Germany’s spies seriously violated the country’s laws multiple times, according to a secret report from its federal data protection commissioner Andrea Voßhoff.
The legal analysis, leaked to Netzpolitik, was made in July 2015 following a visit by data protection officials to Bad Aibling in southern Germany, in the wake of Edward Snowden’s revelations about surveillance activities there. Bad Aibling is jointly run by Germany’s intelligence agency, the Bundesnachrichtendienst (BND), and the NSA.
As well as listing 18 serious legal violations, and filing 12 formal complaints—the German data watchdog’s most severe legal instrument—the secret report said that the BND created seven databases without the appropriate legal approval. As a result, commissioner Voßhoff said that all seven databases should be deleted, and could not be used again.
Significantly, one of the illegal databases used the XKeyscore software, sometimes called the NSA’s Google. As Ars reported last year, it was known that the BND had a copy of this program, but the Netzpolitik leak appears to provide details of the huge scale on which it was used: