Strategic Initiative TechnologyWe Unveil the BND Plans to Upgrade its Surveillance Technology for 300 Million Euros

Fiberglass tapping, Internet analysis, encryption cracking, computer hacking: Germany’s secret service BND is massively expanding its Internet surveillance capabilities. We publish its secret 300 million Euro investment programme „Strategic Initiative Technology“. Members of Parliament and civil society criticise the agency’s new powers and demand an end of the whopping armament programme.

Massenüberwachung soll den Cyberraum sicher machen. Symbolbild: BND.

This is a shortened translation of the original German text, which includes more details, political demands and the original documents in full text. Translation by Nikolai Schnarrenberger, edits by Kirsten Fiedler.

300 Million Euros for New Surveillance Technology

In May 2014, shortly after the German Parliament’s investigative committee on the NSA spying affair began its work, several media reported that the BND was investing in a 300 million Euro programme called „Strategic Initiative Technology“ (SIT). Among them the newspaper „Neues Deutschland“ (BND plans on gigantic strategic modernisation programme), the press agency „DPA“ (BND intensifys fight against cyberattacks) and an alliance of public TV stations NDR and WDR and the daily „Süddeutsche Zeitung“ (BND wants real-time surveillance in social media networks, BND plans „surveillance at eye level“). Hartmut Pauland, head of the Signal Intelligence Department at the BND, testified himself in a council hearing as „Commissioner of Strategic Technical Initiative for the BND President“.

Shortly after these first publications, the Budget Committee of the German Bundestag approved an initial funding of six million Euros. Obviously this is way less than 300 million, which caused news reports falsely claiming „that the coalition blocked BND upgrades“. In fact, the approved amount comprised exactly the requested budget for 2014 – which means that the upgrade of the SIT for the BND moves ahead as planned. This year further 21.7 million Euros have already been released, more funds are going to be approved each year.

Seven-year plan until 2020

The official timetable of the BND clearly indicates: During the news reports in 2014, only preparations for the launch of SIT were undertaken. The actual start of the programme is under way right now.

Strategische Initiative Technik: Timetable.
Timetable of the Strategic Initiative Technology (SIT).

The secret Strategy Paper of the BND

We received the „VS-secret“ classified Strategy Paper of the BND and publish it as usually in full-text: Strategic Initiative technology.

In addition, we publish these attachments:

„Technical modernisation programme“

Money quote:

With its technical modernisation programme, the BND intends to respond to the technological developments as indicated. The last technical modernisation ran out in 2008, and following single measures could not prevent an investment backlog which has grown huge by now.

It is not entirely clear what kind of „technical modernisation“ expired in 2008. The Operation Eikonal, the joint initiative of BND and NSA to route and scan internet traffic massively at the Deutsche Telekom in Frankfurt terminated in 2008, as we know. At that time, the BND received hardware and software from the NSA while the BND offered access to the Internet node DE-CIX in Frankfurt: surveillance technology in exchange for data. But the NSA wanted more spying capabilities than the BND initially intended to grant. Therefore, 38,000 selectors were allegedly used, which officially violate „German and European interests“. As a result, the BND dried up the output for the NSA to end the project without losing its face.

Snowden revelations as a wish-list

The BND now wants to be able to perform wiretapping on its own. The Snowden revelations about skills and financial resources of the Five-Eyes Intelligence Services aren’t seen as a warning but rather transformed into a wish-list for the BND: The German agency wants to play „on an equal level with the western partner services“:

The BND’s plans are in synchronicity with those of other intelligence services. To avoid losing important intelligence capabilities and to encounter novel security threats, our partner countries have made substantial investments in their intelligence services. The US has gradually increased the NSA budget more than fifty percent up to nearly eleven billion dollars since 2004. The main partners in Europe, France and Britain, invested several hundred million euros in technical modernisation programmes since 2009 and 2011 (500 million euros respectively 650 million pounds sterling) and significantly increased the budget of its intelligence services step by step in the last few years. If the BND does not catch up capabilities on the state of the art, it is endangered to fall back behind countries like Italy or Spain, causing negative consequences for the knowledge exchange within the Community and the risk of isolation.

