Privacy Shield

Dragnet surveillance for secret services

Police hacking

The Dutch government introduced a new law tha will equip the secret services with dragnet surveillance. The communication of large groups of innocent citizens can be intercepted with this new interception power. Whether it is their phone calls, app messages, or the back-up of their pictures, everything they do online can get into the hands of both the General Intelligence and Security Service and the Military Intelligence and Security Service. They have an important job, but our freedom is in jeopardy if they can use a dragnet over us.

On 14 February 2017 the Dutch lower house (house of representatives) passedOur first response to this parliamentary outcome the bill for a new Intelligence and Security Services Act, despite major opposition from experts, regulators, civil society, political parties and citizens. Unfortunately this bill has been passedA brief overview of the Senate's debate and voting on the bill by the Dutch Senate on 11 July 2017. With the Senate’s vote, a years-long political battle has come to an end: the Dutch secret services have been afforded dragnet surveillance powers. It is expected that the new law will enter into force on 1 January 2018.

How did we get here?

In October 2016, The Minister of the Interior, Ronald Plasterk, decided to advance his plans to carry out bulk interception of innocent citizens’ communications: he sent the definitive dragnet bill for the new Intelligence and Security Services Act to the House of Representatives.

Oversight Committee finds proposal insufficient

The Review Committee on the Intelligence and Security Services (CTIVD) assessed the bill in an extensive report published in November 2016. In this report, the CTIVD painstakingly shows that essential safeguards like data limitation and duty of care regarding the quality of data analyses are missing in the current proposal. In addition, the CTIVD ruled that the oversight of the secret services needs to be significantly improved in order to be effective.

The House of Representatives discussed the proposal shortly before the Christmas recess. A discussion between the oversight committee, a private meeting with the services themselves, and a hearing with several experts and private parties took place. There was a lot of criticismMore about the experts crticis (in Dutch) towards the bill.

Hearing with experts and companies

During the hearing with experts and public parties, a broad spectrum of organisations sharply criticised the proposal. In an impassioned plea, the vice-chairman of the Dutch Data Protection Authority (DPA) criticised parliament’s plans for instating a dragnet, the hacking of third parties, and the exchange of intelligence with foreign agencies. He called the term “investigation assignment-focused interception”, meant to describe the dragnet, which must be a candidate for the prize of euphemism of the year.

In an extensive written responseThe written repsonse by the Dutch DPA, the DPA further elaborates on why the necessity for the proposed expansion of powers has been insufficiently argued. In addition, the DPA states that the powers are insufficiently well known and predictable for citizens, that they lack safeguards, and that truly independent and effective oversight of the services is still lacking. In other words, it is patently illegal under basic international legal principles.

On behalf of a large group of researchers, Professor of Media and Telecommunications Law Nico van Eijk elaborated an analysisThe research by the Institute for Information Law (IViR) of the flaws in the proposed surveillance bill and its lack of transparency. In addition, the Scientific Council for Government Policy (WRR) raised concernsThe report by the WRR (in Dutch) regarding the danger of chilling effects as a consequence of the proposed expansion of powers.

The companies present were also very critical – not only concerning the impact that the dragnet might have on their businesses, but also on their users. For example, Microsoft clearly opposedThe position Paper by Microsoft the creation of a dragnet by stating:

“[N]on-directional collection of data is disproportionate and harms the privacy of users and their trust in our technology”.

Criticism from the House of Representatives

As a result of all the meetings, the lower house presented the cabinet with over 52 pages of questions concerning the proposal. Many of those questions concern the untargeted nature of the dragnet, the relevance and retention period of the collected data, the quality of data analyses, and oversight of the agencies. The 52 pages of questions have been met with 110 pages of answers. These prove mainly to be reiterations of previous assertions and in no way succeed to assuage the concerns that have been expressed. The Dutch government did its best to cover up the fact that the implementation of the dragnet means implementation of mass surveillance, and continued to call the new power “investigation assignment-focused interception”. Minister Ronald Plasterk even proceeded to abbreviate the term to the apposite and deeply ironic Orwellian “OOG” (“eye” in Dutch).

What will happen now?

After some formalities the new law will enter into force on 1 January 2018. Together with other NGOs we’re exploring the possibilities of fighting the law in court. We will keep you posted.

Help mee en steun ons

Door mijn bijdrage ondersteun ik Bits of Freedom, dat kan maandelijks of eenmalig.