an individual case, an impending danger of a terrorist offence is present is to be interpreted in such a way that such measures are only permitted if the facts indicate
an occurrence that is specific at least with regard to its type and that is temporally
foreseeable, and if it is clear that specific persons will be involved and their identity
is sufficiently determined for surveillance measures to be carried out with respect to
and largely limited to them (BVerfGE 120, 274 <329>). It is also sufficient if an occurrence is not specific at least with regard to its type and not temporally foreseeable yet
the individual behaviour of the person concerned substantiates the specific probability that the person will commit such offences in the near future (see above, C IV 1 b).
Since § 20k sec. 1 sentence 2 BKAG is drafted in accordance with the case-law of
the Federal Constitutional Court (BVerfGE 120, 274 <329>), it can be presumed that
the legislature intended to refer to it. The provision can thus still be interpreted in a
manner that is compatible with the Constitution.
214
bb) Furthermore, in respect of the substantive conditions for interference, the provision satisfies the principle of proportionality. In particular, § 20k sec. 2 BKAG provides that changes to the information technology system caused by the access must
be minimised, the use of the access by third parties must be prevented, and at termination it must be reversed to the greatest extent possible (cf. in this respect BVerfGE
120, 274 <325 and 326>). The fact that consequential damage cannot be ruled out
entirely does not render the measure disproportionate from the outset. Respect for
the principle of proportionality in individual cases also means that open access to a
target person’s data sets must generally be given priority over covert infiltration.
215
c) Moreover, there are no objections to the procedural design of the provision (cf. §
20k secs. 5 and 6 BKAG). A measure may only be ordered by a judge and the order
requires substantive reasoning (cf. BVerfGE 120, 274 <331 et seq.>; see above, C IV
2). The measure can be ordered for a long period of up to three months. This is constitutionally sound only on condition that this be a maximum time limit for each order
and the actual duration of the order be determined by a test of proportionality in the individual case.
216
d) The provisions for the protection of the core area of private life, however, do not
satisfy the constitutional requirements in every respect.
217
aa) Given that covert access to information technology systems typically carries with
it the risk of the collection of highly confidential data, and thus is in particular proximity
to the core area, it requires express legislative safeguards for the protection of the
core area of private life (cf. BVerfGE 120, 274 <335 et seq.>). The relevant requirements are not identical in every respect to those that apply to the surveillance of private homes, and shift the protection away from the collection level to the subsequent
analysis and use level (cf. BVerfGE 120, 274 <337>). The reason for this lies in the
specific nature of access to information technology systems. Here, protective measures to prevent violations of the core area do not aim primarily at preventing the collection and recording of a fleeting, highly confidential moment in a private space, but
218
35/71