A Dubious Deal with the NSA


Internal documents show that Germany's domestic intelligence agency, the BfV, received the coveted software program XKeyscore from the NSA – and promised data from Germany in return.   von Kai Biermann und Yassin Musharbash


The agents from the Federal Office for the Protection of the Constitution (BfV), Germany’s domestic intelligence agency, were deeply impressed. They wanted to be able to do that too. On Oct. 6, 2011, employees of the US intelligence agency NSA were in the Bavarian town of Bad Aibling to demonstrate all that the spy software XKeyscore could do. To make the demonstration as vivid as possible, the Americans fed data into their program that the BfV had itself collected during a warranted eavesdropping operation. An internal memo shows how enthusiastic the German intelligence agents were: Analyzing data with the help of the software, the memo reads in awkward officialese, resulted in "a high recognition of applications used, Internet applications and protocols." And in the data, XKeyscore was able to "recognize, for example, Hotmail, Yahoo or Facebook. It was also able to identify user names and passwords." In other words, it was highly effective.

It was far beyond the capabilities of the BfV’s own system. In response, then-BfV President Heinz Fromm made a formal request five months later to his American counterpart, NSA head Keith Alexander, for the software to be made available to the German intelligence agency. It would, he wrote, superbly complement the current capabilities for monitoring and analyzing Internet traffic.

But fully a year and a half would pass before a test version of XKeyscore could begin operating at the BfV facility in the Treptow neighborhood of Berlin. It took that long for the two agencies to negotiate an agreement that regulated the transfer of the software in detail and which defined the rights and obligations of each side.

The April 2013 document called "Terms of Reference," which ZEIT ONLINE and DIE ZEIT has been able to review, is more than enlightening. It shows for the first time what Germany’s domestic intelligence agency promised their American counterparts in exchange for the use of the coveted software program. "The BfV will: To the maximum extent possible share all data relevant to NSA's mission," the paper reads. Such was the arrangement: data in exchange for software.

It was a good deal for the BfV. Being given the software was a "proof of trust," one BfV agent exulted. Another called XKeyscore a "cool system." Politically and legally, however, the accord is extremely delicate. Nobody outside of the BfV oversees what data is sent to the NSA in accordance with the "Terms of Reference," a situation that remains unchanged today. Neither Germany’s data protection commissioner nor the Parliamentary Control Panel, which is responsible for oversight of the BfV, has been fully informed about the deal. "Once again, I have to learn from the press of a new BfV-NSA contract and of the impermissible transfer of data to the US secret service," complains the Green Party parliamentarian Hans-Christian Ströbele, who is a member of the Parliamentary Control Panel. The Federal Office for the Protection of the Constitution, for its part, insists that it has adhered strictly to the law.

The data in question is regularly part of the approved surveillance measures carried out by the BfV. In contrast, for example, to the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, the BfV does not use a dragnet to collect huge volumes of data from the Internet. Rather, it is only allowed to monitor individual suspects in Germany -- and only after a special parliamentary commission has granted approval. Because such operations necessarily imply the curtailing of rights guaranteed by Article 10 of Germany’s constitution, they are often referred to as G-10 measures. Targeted surveillance measures are primarily intended to turn up the content of specific conversations, in the form of emails, telephone exchanges or faxes. But along the way, essentially as a side effect, the BfV also collects mass quantities of so-called metadata. Whether the collection of this data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts. Well-respected constitutional lawyers are of the opinion that intelligence agencies are not allowed to analyze metadata as they see fit. The agencies themselves, naturally, have a different view.

It is clear, after all, that metadata also enables interesting conclusions to be drawn about the behavior of those under surveillance and their contacts, just as, in the analog world, the sender and recipient written on an envelope can also be revealing, even if the letter inside isn't read. Those who know such data can identify communication networks and establish movement and behavioral profiles of individuals. Prior to 2013, Germany's domestic intelligence agency was only able to analyze metadata by hand -- and it was rarely done as a result. But that changed once the agency received XKeyscore. The version of the software obtained by the BfV is unable to collect data on the Internet itself, but it is able to rapidly analyze the huge quantities of metadata that the agency has already automatically collected. That is why XKeyscore is beneficial to the BfV. And, thanks to the deal, that benefit is one that extends to the NSA.

In practice, it assumedly works as follows: When an Islamist who is under surveillance by the BfV regularly receives calls from Afghanistan, for example, then the telephone number is likely exactly the kind of information that is forwarded on to the NSA. That alone is not necessarily cause for concern; after all, combatting terrorism is the goal of intelligence agency cooperation. But nobody outside of the BfV knows whose data, and how much of it, is being shared with the NSA. Nobody can control the practicalities of the data exchange. And it is completely unclear where political responsibility lies.

