[Dutch] Snippets uit Lars Bové’s boek over Staatsveiligheid (VSSE), de Belgische evenknie van de AIVD

‘Staatsveiligheid’ (VSSE) is de Belgische evenknie van de AIVD. Van Belgische journalist Lars Bové verscheen over de Staatsveiligheid in april 2015 het boek De geheimen van de staatsveiligheid. Bové citeert in dat boek onder andere uit gesprekken die hij had met “een topambtenaar bij de Belgische veiligheidsdiensten”. Ik licht daarvan hieronder een passage uit van p.19-22 (van de vijfde druk). In het laatste deel van deze passage stelt de ambtenaar trouwens dat in tegenstelling tot in België, in andere landen waaronder Nederland wél een “cultuur van inlichtingen of intelligence” bestaat, en dat “de wisselwerking tussen de inlichtingendiensten en de beleidsverantwoordelijken [daar] veel professioneler [is]”. Niet duidelijk is van welk jaar de citaten dateren.

‘Er is veel te weinig geweten over de Staatsveiligheid, zeker bij onze politieke klasse. Politici hebben een heel oppervlakkige kijk op de Staatsveiligheid. Hun perceptie leunt vooral aan bij wat ze in Hollywood-films zien, terwijl Staatsveiligheid even levensbelangrijk als gevaarlijk is voor de democratie. Net als alle andere inlichtingendiensten in de wereld. Je kunt ze dus maar beter goed controleren.’
Dit zijn de woorden van een topambtenaar bij de Belgische veiligheidsdiensten. Hij kent de Staatsveiligheid erg goed. Al decennialang werkt hij op het hoogste niveau samen met de dienst, in verschillende hoedanigheden’.
We hebben afgesproken in zijn kantoor in Brussel. Zelfs zijn medewerkers weten niet dat ik hier ben om over de Staatsveiligheid te praten.
‘Ik geef liever mijn ongezouten mening dan de zaken te verbloemen’, klinkt het veelbelovend. ‘De Staatsveiligheid leeft enorm teruggetrokken, op zichzelf. Dat is een probleem.’

[…]

