ON
← Back to feed
With Zero-Days, the BND and the Gestapo are to become Supersuper-intelligence services
Germany🏛️ PoliticsLean Progressive3 days ago

With Zero-Days, the BND and the Gestapo are to become Supersuper-intelligence services

The German Federal Ministry of the Interior (BMI) has proposed a major reform of Germany’s intelligence laws, aiming to restructure the legal powers of the Federal Office for the Protection of the Constitution (BfV) and the Federal Intelligence Service (BND), as well as their interrelations. The reform, outlined in a 648-page draft, would grant both agencies expanded hacking capabilities in cyberspace, allowing them to act independently in cyber operations. This includes enabling agents to intervene during ongoing cyberattacks under certain conditions, such as when other authorities like the police cannot respond quickly enough. Critics argue this represents a shift toward more extensive surveillance powers, justified by claims of heightened security threats, while raising concerns about potential erosion of digital freedoms. Additionally, the reform seeks to redefine the relationship between the Federal Office for Information Security (BSI) and the BND, requiring the BSI to share security-relevant information with the BND at earlier stages of attacks, including insights into zero-day vulnerabilities—security flaws without available patches.

The German government has proposed a significant reform of its intelligence law, which includes provisions that would require the Federal Office for Information Security (BSI) to share information about known zero-day vulnerabilities with the foreign intelligence agency, the Federal Intelligence Service (BND). This proposal, presented by the Federal Ministry of the Interior (BMI), has sparked controversy among cybersecurity experts and civil liberties advocates who argue that it undermines the trust between state institutions and the IT security community. According to the draft legislation, public authorities would be allowed to provide the BND with information, including personal data, as soon as there is a concrete indication that such data could be relevant to foreign intelligence operations. The BSI, which is legally mandated to act as a central authority for information security on a national level, would be explicitly required to cooperate with the BND. This move represents a fundamental shift in Germany's approach to digital security policy, moving away from a model based on mutual trust towards one characterized by increasing suspicion and proactive intervention. The draft bill outlines a comprehensive transformation of Germany’s digital security architecture, emphasizing active measures to address threats in cyberspace. It allows intelligence agencies to operate more freely in areas previously considered protected under constitutional rights. Additionally, the bill suggests that third parties can increasingly be involved in digital investigative actions carried out by the state. The inclusion of a cooperation obligation between the BSI and the BND aligns seamlessly with this new framework, raising concerns about the potential misuse of critical infrastructure vulnerabilities. The proposed changes aim to utilize the period between the discovery of a vulnerability, notification to software vendors, and the eventual patching of the flaw for intelligence purposes. This time frame, currently intended for swift resolution of security issues, would instead be used to exploit these weaknesses for strategic advantage. The draft refers to this practice as “adding value” to the situation, highlighting the tension between immediate threat mitigation and long-term strategic interests. Critics warn that this shift could have serious consequences for Germany’s overall digital security posture. If the BSI is perceived as prioritizing intelligence operations over rapid patching of vulnerabilities, it might deter organizations and researchers from reporting newly discovered flaws. This could lead to an increase in unpatched vulnerabilities within critical infrastructure, especially during a time when geopolitical tensions and hybrid threats are rising. The loss of trust between the BSI and the IT security community could result in reduced collaboration, ultimately weakening the country's defenses against cyber attacks. The draft also introduces extensive legal modifications without clear evidence of corresponding security benefits. While the ministry cites increased threats as justification for expanding surveillance powers, opponents argue that such measures risk further eroding digital freedoms. They suggest that the proposed reforms present a familiar pattern in security legislation where expanded surveillance capabilities are framed as necessary responses to ongoing threats, despite the potential impact on civil liberties. The proposed changes include provisions for active defense measures, allowing agents to intervene in ongoing cyberattacks under certain conditions. For example, if an intelligence service discovers malware within an attacker's infrastructure before law enforcement can respond, they would be permitted to take immediate countermeasures rather than waiting for traditional legal processes. Critics refer to this as establishing a legal basis for state-sponsored hacking, blurring the lines between defensive reconnaissance and offensive action. Particularly controversial is the revised relationship between the BSI and the BND. According to the draft, the threshold for sharing sensitive information with the BND would be lowered significantly compared to current regulations. Public entities would be required to transmit security-related insights to the BND at earlier stages of an attack, sometimes even automatically. The rationale behind this is that the BND, due to its strategic communications monitoring activities, can better contextualize isolated incidents within a broader global framework, enabling earlier detection of threats. Handling of IT vulnerabilities is particularly contentious. The draft mandates that the BSI must immediately and preferably automatically relay knowledge about the technical functioning of discovered security flaws to the BND. With regard to zero-day exploits—vulnerabilities without available patches—the BMI argues that this timeframe can be utilized for crucial work by the BND. Delays in resolving these issues would significantly reduce their applicability. This would place the BSI in a difficult position, as it would be required to prioritize intelligence operations over the prompt closure of security gaps, contrary to the original intent of the coalition government. Financially, the initiative marks a substantial expansion of cyber capabilities, indicating a commitment to enhancing the BND's operational reach. However, the extent of oversight mechanisms remains limited, with control responsibilities being consolidated under the Independent Control Council (UKRat), which could exercise court-like preliminary supervision but with restricted scope.

