Data is intercepted and collected by approximately 20 interception sites, located on national and overseas territories and comprised of satellite stations and interception of fibre-optic submarine cables.
In Sweden, the National Defence Radio Establishment (FRA) is alleged to have been running "upstreaming" operations (tapping directly into the communications infrastructure as a means to intercept data) for the collection of private data -- collecting both the content of messages as well as metadata of communications crossing Swedish borders through fibre-optic cables from the Baltic Sea. The metadata is retained in bulk and stored in a database known as "Titan" for a period of 18 months.
In Germany, large-scale surveillance activities are predominantly carried out by the Bundesnachrichtendienst (BND), which has a staff of 6,500 and last year had a budget of €504.8 million (US$694 million). Two other organizations also believed to be running mass surveillance operations or processing related data are Militärischen Abschirmdienst (MAD) and the Bundesamt für Verfassungsschutz (BfV).
The BfV employs 2,757 people and had a budget of €210 million in 2012. The three intelligence agencies together search up to 20 percent of communications having a foreign element for specific purposes such as the fight against terrorism or the protection of the Constitution.
The report notes that there are currently no publicly disclosed programs of mass cybersurveillance in the Netherlands. However, the Joint Sigint Cyber Unit (JSCU) is due to be up and running next year. It is expected to centralize cybersurveillance in the Netherlands and will have a staff of 350. Its annual budget is unknown, but it will cost €17 million to set up.
The official objective of the program is the infiltration of computers and networks to acquire data for early-warning intelligence products; the composition of a cyberthreat picture; enhancing the intelligence; and conducting counterintelligence activities.
According to the Parliament report, there are strong suggestions to indicate that several if not all of these member states are exchanging intercepted data with foreign intelligence services, namely the NSA.
"At a very pragmatic level, large-scale surveillance appears to have strong limitations and is certainly not key in crime prevention. Such surveillance creates the tendency to collect data extensively and retain them over a long period of time in order to establish series of trends that facilitates big data correlations and hierarchies," the report said.
However, the report is concerned that the distinction between targeted surveillance for criminal investigations purposes and large-scale surveillance with unclear objectives is increasingly blurred, and recommends further investigation.