In 2013 alone, the BfV began 58 new G-10 measures and continued 46 others from the previous year. Who was targeted? What information was passed on to the NSA? Was information pertaining to German citizens also shared? When confronted with such questions, the BfV merely responded: "The BfV is unable to publicly comment on the particulars of the cooperation or on the numbers of data collection operations."

How important XKeyscore has become for the BfV can also be seen elsewhere. Not long ago, the website Netzpolitik.org published classified budget plans for 2013 which included the information that the BfV intended to create 75 new positions for the "mass data analysis of Internet content." Seventy-five new positions is a significant amount for any government agency. A new division called 3C was to uncover movement profiles and contact networks and to process raw data collected during G-10 operations. The name XKeyscore does not appear in the documents published by Netzpolitik.org. But it is reasonable to suspect that the new division was established to deploy the new surveillance software.

Germany’s domestic intelligence agency is itself also aware of just how sensitive its deal with the Americans is. Back in July 2012, a BfV division warned that even the tests undertaken with XKeyscore could have "far-reaching legal implications." To determine the extent of the software’s capabilities, the division warned, employees would have to be involved who didn’t have the appropriate security clearance to view the data used in the tests. The BfV has declined to make a statement on how, or whether, the problem was solved.

 Germany’s data protection commissioner was apparently not informed. "I knew nothing about such an exchange deal," says Peter Schaar, who was data protection commissioner at the time. "I am also hearing for the first time about a test with real data." He says he first learned that BfV was using XKeyscore after he asked of his own accord in 2013 -- in the wake of revelations about the program from whistleblower Edward Snowden.

Schaar is of the opinion that the agency was obliged to inform him. Because real data was used during the tests, Schaar says, it constituted data processing. The BfV, by contrast, is of the opinion that the use of XKeyscore has to be controlled solely by the G-10 commission. It is a question that has long been the source of contention. In testimony before the parliamentary investigative committee that is investigating NSA activities in Germany, Schaar has demanded that the G-10 law be more clearly formulated to remove the ambiguity.

The fact that the BfV recognized the problems with its NSA cooperation can be seen elsewhere in the files as well. During the negotiations over the XKeyscore deal, the BfV noted: "Certain NSA requests … cannot be met insofar as German law prevents it." But the Americans insisted that the software finally be "used productively." The NSA wants "working results," the German agents noted. There is, they wrote, apparently "high internal pressure" to receive information from the Germans.

Ultimately, the BfV arrived at the conclusion that transferring information obtained with the help of XKeyscore to the NSA was consistent with German law. Insights gathered by way of G-10 operations were already being "regularly" shared with "foreign partner agencies." That, at least, is what the BfV declared to the German Interior Ministry in January 2014. Furthermore, the agency declared, a special legal expert would approve each data transfer.

That, it seems, was enough oversight from the perspective of the BfV. The agency apparently only partially informed its parliamentarian overseers about the deal. The Parliamentary Control Panel learned that the BfV had received XKeyscore software and had begun using it. But even this very general briefing was only made after the panel had explicitly asked following the Snowden revelations. The deal between the intelligence agencies, says the Green Party parliamentarian Ströbele, "is undoubtedly an ‘occurrence of particular import,’ about which, according to German law, the German government must provide sufficient information of its own accord." He intends to bring the issue before the Parliamentary Control Panel. The NSA investigative committee in German parliament will surely take a closer look as well.




NSA helps German domestic intelligence agency  - the document


Document pertaining to the agreement between the NSA and Germany’s domestic intelligence agency BfV

The following document contains the original English text of an agreement between the National Security Agency, the German foreign intelligence agency BND and the German domestic intelligence agency BfV. It was signed in April 2013 by all three agencies. The purpose of the agreement is to define the conditions under which the BfV was given access to the NSA's XKeyscore software. (The BND is part of the agreement in name only as this agency historically served as the primary point of contact between the NSA and German intelligence agencies.)

The arrangement has never before been made public. We had to determine if it was justified to publish the entire text of the document.

We are documenting this agreement because it proves what exactly German intelligence agencies give to the NSA in exchange for technical support.

We are documenting the agreement because we believe it potentially violates the fundamental rights of German citizens and that the danger of such violations remains clear and present.

And we are also documenting this agreement because it presumably serves as an example for other such agreements that have not yet come to light -- agreements forged between agencies without providing detailed information to the Parliamentary Control Panel, thus forestalling the possibility of a debate in the political or public sphere. Political responsibility for the deal thus remains obscure.


