The German Commercial Internet Exchange (DE-CIX) has filed a constitutional complaint against Germany's foreign intelligence agency, the Bundesnachrichtendienst (BND), for copying all of the data going into its Frankfurt data center - the world's largest Internet exchange.
Back in 2016, DE-CIX sued the BND over the mass surveillance of its customers, but the case was thrown out earlier this year by Germany’s Federal Administrative Court.
The spy who copied me
"After the dismissal of their lawsuit before the German Federal Administrative Court on 30 May 2018, DE-CIX is now seeking clarification of fundamental legal questions through the Constitutional Court, to ensure legal certainty for citizens and operators," the company said in a statement.
Klaus Landefeld, a member of the supervisory board of DE-CIX Group AG, added: “The violations of the principle of the secrecy of correspondence and telecommunications which were comprehensively demonstrated and argued in our lawsuit were not even dealt with by the Federal Administrative Court in the process. This is, for us, inexplicable.
"We therefore, after this verdict, see ourselves as remaining obligated to our customers to take action to ensure that any strategic signals intelligence relating to their telecommunications occurs exclusively on a legal basis, as intended by the lawmakers. Currently, we do not see this as guaranteed."
The case can be looked at by the Federal Administrative Court, or - if it rejects it again - will go before the Constitutional Court.
Key to DE-CIX's argument is the right to privacy of correspondence, post and telecommunications guaranteed under Article 10 of the German constitution. The BND is also forbidden from intercepting German citizens’ data, and banned from using widespread data dragnets that capture more than 20 percent of overall traffic.
The BND claims it uses data filters to remove domestic traffic, but has not detailed how, or demonstrated the technology to any independent body. It was previously revealed that similar technology was somewhat faulty - the filtering program Dafis was thought to be only 95 percent effective when its existence was revealed in 2014, although during a parliamentary hearing, witnesses claimed it was 99 percent effective.
To pull off the data heist, the BND is thought to have inserted Y-piece prisms into the fiber optic cables leading to the data center, duplicating all traffic and diverting copies to servers owned by the agency. It is also believed some of that data was shared with the United States’ National Security Agency.
The BND is thought to be collecting 220 million sets of metadata every day from telephone conversations, as well as tapping at least 11 major fiber cables and satellite links.