Germany's data protection commissioner, Andrea Vosshoff, has issued a scathing review of the country's Federal Intelligence Service (BND), accusing the agency of egregiously abusing its mandate and breaking the law.

The revelations emerged from a secret 60-page report that was initially published in March of this year. The document was leaked to the German broadcaster NDR, which revealed its findings on Thursday.

"Without any legal basis, the BND collected personal data and continued to systematically use them," Vosshoff wrote, using the German acronym for intelligence agency.

As Germany's highest-ranking protector of data security, Vosshoff had been tasked with evaluating the intelligence agency's surveillance of telecommunications data. Her report was both extensive and damning. According to NDR, she used the word "unlawful" more than 30 times to describe the BND's actions.

The headquarters of Germany's intelligence service, the Bundesnachrichtendienst

Uncooperative spies

Vosshoff also complained that the intelligence agency had tried to prevent her from carrying out her mandate of keeping the country's spies in check. When she made it clear that she would be carrying out an evaluation of the agency's work, for instance, she said, "The BND unlawfully restricted my control in a massive way and on multiple occasions."

"A comprehensive, efficient evaluation was therefore not possible," Vosshoff added. "These are serious violations of the law."

The BND was particularly uncooperative when it came to its use of so-called "Selector Lists," which the Germans had received from their American counterparts at the National Security Agency (NSA), Vosshoff said.

Selectors are specific targets, such as telephone numbers or email addresses. By using selectors, analysts can refine their search for a particular person. According to the German newsmagazine "Der Spiegel," the BND is in possession of hundreds of thousands of such targets, perhaps even more than a million.

Vosshoff found that the German spies had accepted "Selector Lists" from their NSA colleagues often without reason or without confirming the authenticity of the data they contained. This represented another "serious violation," she claimed.

A map of locations of the surveillance tool XKeyscore. The image is from 2013

Too much data

The data protection commissioner also took aim at a search tool provided by the NSA known as "XKeyscore," which featured prominently in the information leaked by Edward Snowden, who described it as a means for practically limitless surveillance of anyone anywhere in the world.

In a television interview with NDR back in 2014, when asked what capabilities XKeyscore would grant him, Snowden called it a "one-stop shop for access to the NSA's information."

"You could read anyone’s email in the world - anybody you’ve got an email address for. Any website - you can watch traffic to and from it, any computer that an individual sits at - you can watch it, any laptop that you’re tracking - you can follow it as it moves from place to place throughout the world.," Snowden said.

"In many respects, the BND used 'XKeyscore' to collect personal data that was not necessary for it to fulfill its duties," Vosshoff wrote in her report, saying that spot tests had revealed that the BND had at times "collected and saved personal data on 15 blameless people" when going after a single target.

She said it was "indisputable" that the BND did not need that much information. Overall, she judged the violations as being so grave that the intelligence service should be forced to shut down a number of its activities.

When asked if it would like to comment on the now-public report, the German Chancellery said its policy was to respond only to the relevant parliamentary committee in matters of intelligence. The BND deferred to the Chancellery when asked the same question.