Massive surveillance by BND spy agency is illegal, says De-Cix.
The operator of the world’s largest Internet exchange point, De-Cix, is suing the German government in an attempt to stop mass surveillance by the country’s spies.
Internet exchange points are the hubs where the Internet’s core lines cross paths, so information can flow from anywhere to anywhere. De-Cix’s main hub is in Frankfurt, Germany, and it is the largest of its kind in the world.
On Friday, De-Cix said it was pushing back against the legal orders it receives from the German Federal Intelligence Service (Bundesnachrichtendienst, or BND, for short) that force it to allow the mass monitoring of communications flowing through its Frankfurt Internet exchange point.
De-Cix said it wanted to show that the orders were illegal under the so-called G10 Act, which is analogous to the controversial U.S. Foreign Intelligence Surveillance Act (FISA), and allows the strategic monitoring of international communications that flow through Germany.
Get Data Sheet, Fortune’s technology newsletter.
“We have grave doubts about the legality of the current practice,” De-Cix said, citing a recently published paper by constitutional lawyer Hans-Jürgen Papier that said the legal orders were “completely illegal.”
Papier’s paper said the BND’s level of surveillance was disproportionate and disregarded whether the people whose communications were being scooped up were Germans or foreigners, or whether they were in the country or outside it.
“We consider ourselves under obligation to our customers to work towards a situation in which strategic surveillance of their telecommunications only takes place in a legal manner,” De-Cix said on Friday.
De-Cix has previously disclosed how the BND uses the Frankfurt hub to wiretap dozens of Internet service providers at once. Giving evidence at a parliamentary inquiry into Edward Snowden’s revelations about the U.S. National Security Agency (NSA), the Internet exchange point’s operators said the BND was violating a clause in the G10 Act that limits it to performing mass intercepts on a fifth of the hub’s available bandwidth at any given time.
Its lawsuit, filed at a Leipzig administrative court on Friday, targets the German interior ministry. The ministry did not have any comment to make at the time of writing.
However, De-Cix spokesman Carsten Titt said the lawsuit had not been prompted by any customer complaints about the BND’s activities.
“There was no customer pressure. We just wanted to straighten up the law and see if it’s really legal what they’re doing,” he said, adding that the findings of Papier—the former president of Germany’s constitutional court—were very clear that the BND was breaking the law.
For more on mass surveillance, watch:
Separately, it emerged two weeks ago that the BND is systematically collecting and using people’s personal data with no legal basis. A suppressed report by Germany’s federal data protection commissioner was leaked to the media, which reported that the BND was regularly over-collecting information using the NSA’s XKeyscore software, in breach of German law.
The report also showed the BND was passing on the information it collected to the NSA, without properly scrubbing out data about German citizens, and therefore again breaching the G10 Act.
The German government is currently trying to pass a new law governing the BND that, critics say, would legalize the agency’s illegal activities.