Five „packages of measures“ on the wish-list

The technical specifications requested by the BND are divided into five areas:

  1. SIGINT (Signal Intellicence) is subject to a change of philosophy from content acquisition towards a metadata-focused general collection. The search for „fragments of a needle in the haystack“ is only successful if the search happens targeted and in real time. Simultaneously, the mass processing of communication contents is limited.
  2. The Internet operation skills (CYBER) are to be increased. The technical possibilities to explore the Internet as a public information space are used extensively for the investigation of communications and content that are directed against Germany.
  3. In the field of sensor technology, technological progress is used for the investigation of atomic, biological and chemical etc. weapons on mission areas.
  4. The increasing use of biometrics and the consequent risk of HUMINT-operations are to be responded with new methods and systems.
  5. With the expansion of integrated data analysis (AIDA) new kinds of analytic tools need to be installed. These are going to develop previously unknown relationships in the data already held by the BND, and improve the informational value of given data bases. Moreover, current activities of the web in general and on web 2.0 platforms ought to be observed by automated real-time analysis of data to identify mission-related developments.

A yearly budget of 43 million Euros for the next seven years

As overall budget „300 million Euros are planned in the period of 2014 to 2020“. By comparison, the annual budget of the BND in 2015 is a „subsidy“ of 615 million Euros. The budget overview provides a more detailed breakdown of the newly granted 300 million Euros. We created a visualisation of the „annual tranches“:

Strategische Initiative Technik: Kosten.
Strategic Initiative Technology: Budget.

The observation of the „global data streams“ (SIGINT) takes more than half of the budgeted funds. Together with the analysis of these data (AIDA) 90 percent of the investments of the BND are used for „acquisition“ and „detection of intelligence-related developments in the Internet“.

SIGINT: „collection of relevant information“

Similarly to the intelligence services of the Five Eyes, the BND invests a major part of its resources in the „signals intelligence“ (SIGINT). BND explains that the „technical intelligence“ is „the cornerstone of a modern and efficient Federal Intelligence Service, aligned to future challenges“. According to BND head of department Pauland, who testified before the parliamentary investigatory committee, the interception of „routine traffic“ is causing almost 50 per cent of notifications – in other words, the so-called groundless mass surveillance of entire channels of communication, such as entire fibreglass lines. This field is now going to be expanded and modernised.

„Traffic lines in cyber space“

Despite the fact that the BND already massively wiretaps Internet communication from fibre optic cable lines at (at least) twelve different locations, another such „measure in intelligence gathering“ was scheduled to start in 2014. In order to identify „intelligence-related traffic lines in cyberspace“, the so-called „network structure“ needs to be expanded. Once the BND has found an interesting place of communication such as a fibre-optic line or an Internet node, it wants to „gain access“.

Control: „Holy God and BND“

The hardware and software used by the BND to tap and scan the Internet traffic is theoretically subject to prior review by the Federal Office for Information Security (BSI). But the audit report we previously published shows that the technique violates statutory rules.

The BND now wants to continue to develop and expand these „acquisition tools“. Moreover, the „Information Processing“ – meaning the exploitation of intercepted data – is going to be adjusted „to the challenges of the future“ from this year on.

Identification of German citizens „needs improvement“

Further the BND describes:

In particular, the recognition of G10-related Internet traffic has to be improved, […] improved selection and filter systems […] are to be developed.

This is quite remarkable since the BND previously claimed that the detection and filtering of German citizens to be „99.99 percent safe“ – which is critical as Germans are (clearly) protected by fundamental rights under the German constitution, in particular Article 10 which protects the secrecy of telecommunications. The effectiveness of this filtering was repeatedly questioned in the Parliamentary Inquiry Committee and is likely to be refuted with the 38,000 NSA selectors which the BND has officially classified as „violating German and European interests“. A clear phrasing in the document might be seen as a further concession that the BND has problems to comply with the law.

Cyber Defense: „SIGINT support to Cyber Defense“

In addition to classical surveillance, „particularly the field of cyber defense needs to become the focus of the BND“. That’s what the BND calls „SIGINT Support to Cyber Defense (SSCD)“ and even describes it on its website. To this end, the BND founded a new department with „up to 130 employees“ to ward off hacker attacks. The legal basis for this is the legislative reform of the Federal Domestic Intelligence, the draft of this law was unveiled by us in February.

