The digitization and networking of our world continues apace. The Internet and web-based services underpin this development. If our society is to leverage the opportunities and potential of the digital revolution, then we need to engender people's trust in security and make sure their data is protected.
The suspicion that foreign intelligence services have been involved in large-scale espionage has shaken this trust. The German Parliamentary Committee investigating the NSA affair has, however, also voiced criticism of the German Intelligence Services: has the Bundesnachrichtendienst (BND) helped the NSA perpetrate industrial espionage against European companies? Were European politicians, institutions or media spied upon? The accusation is out there and needs to be clarified urgently.
For Deutsche Telekom the German Parliamentary Committee investigating the NSA affair has already shown that the legislator needs to tighten up the BND's powers. As a telecommunications company we have to cooperate with the BND so that it can fulfill its statutory remit. There is no cooperation above and beyond this requirement, let alone any illegal cooperation. At the same time we need to look after our customers' civil liberties. This requires a clear legal basis, transparent rules and effective controls. We therefore welcome the fact that the German government intends to review the BND's powers.
In our view, the following topics in particular should be readdressed:
- Strengthening of the G10 commission: Any telecommunications monitoring by the BND should be subject to a G10 judicial order. Thus there would be a clear regime with no leeway for interpretation. This way there would no longer be any controversy regarding the question of whether the constitutional protection of telecommunications secrecy also applies to non-German citizens. In any case, since 2008 Deutsche Telekom has only fulfilled its obligations vis-à-vis the BND on the basis of G10 judicial orders.
- Guidelines regarding the technical implementation of telecommunications monitoring by the BND (technical policy): Clear and verifiable guidelines regarding the technical implementation of telecommunications monitoring by the BND would be welcomed. The corresponding Telecommunications Monitoring Regulation [Telekommunikations-Überwachungsverordnung – TKÜV] has hitherto limited the detailed regulations largely to the “classic” telecommunications monitoring by law-enforcement authorities. Similarly, the BND should supplement arrangements governing monitoring measures to take account of the specific characteristics of secrecy in the case of strategic telecommunications monitoring.
- Check by the German Federal Office for Information Security [Bundesamt für Sicherheit in der Informationstechnik – BSI]: The BSI is responsible for checking and certifying IT of the federal administration and, in turn, of the BND systems. This check was, however, not conducted on-site on the equipment used specifically by the BND – at least according to the information released from the public part of the parliamentary committee. Rather, the used model was only checked generally in the laboratory and on the basis of documentation. While that does comply with the BSI's current statutory obligations, the scope of the check needs to be extended in order to restore transparency and trust, and should also include the specific installation and usage on the network operator's premises.
These measures would ensure that all monitoring measures are subject to the control of the G10 commission, that there are clear technical guidelines for monitoring measures, and that the BSI conducts a technical check. In addition, the control bodies – G10 commission, parliamentary supervisory body and chancellor's office – of course have the necessary resources to carry out their tasks. And, ultimately, the BND itself could ensure greater transparency by publishing generic case figures. This is also a key demand from the ten-point program for increased cyber security, which Deutsche Telekom published in January. Government could help decisively bolster the trust of individuals in digital services and reinforce their civil liberties without undermining public security needs. We are convinced that a public discussion on the BND's powers ultimately reinforces its position within society. Since Deutsche Telekom takes its responsibility for protecting its customers' data very seriously indeed, we would like to constructively engage in this public discussion with specific proposals.