The constitutional complaint appeals a lawsuit in the same matter that was rejected in December 2016 by the Federal Administrative Court.
From what little is publicly known about the scope and criteria of the agency’s mass surveillance of cross-border e-mail communications, RSF must assume that numerous e-mail messages of its German branch were caught in the BND’s web – and that this practice was disproportionate and lacking legal justification. Therefore it severely affects the work of RSF and harms the interests of the organization.
RSF Germany is a frequent and vital resource for many journalists both from Germany and from authoritarian states like Uzbekistan, Azerbaijan or China. They often turn to the organization because they need protection, and their communications sometimes contain extremely sensitive information. The BND’s spying on such exchanges means that these journalists can no longer be sure that their communications with RSF will remain confidential.
Germany’s Federal Administrative Court dismissed RSF’s lawsuit against the BND in December 2016, arguing that RSF had not provided sufficient evidence for an actual infringement on the secrecy of its telecommunications by the BND (AZ: 6 A 2.15). The court had already dismissed similar lawsuits in the past on the same grounds.
The constitutional complaint also challenges the deletion period for log data concerning the BND’s mass surveillance. This period is regulated by the “G-10 Law”, the German law governing exemptions from the constitutional principle of secrecy of telecommunications. According the law’s wording, the BND has to document the destruction of personal information that is initially gathered but eventually gotten rid of. Such log data sets currently have to be deleted at the end of the year following the respective infringement.
In its dismissal of RSF’s lawsuit, the Federal Administrative Court referred to this legal deletion period, arguing that any potential breach of law in 2013 could no longer be proven. Should an infringement have occurred, the court continued in its decision, then it had been “remedied without any consequences” by deleting the log data.
According to this reasoning, there would be effectively no legal protection available against most of the surveillance activities governed by the G-10 Law. This is because the most concrete evidence to assess the probability of having been spied on can be drawn from the annual reports of the Parliamentary Control Panel, the parliamentary committee supervising the activities of Germany’s intelligence services at the federal level. However, these reports are only published right after the deletion period defined in the G-10 Law expires: The report covering 2013, for instance, was released as late as January 8, 2015 – right after the date set by law for the destruction of the relevant log data.
Lawsuit against BND’s metadata analysis system still pending
Another part of RSF’s original lawsuit against the BND is still pending at the Federal Administrative Court. It is directed against the BND’s mass collection of telecommunications metadata in a massive database called “traffic analysis system” or VerAS. The BND has been operating this database since 2002, using it for extensive storage of metadata from phone calls with a foreign dimension.
During oral proceedings in mid-December, the judges asked in-depth questions indicating considerable doubts about the constitutionality of this metadata collection and demanding further clarification from the BND about it. RSF considers VerAS a disproportionate form of data retention without legal justification that endangers the protection of journalists’ sources.
Germany is ranked 16th out of 180 countries in RSF’s 2016 World Press Freedom Index.