Ik speel advocaat van de duivel: is het niet vanzelfsprekend dat een inlichtingendienst in het geheim werkt? Dat is toch de kracht en het nut van een dergelijke dienst?
De grijze topambtenaar klinkt resoluut: ‘Als niemand mag weten waar haar informatie vandaan komt, dan heeft ze als overheidsdienst wel héél veel macht. Dan kan er van alles gebeuren. Ze kan informatie opkloppen. Ze kan informatie achterhouden. Ze kan ook rustig niets doen, zonder pottenkijkers.’
‘Het is een geheime dienst, ja. Ze moet natuurlijk discreet kunnen werken. Ze moet niet alles prijsgeven. Dat beweer ik ook niet. Maar er is nog een lange weg te gaan, naar meer transparantie en een optimale controle.’
Hij aarzelt even, kijkt uit het raam.
‘Het is niet allemaal rozengeur en maneschijn bij de Staatsveiligheid.’
Hij richt zijn blik weer even op mij.
‘Worden de agenten van de Staatsveiligheid voldoende opgeleid? Zijn ze deontologisch en psychologisch uitgerust voor een dergelijke baan?’
Ik noteer ijverig. Op al die vragen wil ik antwoorden vinden.
‘Er lopen ook nog altijd “figuren” rond bij de Staatsveiligheid. Je zult ze wel leren kennen. Ze drukken hun stempel op de dienst. Ze hebben het geschopt tot leidinggevende. Ze hebben een lange geschiedenis binnen de dienst. Ze laten zich alleen omringen met vertrouwelingen. Ze gedragen zich als feodale heersers. Zelfs de administrateur-generaal van de Staatsveiligheid weet lang niet alles. Zelfs de topman weet niet wat ze allemaal uitspoken in zijn dienst. Het gaat zo ver dat die “figuren” binnenshuis alle regenstanders proberen uitschakelen om alles in hun voordeel te kunnen manipuleren. En dan heb je ook de lagere inspecteurs die hele namiddagen op café zitten. Die krijgen vrij spel. Ook dat is moeilijk te controleren. Tot er een incident uitlekt: dan worden alle rangen gesloten voor de buitenwereld. En ik beweer niet dat ze om de haverklap dossiers verborgen houden voor hun toezichthouders. Maar het gebeurt wel.’
Ik schrik van zijn openhartigheid, of misschien vooral van het zwartgallige portret van de Staatsveiligheid. Ik vraag gretig door. Hoe is het om samen te werken met een dergelijke dienst? De topambtenaar wikt opnieuw zijn antwoord niet.
‘De Staatsveiligheid heeft de neiging om te concurreren met de politie. Ook met de andere veiligheidsdiensten. In sommige dossiers heeft ze duidelijk alleen informatie gedeeld wanneer het haar uitkwam. De Staatsveiligheid krijgt te veel macht om haar informatie af te schermen. Ze mag alles classificeren. Het wordt hoog tijd dat te veranderen.’
De ambtenaar pauzeert even.
‘Maar de Staatsveiligheid heeft wel een ondankbare opdracht’, verandert hij ineens van toon. ‘Een geheime dienst werkt met informatie en inlichtingen. Dat is wat anders dan de staalharde bewijzen die politie en gerecht gebruiken. Met inlichtingen moet je voorzichtig omspringen. Die kun je niet zomaar duiden. Je mag geen informanten verbranden. Het is allemaal obscuurder.’
Waarom is dat een ondankbare opdracht?
‘Wat de Staatsveiligheid vertelt aan de beleidsvoerders, is nooit goed nieuws. Politici horen niet graag wat de Staatsveiligheid hun te vertellen heeft. Maar een inlichtingendienst moet niet politiek correct zijn. Ze moet vertellen hoe het echt zit. Ik sta altijd versteld dat beleidsvoerders uit de lucht vallen, oprecht verbouwereerd zijn, als het gevaar van moslimterroristen of spionage voorpaginanieuws wordt, terwijl ze over die gevaren al jaren zijn gewaarschuwd door de Staatsveiligheid, binnenskamers, in vertrouwelijke nota’s.’
Politici weten niet hoe de Staatsveiligheid werkt, en als ze er informatie over krijgen, gebeurt er niets mee. Is dat de conclusie?
‘In België weten politici niet wat ze met waarschuwingen van de Staatsveiligheid moeten beginnen. Dus doen ze er liever niets mee, tot de gevaren niet langer te negeren vallen. In België heerst er geen cultuur van inlichtingen of intelligence. In andere landen, zoals de Verenigde Staten, Frankrijk of Nederland heb je wel die cultuur. Daar is de wisselwerking tussen de inlichtingendiensten en de beleidsverantwoordelijken veel professioneler. En dat is zowel de schuld van de Belgische politici, die van verkiezing naar verkiezing hollen, als van de Staatsveiligheid, die een veel te hoge muur om zich heen bouwt. Bij de Staatsveiligheid werken inderdaad nog te veel mensen die niet geheim, maar “geheimzinnig” doen, en dat is geen gezonde situatie.’

EOF

 

 

Some Elements of Intelligence Work — 73 Rules of Spycraft (Allen Dulles, 1960s)

Allen Dulles

Allen Dulles (source: Wikimedia Commons, public domain)

The Fall 2009 issue of AFIO‘s The Intelligencer contains an article by James Srodes on (declassified) notes attributed to American diplomat and lawyer Allen Dulles (1893-1969), the 5th Director of Central Intelligence and once head of the CIA. The notes are entitled “Some Elements of Intelligence Work”; the title of Srodes’s article is “Allen Dulles’s 73 Rules of Spycraft”. According to Srodes, Dulles’s writing is “unpolished and almost conversational in style, as if Dulles had simply noted them down as the basis for one of the informal lectures he continued to give to young training officers”. The elements “range from the tiny tasks of tradecraft to the broader philosophy of security, recruiting agents, and personal discipline”, and “[Dulles’s] precepts hardly seem dated even now”.

