Concerned that Germany's federal spy agency has been snooping on its email exchanges with journalists operating in dangerous countries, press freedom group Reporters Without Borders has lodged a constitutional lawsuit against the Bundesnachrichtendienst (BND).
Reporters Without Borders, Reporter ohne Grenzen or ROG, previously sued the BND at a Leipzig federal administrative court in 2015, arguing that the spy agency's mass-surveillance programs were likely to have scooped up its correspondence.
The claim related specifically to the year 2013 when, according to a subsequent parliamentary report, the BND's email-scanning systems flagged up over 15,000 messages for inspection by human eyes.
Given that ROG regularly corresponds with reporters in countries that are of interest to the BND, such as those in former Soviet states, the organization said it was likely that the BND's search criteria would have flagged up its communications.
ROG claimed this surveillance of its emails was illegal. However, last December the Leipzig court threw out most of the case on the basis that the press organization could not prove its correspondence had been spied on. A separate strand of the suit, regarding the legality of the BND's VerAS metadata analysis system, is still under way.
Now ROG is appealing to Germany's highest court. According to spokesman Christoph Dreyer, this development was always expected. "We were in fact hoping to take it to the constitutional court," he said.
As before, ROG reckons the BND is breaking Germany's G10 law, which covers the secrecy of post and telecoms and which supposedly imposes restrictions on the BND's activities. ROG says the surveillance infringes on freedom of expression and interferes with the freedom of the profession, because it limits the ability of journalists to maintain confidentiality.
Importantly, though, ROG is now also complaining about the lack of effective legal recourse.
"Because this surveillance is done in secret, the courts have been saying that you can't prove you were affected by it," Dreyer said. "We consider that absurd. It means you have no way to get the courts to look at it."
The BND's mass-surveillance capabilities come largely from tapping into the data that flows through German internet infrastructure, particularly the De-Cix exchange point in Frankfurt, the largest hub of its kind in the world.
The G10 law supposedly restricts the agency to inspecting a maximum of 20 percent of the traffic flowing through De-Cix, but last September the hub's operators sued the government, complaining that the BND had been exceeding that limit.
Last week, Der Spiegel reported that the BND has been systematically spying on foreign journalists for years. However, this surveillance was targeted rather than the type of mass snooping at the heart of ROG's new complaint.
The BND declined to comment on ROG's constitutional suit, saying it does not publicly discuss its work.
More on security
- Soon, you can buy gadgets that self-destruct when stolen
- Slack bug granted hackers full access to accounts, messages
- Google to Apple users: We're beefing up malware protection for Chrome on macOS
- This old ransomware variant is back - with sneaky new tricks
- Yahoo's security follies add up to real money: Will companies learn from Yahoo's mistakes?
- 'Previously unseen' malware behind cyberattack against UK's biggest hospital group