The security situation is changing rapidly, which requires the Independent Oversight Authority for Intelligence Activities (OA-IA) to continually adapt its audit activities. For example, the war in Ukraine and recent developments in the Middle East have influenced the activities of the services under supervision, necessitating a flexible approach by the OA-IA to understanding and auditing these activities.
The transformation of the Federal Intelligence Service (FIS) also required the flexibility and agility of the OA-IA. Furthermore, technological developments such as the use of artificial intelligence (AI) need to be monitored, analysed and incorporated into the OA-IA’s audit activities. Adjusting to changing framework conditions is thus a task that also forms a topic of discussion with other oversight authorities internationally.
Looking back on the year, the Audit ‘22-15 Open-source intelligence (OSINT)’ conducted at the Federal Intelligence Service (FIS) proved to be one of the focal points of the OA-IA’s audit activities in 2023. OSINT is a rapidly developing area of information gathering. Linking a seemingly infinite amount of publicly accessible data creates almost endless possibilities for intelligence services to gather information. Legal and ethical questions arise – the distinction between OSINT and information gathering measures requiring authorisation, for example, or whether the procurement or use of data stolen by third parties still falls within this area. Supervisory authorities around the world are closely observing and discussing intelligence services’ use of this method of information gathering. The OA-IA has audited the FIS’s use of this information-gathering measure and issued various recommendations.
The OA-IA had originally planned to conduct 16 audits in 2023; four of these were cancelled later in the year. One audit from 2021 was completed in 2023. Final reports for seven audits from 2022 were completed and sent off in 2023. Of the audits planned for 2023, the OA-IA completed its audit activities for seven of them and sent three final audit reports to the Federal Department of Defence, Civil Protection and Sport (DDPS).
In addition to the audits completed at the FIS, one audit was conducted on the Electronic Operations Centre (ECO, from 01/01/2024 «Cyber and Electromagnetic Activites Service (CEA)). With regard to the Military Intelligence Service (MIS), the OA-IA conducted various discussions at management level regarding its supervisory authority in the area of the Armed Forces Preventive Protection Service (DPSA) and added an appropriate audit to its audit plan for 2024.
