German intelligence to continue data dragnet at Frankfurt internet hub

De-Cix sued BND and interior ministry over spying on 1,200 communication lines

De-Cix had argued that diverting copies of all fibre-optic communications on to BND servers was unlawful because German citizens’ communications were also saved

De-Cix had argued that diverting copies of all fibre-optic communications on to BND servers was unlawful because German citizens’ communications were also saved

 

Germany’s BND, its foreign intelligence agency, has been granted carte blanche to continue mass surveillance of internet and telephone communications at the world’s largest internet hub in Frankfurt.

The operator of the hub, the German Commercial Internet Exchange (De-Cix), sued the BND and the federal interior ministry, challenging its spying on 1,200 communication lines from China, Russia, the Middle East and Africa. However, Germany’s federal administrative court has dismissed the complaint and allowed the data dragnet to continue – even without concrete cause.

De-Cix had argued that diverting copies of all fibre-optic communications on to BND servers was unlawful because German citizens’ communications were also saved. However, lawyers for the federal government argued that the BND used special filters to strip out German citizens’ communications. Federal wiretap laws allowed it to monitor “strategic signals intelligence” passing through the hub, but the BND was not at liberty to discuss operations.

The court said the data centre operator was not entitled to cite article 10 of Germany’s post-war Basic Law, guaranteeing privacy of communications, because as operator of the facility it was not directly affected by the BND operations.

The court added that the legality or otherwise of the Frankfurt surveillance was not the concern of De-Cix but of the federal government and its institutions.

The consortium said it welcomed the legal certainty provided by the ruling but remained dissatisfied. “De-Cix management bears no responsibility for the [constitutional] violations that result from the tapping of German domestic communications signals by the BND at the internet exchange in Frankfurt,” it said after the ruling.

Data centres

The De-Cix facility, founded in 1995 in Frankfurt, has since spread to 19 data centres and at peak times its servers consume more electricity that Frankfurt airport and transmits more than 6 terabits of data per second.

Starting in 2009, the BND inserted into fibre-optic cables so-called “prism” devices that intercept – and divert on to BND servers – a copy of all data transmitted through the network.

The German agency is not alone in such practices, with whistleblower Edward Snowden revealing widespread communications taps both by US and UK intelligence services. Without telecommunication surveillance in Frankfurt and elsewhere, the BND has warned it could “close up shop”.

Yet Germany’s history of dictatorship in the 20th century has made mass surveillance a sensitive issue here.

With no appeal possible at the administrative court, the De-Cix consortium announced it would now take its case to Germany’s constitutional court.