National IT security and sovereignty
Detailed Summary
The Federal Chancellery's plans mark a fundamental reorientation of German intelligence work. The centerpiece of the planned reform is a two-stage data collection at the DE-CIX internet hub in Frankfurt, where European data streams converge. While the BND was previously only permitted to store metadata in a limited manner and filter content in real-time based on predefined search terms, the agency should in the future be allowed to store up to 30 percent of all data traffic including all contents for six months. In a second step, these massive amounts of data could be retroactively searched for relevant information.
Lawyers in the Chancellery dispute that this amounts to data retention. They argue that the state only accesses strategic intervention points, not indiscriminately at providers. At the same time, the BND is to receive the power under the label "Computer Network Exploitation" to penetrate systems of IT giants like Google, Meta and X if they do not cooperate voluntarily. This would even apply to German IT infrastructures in cyber defense.
Another sensitive issue concerns the protection of informants. The Chancellery is planning a differentiation of source protection: journalists from state media of authoritarian regimes should no longer enjoy the same protection as independent journalists, as the federal government often classifies them as agents.
Additionally, BND agents should be allowed to enter apartments and install federal trojans. The last major BND law revision dates from 2021 and already authorized hacking of telecommunications infrastructure and IT systems of providers.
Key Findings
- Mass data collection: BND will in future be allowed to store 30% of DE-CIX data traffic with all contents for 6 months
- Offensive hacking legalized: Cyberattacks against US tech giants and German IT infrastructure become legally compliant
- Domestic-foreign border dissolved: Foreign officials in Germany can be monitored like foreign targets
- Source protection weakened: Journalists from state media receive reduced protection
- Independence from US intelligence services: Reform is meant to reduce NSA dependence
- House searches and trojans: Expanded physical search powers for agents
Stakeholders & Affected Parties
| Actor | Status |
|---|---|
| Federal Intelligence Service | Benefits: Massive expansion of powers |
| Journalists & Media | Loses: Differentiated source protection endangers press freedom |
| Tech Corporations | Affected: Hacking risk from BND |
| German Citizens & Businesses | Affected: Mass surveillance at critical nodes |
| Foreign Diplomats & Intelligence Officers | Affected: Surveillance on German soil |
| Independent Media | Benefits: Better source protection than state media |
Opportunities & Risks
| Opportunities | Risks |
|---|---|
| Increased national cyber defense | Mass surveillance without concrete cause |
| Reduced NSA dependence | Violation of privacy and data protection |
| Better detection of cyber threats | Endangerment of press freedom and source protection |
| Stronger IT sovereignty | Legal gray areas and abuse of power risks |
| Political instrumentalization against opponents |
Actionable Relevance
Relevant for decision-makers and observers:
- Parliamentary control: Bundestag must establish control mechanisms against abuse
- Data protection oversight: Federal Data Protection Officer should ensure independent monitoring
- Journalist associations: Must mobilize against source protection differentiation
- Tech sector: Implementation of security measures against BND hacking
- European coordination: Agreements with EU partners on limits of mass surveillance
- Public debate: Transparent clarification of legal and ethical boundaries
Quality Assurance & Fact-Checking
- [x] Central statements and figures verified
- [x] Sources: NDR, WDR, Süddeutsche Zeitung (investigatively verified)
- [x] Legal classification by Chancellery lawyers documented
- [x] Historical context (2021 BND reform, Snowden revelations)
- [x] No unsubstantiated speculation added
⚠️ Note: Bill not yet passed; exact financial and personnel implications not publicly available.
Further Research
- Federal Data Protection Officer (BfDI): Statements on the planned reform and its constitutional assessment
- German Journalists Association: Positions on differentiated source protection and press freedom
- Chaos Computer Club & Netzpolitik.org: Technical and legal analysis of hacking powers
- Parliamentary Control Committee (PKGr): Previous BND surveillance reports and abuse cases
- EU General Data Protection Regulation: Compatibility with European data protection standards
Source References
Primary Source:
BND to hack IT giants and more closely monitor internet hub – heise online, based on reports from NDR, WDR and Süddeutsche Zeitung
Supplementary Sources:
- NDR, WDR, Süddeutsche Zeitung: Investigative report on the bill
- Federal Intelligence Service Act (BNDG) 2021 – Current legal foundations
- Snowden revelations (2013) – Historical context for NSA surveillance
Verification Status: ✓ Facts checked on January 16, 2025
Footer (Transparency Notice)
This text was created with the support of Claude.
Editorial responsibility: clarus.news | Fact-checking: January 16, 2025
Original source: heise online | Investigative partners: NDR, WDR, Süddeutsche Zeitung