By Steven van der Plas
On the 26th of January 2018, Dutch media channels were dominated by a report from journalists of the Dutch newspapers Volkskrant and Nieuwsuur [1]. The report shed light on the activities of the Dutch intelligence services (AIVD) in recent years, most notably its infiltration of important Russian hacking groups and its crucial role in helping the US against cyberattacks from Russia [1]. Through its unnoticed infiltration, the AIVD was able to supply the US with important information when these Russian hacking groups attacked the US ministry of foreign affairs and the white house in 2014 [1]. In exchange, the Netherlands received technical knowledge and intelligence from the United States. Dutch Prime Minister Rutte commented he was ‘amazingly proud’ of the success of the AIVD and then underpinned the necessity of the new proposed law on intelligence and security services, which would give the AIVD more methods to access digital data on a large scale [2]. The law has met fierce resistance from within the Dutch population which has resulted in a referendum over the proposed law in March of 2018, with the main criticism of the law being that that it jeopardises the privacy of innocent civilians. The protests against the new law and the recent success of the AIVD have led to questions whether measures that erode citizens’ privacy are necessary to provide security and if it is necessary to have this dilemma of privacy versus security at all.
The law and the privacy concerns surrounding it
The proposed law is aimed at the AIVD and its military counterpart, the MIVD. These are the Dutch national intelligence and security organizations, which help in guaranteeing national and international security by defending against cyber-attacks, the prevention of terrorism and by monitoring potential security threats [3]. To do these things, the AIVD and MIVD need to tap the online communication of certain individuals. The previous law, which dates from 2002, does not allow the interception of communication on a large scale through ethernet or cable [4]. The new law seeks to change that by allowing the AIVD and MIVD to tap huge amounts of information through these means on a broad scale. The collected information needs to be destroyed after it is deemed unimportant for ongoing investigations [5]. If the relevancy of such information to the current investigation is not evaluated within 3 years, it needs to be destroyed regardless [6]. According to the government, the proposed law is necessary because the Dutch intelligence organizations lack the methods necessary to identify potential threats in a technologically advanced environment. Without this law, the AIVD and MIVD are not able to do their job effectively. On the other hand, critics of the law state that collecting information of innocent civilians on a massive scale is a breach of privacy and that this makes the methods unethical. Others have problems with intelligence organizations keeping information of innocent civilians for potentially 3 years.
The new law does give the AIVD and MIVD far reaching instruments to gather information on a massive scale. Does this mean that all our information is at risk to be tapped if such a law is implemented? To counter potential misuse of the new instruments by the intelligence services, several limiting factors are entrenched in the law. In order to wiretap internet information on a large scale, permission is needed from the Minister of Justice and from an independent commission [4]. The commission will determine if the minister has rightfully given permission. If this is not the case, then permission will be retracted [4]. Furthermore, the commission for scrutiny of intelligence and security services (CTIVD) will be strengthened with an independent department for complaints of citizens and a contact point for abuse of power by the AIVD and MIVD [4]. This commission can issue rulings which are binding to the Minister of Justice. Lastly, information can only be shared with foreign intelligence services with the permission of the Minister of Justice and is subject to the control of the CTIVD [4].
The direction of the debate and possible alternatives
The debate on the law on intelligence and security services has been dominated by the concern that the national intelligence services will gain too much power with these measures. Such concerns are certainly valid and privacy should be guaranteed in any liberal democracy. However, these concerns are sometimes accompanied by a lack of understanding of what the law does and what the limits of the intelligence services are under this law. In reality, the content of the law itself is more nuanced than the debate surrounding it. What is also unfortunate is that the principles of privacy and security are placed against each other in the law and the ongoing discussion. The focus on these principles distracts from the actual contents of the law and whether the measures are actually necessary. Therefore, the debate should not focus on which of these principles is more important but on the effectiveness and the necessity of the new methods this law will introduce to the AIVD and MIVD. Alternative measures that do not sacrifice citizens’ privacy to help intelligence services also need to be considered and discussed. For example, what would be the effects of further increasing funding and capacity of the AIVD and MIVD? Focussing on these aspects and not on a discussion of principles will provide a much more healthy and productive debate that will help finding the best available solution in this important policy area.
Sources:
1. Modderkolk, H. (2018, Januari 26). Hackers AIVD leverden cruciaal bewijs over Russische inmenging in Amerikaanse verkiezingen. Retrieved Januari 30, 2018 from: https://www.volkskrant.nl/tech/hackers-aivd-leverden-cruciaal-bewijs-over-russische- inmenging-in-amerikaanse-verkiezingen~a4561895/
2. De Vries, J. (2018, januari 26). Rutte zwijgt over Russische hacks, maar wil wel ‘doorpakken met inlichtingenwet’. Retrieved Januari 30, 2018 from: https://www.volkskrant.nl/4562…
3. Bevoegdheden inlichtingendiensten en veiligheidsdiensten, 2018, Retrieved Januari 30, 2018 from: https://www.rijksoverheid.nl/onderwerpen/bevoegdheden- inlichtingendiensten-en-veiligheidsdiensten?utm_campaign=sea-t-wiv-a- wiv_algemeen&utm_term=wiv&gclid=EAIaIQobChMIk9rTv7L_2AIVypkbCh3apQi DEAAYASAAEgL1-vD_BwE
4. Referendum Wiv 2017: Verschillen tussen de Wiv 2002 en de Wiv 2017, 2018, Retrieved Januari 30, 2018 from: https://www.referendum-commissie.nl/referendum-wiv- 2017/verschillen-tussen-de-wiv-2002-en-de-wiv-2017
5. Samenvatting van de Wet op de inlichtingen- en veiligheidsdiensten 2017: hoofdstuk 3, 2018, Retrieved Januari 30, 2018 from: https://www.referendum- commissie.nl/referendum-wiv-2017/samenvatting-van-de-wiv-2017/hoofdstuk-3-de- verwerking-van-gegevens-artikel-17-t-m-70