The following abbreviations are used in the document:

S – secret
SI – SigInt, Signals Intelligence
COMINT – Communication Intelligence
REL TO – release to
FOUO – for official use only
U – unclassified


The document:


(S/SI) Terms of Reference between the Bundesnachrichtendienst Sigint Department and the Bundesamt für Verfassungsschutz of the Federal Republic of Germany and the United States National Security Agency for the XKeyscore Computer Network Exploitation Software

I. (U) Purpose

A (S/SI) This Terms of Reference (TOR) is entered into between the Bundesnachrichtendienst (BND) and the Bundesamt für Verfassungsschutz (BfV) of the Federal Republic of Germany and the National Security Agency (NSA) of the United States of America for the purpose of establishing certain obligations for the BND, the BfV and the NSA. It delineates an agreement made in June 2012 to provision the BfV, through the BND, with the NSA-developed XKeyscore computer network exploitation software to improve the BfV's processing analytic capability to encounter extremist threats and, to the maximum extent possible, share all data relevant to NSA's mission.

B (U) Rights to an invention provided under this TOR shall be governed by the treaty between the U.S. and the Federal Republic of Germany, entitled Interchange of Patent Rights and Technical Information for Defense Purposes, signed January 4, 1956.

C (U) This TOR is not intended to create any legally enforceable rights and shall not be construed to be either an international agreement or a legally binding instrument according to international law.

II. (U) Software Description

A (S/SI) XKeyscore is a computer network exploitation system that combines high-speed filtering with Sigint Development (Sigdev). XKeyscore performs filtering and selection to enable analysts to quickly find information they need based on what they already know. It also performs Sigdev functions such as target development to allow analysts to discover new sources of information.

III. (U) Responsibilities

A (U) NSA will:   

1. (S/SI) Provide the BND with XKeyscore software with the understanding that this software will be transferred to the BfV.

2. (S/SI) Collaborate with the BND and the BfV on analytic methodologies and provide support for complex problems with the software.

B (U) BND will:

1. (U/FOUO) Provide system installation, operations, maintenance and training support to the BfV.

2. (U/FOUO) Agree that, absent the prior written authorization of the NSA, it will not export, re-export, or transfer any technical information or equipment regarding XKeyscore that is furnished under this TOR.

C (U) BfV will:

1. (S/REL) Be responsible for all costs related to the acquisition of the necessary hardware and software necessary to successfully implement the XKeyscore software as a processing and analysis solution.

2. (U/FOUO) Agree that, absent the prior written authorization of the NSA, it will not export, re-export, or transfer any technical information or equipment regarding XKeyscore that is furnished under this TOR.

3. (U/FOUO) Utilize XKeyscore in a manner consistent with German law and in a manner reasonably likely not to result in the targeting of U.S. persons. The term U.S. persons includes U.S. citizens, an alien lawfully admitted for permanent residence in the U.S., unincorporated groups and associations a substantial number of the members of which are U.S. citizens or resident aliens, or corporations incorporated in the U.S., including U.S. flag nongovernmental aircraft or vessels, but not including those entities which are openly acknowledged by a foreign government or governments to be directed and controlled by them.

4. (S/SI) Ensure that the information processed via XKeyscore will not be used in a judical or administrative proceeding that is based solely on activities that if conducted by a United States person would be protected by the United States Constitution and Amendments thereto and is in accordance with German law.

5. (U/FOUO) To the maximum extent possible share all data relevant to NSA's mission.

IV. (U) Review and amendments

A (S/SI) The BND, the BfV and the NSA agree that the parties through mutual discussion, cooperation or separate agreement shall resolve all disputes or disagreements concerning this TOR. The parties agree that they will not attempt to enforce the terms of this TOR in any domestic, foreign, third party or international court or tribunal, nor will they refer disputes or disagreements for resolution in accordance with any international or third party law or procedure.

B (S/SI) This TOR constitutes the entire agreement between the BND, the BfV and NSA to implement the support for the XKeyscore software. Modifications to this TOR shall not be valid unless agreed to in writing by the parties. This TOR shall be classified SECRET/COMINT by all three parties. The BND, the BfV and the NSA agree that no third party shall be made aware of this TOR without the express written consent oft he other parties.

C (S/SI) This TOR shall be become affective as of the date of the last signature and will be reviewed at least every two years. It may be modified only by mutual written consent of the parties. Termination shall be by mutual agreement in writing. This document may also be terminated uniliterally by either party uponwritten notice to the other parties via certified mail.

V. (U) Funding

A (U) While no consequential costs are expected, each party will bear all unexpectedly occurring costs by this TOR for the respective party.

VI. (U) Points of contact

(S/SI) The NSA point of contact for this agreement is the Technical Liaison Manager. The BND point of contact is the XKeyscore Liaison Manager. The BfV point of contact is the Head of the Lawfull Interception Group.

In whitness wherefor each of the parties mutually agrees to the above and has executed with the full intention of being bound thereby.

VII. (U) Signatures

For the Bundesnachrichtendienst
Pauland, SIGINT Director, 08.04.2013

For the National Security Agency
(unleserlich), SIGINT Director, 26.04.2013

For the Bundesamt für Verfassungsschutz
(unleserlich), BfV Director, 05.04.2013