How each side covered it

The same event, grouped by the political lean of the outlets covering it.

How each side covered it

Support independent, bias-aware news and unlock the social pulse, community voting, and your personalized For You feed.

Become a Supporter

Covered around the world

The same event as reported in other countries.

Covered around the world

Support independent, bias-aware news and unlock the social pulse, community voting, and your personalized For You feed.

Become a Supporter

Claims check

Key factual claims, and how many sources assert vs dispute each.

Claims check

Support independent, bias-aware news and unlock the social pulse, community voting, and your personalized For You feed.

Become a Supporter

Go to the primary sources (1)

The official sources this coverage is built on. Read them directly to bypass framing.

2 reports

heise online logoheise onlineIndependentProgressive3 days ago
Comment: BSI must not become a zero-day supplier to the BND

The article discusses a proposed reform to Germany’s intelligence services law, specifically targeting the Federal Office for Information Security (BSI). The draft legislation, published by the Federal Interior Ministry (BMI), would require the BSI to report known zero-day vulnerabilities to the Federal Intelligence Service (BND) before any patch is available. This move is criticized as undermining the trust between the state and the cybersecurity community, and as contradicting the BSI’s core mission of protecting information security. The author argues that this change represents a fundamental shift in Germany’s approach to digital national security, moving toward increased surveillance and reducing privacy protections. It also highlights concerns over the potential misuse of security flaws for intelligence purposes.

Bias read (Progressive): The article frames the proposed changes as a dangerous expansion of state power and a threat to civil liberties, using strong language such as 'preisgeben' (betrayal) and 'ad absurdum' (to absurdity). It criticizes the government’s stance as prioritizing intelligence gathering over cybersecurity and

heise online logoheise onlineIndependentCenter4 days ago
With Zero-Days, the BND and the Gestapo are to become Supersuper-intelligence services

The German Federal Ministry of the Interior (BMI) has proposed a major reform of Germany’s intelligence laws, aiming to restructure the legal powers of the Federal Office for the Protection of the Constitution (BfV) and the Federal Intelligence Service (BND), as well as their interrelations. The reform, outlined in a 648-page draft, would grant both agencies expanded hacking capabilities in cyberspace, allowing them to act independently in cyber operations. This includes enabling agents to intervene during ongoing cyberattacks under certain conditions, such as when other authorities like the police cannot respond quickly enough. Critics argue this represents a shift toward more extensive surveillance powers, justified by claims of heightened security threats, while raising concerns about potential erosion of digital freedoms. Additionally, the reform seeks to redefine the relationship between the Federal Office for Information Security (BSI) and the BND, requiring the BSI to share security-relevant information with the BND at earlier stages of attacks, including insights into zero-day vulnerabilities—security flaws without available patches.

Bias read (Center): The article presents the proposed reforms neutrally, outlining both the government's justification for expanding cyber capabilities and the criticisms regarding increased surveillance and risks to digital rights. It does not favor one side over the other but provides balanced perspectives from both.

Keep the news honest.

ObjectiveNews is reader-funded and ad-free — we show you the bias instead of hiding it. Support independent journalism for €5/month.

Become a Supporter

Related stories