On July 3 – one day before the investigation against netzpolitik.org became public – the Bundestag adopted the final law. It allows the BND to now monitor channels of communication not only for the terms of war, terror, weapons, drugs, counterfeiting, money laundering and of illicit migration-assistance, but also for „cyber threats“. This does not only include „attacks through Malware programs“, but also „Denial of Service Attacks“ and „Man in the middle-taps via DNS spoofing“.

Turf wars on cyber defense

It is questionable whether digital defense should be the task of the Federal Intelligence Service. For this purpose, the Federal Office for Information Security (BSI) was brought into being. But as it became clear the „Bundeswehr Guideline on Cyber-Defense“ that we published previously, there is a turf war going on within the federal authorities on the subject of „cyber defense“. Among the BSI, BND and the Bundeswehr, various other authorities compete over powers and resources in this field, including the Federal Domestic Intelligence (BfV), Federal Office for Civil Protection and Disaster Assistance (BBK), Military Counterintelligence Service (MAD), Bundeskriminalamt (BKA), Customs Criminal Office (ZKA) and various state agencies. The newly created joint National Cyber Defense Centre was criticised by the Institution of Federal Financial Management as „not justified“.

„Decryption“ via chip analysis

As Patrick Beuth already reported on ZEIT ONLINE, the BND also wants to be able to crack encryption. The analysis of encryption on microchips has long been common practice in independent research (pdf). Comparable „systems for chip analysis“ as infrared-microscopes and focused-ion-beam-systems are now also available to researchers and hackers.

„Cyber Intelligence“: SIGINT and Exploits

In order „to create access and the acquisition of technical information to carry out SIGINT and HUMINT operations“ the BND plans a „setup and expansion“ of „operational infrastructure.“ This could mean servers and apartments that are registered under cover. Following the WikiLeaks publication of a list of IP addresses in 2008, that the BND received from T-Systems, the German intelligence service had to give them up and clean up. Such mishaps are to be obviously avoided.

However, the BND also counts „technical information“ such as „software vulnerabilities“, „access parameters“ and „system data/device data“ as „cyber intelligence“. Moreover, „exploits for IT-operations“ are explicitly mentioned in this context; this means for instance malware to actively exploit vulnerabilities and to penetrate other computers and devices. Even thought the newspaper Der Spiegel reported about this already, the fundamental problem remains: We have been explaining for years why trojan horses made by the government are not controllable through laws and therefore have to be fundamentally rejected. We have been explaining as well why it is damaging for all of us, when intelligence services use and feed the black market for exploits and thereby generally increase insecurity.

„Extension of integrated data analysis“

The second major project after SIGINT is called AIDA and stands for the „extension of integrated data analysis“. The data collected by „SIGINT“, or other measures, need to be better evaluated. Up to 70 million Euros are planned to be spent on new „analytical tools“ to extract information in a more targeted manner from available data, and to improve „the capacity of the BND to obtain information“.

According to the timetable, the „setup of the necessary infrastructure and complex“ has already begun in 2014, to „use the potential of new technologies effectively, efficiently, operationally sustainably“. The BND indicates a combination of hardware and software to save „often used data“ on „high-performance storage media“ such as solid-state-drives and „other information“ on less expensive disks.

„Real-time analysis of streaming data“

Part of AIDA is the „real-time analysis of streaming data“, i.e. the observation of social networks. The BND indicates a „technological change on the web“ to „web 2.0“ and „user provided content“. Traditional intelligence methods are „not up to the new requirements both in terms of the amount of data, and to the content of the individual particles“. Therefore, the BND wants to develop new approaches to monitor social media.

The BND intends to make foreign information channels usable by aggregating, correlating and analysing pieces of information almost in real-time in order to always have an up-to-date vision of these channels. The goal is to identify potentially mission-related developments at an early stage, to provide a close contribution to the image from the perspective of the web 2.0.

