Strategic Planning

Overview

The first phase of the SIGINT process involves the identification and formulation of intelligence priorities. The process of strategic planning should draw on insights from previous assessments of collected intelligence and their value after analysis.

Relevant Aspects

Mandate:
A clear and specific legal mandate is the precondition for the transparency and accountability of foreign intelligence gathering. The mandate should describe specific legal grounds, against which the permissibility and proportionality of a particular measure can be assessed. It should also stipulate what data sources or types of communications may and may not be included in SIGINT collection.

Necessity:
According to jurisprudence by the European Court of Human Rights (ECtHR) and the Court of Justice of the European Union (EU), bulk surveillance is only permissible when it is strictly necessary to protect the democratic institutions of society. This indicates that intelligence services of signatory countries of the European Convention on Human Rights and the European Union Charter of Fundamental Rights may only engage in bulk collection techniques in relation to clearly confined categories of serious threats to a democratic society. These categories ought to go beyond a general understanding of what constitutes a serious threat.

Accountability for tasking:
The actors involved in setting intelligence priorities play a significant role here. There may be both external planning and tasking by government officials or ministers outside the services, and internal planning and tasking by the services. External planning and tasking traditionally focus more on a strategic/political level, whereas internal planning typically includes a stipulation of data sources or types of communications.

Setting strategic goals and formulating operational priorities is a core competence of the executive. Consequently, we found only very limited involvement of oversight bodies in the tasking and planning phases. Privacy International also found that no intelligence oversight body currently possesses the power to authorize decisions to share intelligence. Clearly, this invokes not just legal and operational questions but also political ones. Can a government sufficiently trust a foreign service to engage in new cooperations? Interestingly, some oversight bodies have recently taken an interest in reviewing the tasking of and cooperation between intelligence services, as the following examples illustrate.

Keeping oversight bodies regularly informed about operational purposes in actual practice helps them to identify shifting priorities and assess their compatibility with the legal framework. Thus, having a legal statute that prescribes detailed purposes or uses for bulk powers is one thing. Better still is to add actual reports on how priorities have been set in practice.

Citizenship-based discrimination:
The majority of foreign intelligence laws are structured along a basic separation between “domestic” and “foreign” data. Domestic communication – defined either according to citizenship or based on territoriality – typically enjoys greater protection in most countries than what is seen as “foreign” or “overseas” communications. In a global digitized environment, however, it is very difficult to distinguish accurately between national and non-national data.

Moreover, separating populations may conflict with the principle of non-discrimination, as laid down in some national constitutions, EU law, as well as in international human rights law. In addition, although international law may not explicitly prohibit suspicionless bulk surveillance, it does not endorse it either. Democracies have an obligation to interpret their national laws with a view to their compatibility with international law. Human rights cannot be territorially restricted. This includes the right to privacy under Article 17 of the International Covenant on Civic and Political Rights, which, many people argue, cannot be construed as a club good.

But even without taking this into account, filtering such data so as to allow it to be subject to different data processing and data protection standards is extremely difficult. Unless the filter programs work with 100 percent precision, incidental collection of domestic data appears inevitable. No foreign intelligence service can know in advance whether national data will be swept up in its bulk collection activities. There is comprehensive evidence suggesting that no filter system can sufficiently sort out domestic communications from an internet data stream. Even communications that are sent and received within the same country can be routed via third countries. The technical features of packet-based transmissions of communications on the internet make it practically impossible to clearly encircle a complex data category such as “German citizen.” Even if filters were to attain approximately 99 percent accuracy, in the sphere of bulk collection, where millions of communications are intercepted indiscriminately, such a small percentage of wrongly categorized communications data amounts to large-scale infringements of the right to privacy of thousands of people. Consequently, poorly documented and designed filter systems do not assuage concerns about the chilling effects on certain fundamental rights and the possible violations.

Filter

Good Practices

no results found

Nerd Corner

For a recent discussion on the accuracy of data minimization programs, see: Kay Rechthien and Dreo Rodosek. 2016. “Sachverständigengutachten. Beweisbeschluss SV-13, 1. Untersuchungsausschuss der 18. Wahlperiode.” https://cdn.netzpolitik.org/wp-upload/2016/10/gutachten_ip_lokalisation_rodosek.pdf.

For an in-depth explanation of the risk assessment approach, see: Kilian Vieth and Thorsten Wetzling. 2019. “Data-driven Intelligence Oversight: Recommendations for a System Update.” https://guardint.org/2019/11/28/data-driven-intelligence-oversight-recommendations-for-a-system-update/.

More information on the topic of citizenship in national surveillance legislation can be found in: Peter Swire, Jesse Woo, and Deven R. Desai. 2018. “The Important, Justifiable, and Constrained Role of Nationality in Foreign Intelligence Surveillance.” Lawfare. https://www.lawfareblog.com/important-justifiable-and-constrained-role-nationality-foreign-intelligence-surveillance-0 (arguing for nationality as a key factor in surveillance laws).

Eijkman, Quirine, Nico van Eijk, and Robert van Schaik. 2018. “Dutch National Security Reform Under Review: Sufficient Checks and Balances in the Intelligence and Security Services Act 2017?” Institute for Information Law (IViR, University of Amsterdam). https://www.ivir.nl/publicaties/download/Wiv_2017.pdf.

German Federal Constitutional Court. 2020. Judgment of 19 May 2020 – 1 BvR 2835/17 (on the BND law). https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/EN/2020/bvg20-037.html.

Murray, Daragh, Pete Fussey, and Maurice Sunkin. 2018. “Response to Invitation for Submissions on Issues Relevant to the Proportionality of Bulk Powers.” https://www.ipco.org.uk/docs/Essex%20HRBDT%20Submission%20to%20IPCO%20Re%20Proportionality%20Consultation.pdf.

Vieth-Ditlmann, Kilian and Wetzling, Thorsten. 2021. “Caught in the Act? An analysis of Germany’s new SIGINT reform”. https://www.stiftung-nv.de/sites/default/files/caught-in-the-act_analysis-of-germanys-new-sigint-reform.pdf

Wetzling, Thorsten. 2020. “Try Harder, Bundestag! Germany Has to Rewrite Its Foreign Intelligence Law.” About:intel. May 22, 2020. https://aboutintel.eu/german-constitutional-court-bnd-ruling/.