In terms of the judicial review of the surveillance of social networks, opinions differ. We already reported last year on the analysis of public sources: How monitoring of social networks is justified by Bundeswehr and BND.

Minister of Justice: „Legally difficult to justify“

Data protection expert disagree: The storage and processing of self-published data is a new purpose, which needs a new legal basis.

It is interesting that the BND emphasises „to pursue developments abroad – and not in Germany“ on the one hand. On the other hand, the Interior Ministry highlights Article 10 of the Constitutional Law – according to which „no interference“ takes place. This is remarkable, because the BND anyway believes that metadata, foreigners and „officials“ do not enjoy this fundamental right to privacy of correspondence, posts and telecommunications, but only German citizens. Why Germans are thus not affected, but the surveillance of Germans would be legal anyway, does not seem to be very coherent.

Despite this uncertain legal situation, the BND is moving ahead with the project and has ordered a feasibility study. According to the BND, the „evidence of feasibility“ already includes the „launch of the observation and analysis of selected information channels“ – i.e. the observation of social networks such as Facebook and blogs. These should be analysed „with regard to simple, defined issues“. The result is to be „incorporated into the production process of the BND and be evaluated there“. Why the continued surveillance „of several million particles of information“ is still called a „test“, remains a secret of the BND.

„Enormous amounts of data have to be managed.“

In a second phase, the „developed (and exemplified implemented) algorithms“ are to be verified and used on a large scale. The BND explains: „These enormous amounts of data have to be managed.“ On one occasion, the document states that „several thousand splinters of information per second“ need to be „processed, aggregated and analysed“. One paragraph later, it increased to „several billion data fragments (metadata and quality content) in near real-time“.

German software for „real-time analysis of large amounts of data“

While the Bundeswehr intends to use the two software packages Textrapic from the Institut für grafische Wissensorganisation, a startup of the University of Rostock, and Brandwatch from the same titled „Social Media Monitoring“ company from England, the BND counts on the database technology Hana from the German software manufacturer SAP.

Overall, the BND planned „a total of 500,000 Euro” in 2014, for Hana hardware and software, as part of „the parent package of measures AIDA (expansion integrating data analysis)“.

As MDR Fakt and Zeit Online revealed in March: The Hana parent company SAP works for the NSA.

In addition to fundamental criticism of the business with surveillance technology, the MP of Bündnis 90/die Grünen, Konstantin von Notz pointed out the delicate dual role of the business with several intelligence services.

Members of Parlament: „SIT must be stopped“

For our original german article, we contacted a broad range of politicians, government-officials and NGOs with requests for comments. The BND and the Federal government provided an identical standard-text. The Conservative and Social Democrat government parties did not reply at all. The opposition parties Greens and Lefts provided various comments.

Government-press officer and the BND press-office justified the SIT-Paper with an literally identical statement. The announcement underlines the already given arguments for development of German Intelligence Capacities in terms of cyber defense and IT security. It calls the SIT-funding a substantial contribution to German security architecture.

Opposing this view, MP Dietmar Bartsch from DIE LINKE notes: „BND switches from defense to offensive attack“. His party-colleague Martina Renner demanded for an immediate stop of the SIT-programme. Corresponding to this, also Ulla Jelpke aked to put the programme on hold. Therefore the parliamentary vice-chairman of the Lefts, Jan Korte notes: „Die Linke calls for moratorium on the Intelligence ramp up“.

The green Parliamentary Control Panel chairman, Hans-Christian Ströbele claims for an effective parliamentary control of the BND: „The BND has to be shackled“.

Wolfgang Nešković, former member of the Intelligence Control Panel called the „Vacuum Cleaner Policy“ of Intelligence Services an inherent problem.

Various NGOs as the CCC demanded to shut down the BND as „the German branch of the NSA“. The Humanistische Union called for an end to the groundless surveillance, aside with statements from Amnesty International, the International League for Human Rights and Reporters Without Borders.

Konstantin von Notz, vice-chairman of the Greens was strongly irritated by the context of the budget increase, following the Snowden revelations.

The full-text SIT documents in German language.

4 Ergänzungen

Dieser Artikel ist älter als ein Jahr, daher sind die Ergänzungen geschlossen.