In 2010, Robert David Steele uploaded a scanned copy (.pdf) of Srodes’s article (mirror). OCR doesn’t work well on this copy, but fortunately The Grugq already has a text file of the 73 elements. Because LOCKSS, I keep a copy of that text here. A possible further read is this 8-part blog series on the elements, written from a (self-proclaimed layman’s) U.S. patriotic perspective.

“The greatest weapon a man or woman can bring to this type of work in which we are engaged is his or her hard common sense. The following notes aim at being a little common sense and applied form. Simple common sense crystallized by a certain amount of experience into a number of rules and suggestions.

  1. There are many virtues to be striven after in the job. The greatest of them all is security. All else must be subordinated to that.
  2. Security consists not only in avoiding big risks. It consists in carrying out daily tasks with painstaking remembrance of the tiny things that security demands. The little things are in many ways more important than the big ones. It is they which oftenest give the game away. It is consistent care in them, which form the habit and characteristic of security mindedness.
  3. In any case, the man or woman who does not indulge in the daily security routine, boring and useless though it may sometimes appear, will be found lacking in the proper instinctive reaction when dealing with the bigger stuff.
  4. No matter how brilliantly given an individual, no matter how great his goodwill, if he is lacking in security, he will eventually prove more of a liability than asset.
  5. Even though you feel the curious outsider has probably a good idea that you are not what you purport to be, never admit it. Keep on playing the other part. It’s amazing how often people will be led to think they were mistaken. Or at least that you are out ‘in the other stuff’ only in a very mild way. And anyhow, a person is quite free to think what he likes. The important thing is that neither by admission or implication do you let him know.
  6. Security, of course, does not mean stagnation or being afraid to go after things. It means going after things, but reducing all the risks to a minimum by hard work.
  7. Do not overwork your cover to the detriment of your jobs; we must never get so engrossed in the latter as to forget the former.
  8. Never leave things lying about unattended or lay them down where you are liable to forget them. Learn to write lightly; the “blank” page underneath has often been read. Be wary of your piece of blotting paper. If you have to destroy a document, do so thoroughly. Carry as little written matter as possible, and for the shortest possible time. Never carry names or addresses en clair. If you cannot carry them for the time being in your head, put them in a species of personal code, which only you understand. Small papers and envelopes or cards and photographs, ought to be clipped on to the latter, otherwise they are liable to get lost. But when you have conducted an interview or made arrangements for a meeting, write it all down and put it safely away for reference. Your memory can play tricks.
  9. The greatest vice in the game is that of carelessness. Mistakes made generally cannot be rectified.
  10. The next greatest vice is that of vanity. Its offshoots are multiple and malignant.
  11. Besides, the man with a swelled head never learns. And there is always a great deal to be learned.
  12. Booze is naturally dangerous. So also is an undisciplined attraction for the other sex. The first loosens the tongue. The second does likewise. It also distorts vision and promotes indolence. They both provide grand weapons to an enemy.
  13. It has been proved time and again, in particular, that sex and business do not mix.
  14. In this job, there are no hours. That is to say, one never leaves it down. It is lived. One never drops one’s guard. All locations are good for laying a false trail (social occasions, for instance, a casual hint here, a phrase there). All locations are good for picking something up, or collecting…for making a useful acquaintance.
  15. In a more normal sense of the term “no hours,” it is certainly not a business where people put their own private arrangements before their work.
  16. That is not to say that one does not take recreation and holidays. Without them it is not possible to do a decent job. If there is a real goodwill and enthusiasm for the work, the two (except in abnormal circumstances) will always be combined without the work having to suffer.
  17. The greatest material curse to the profession, despite all its advantages, is undoubtedly the telephone. It is a constant source of temptation to slackness. And even if you do not use it carelessly yourself, the other fellow, very often will, so in any case, warn him. Always act on the principle that every conversation is listened to, that a call may always give the enemy a line. Naturally, always unplug during confidential conversations. Even better is it to have no phone in your room, or else have it in a box or cupboard.
  18. Sometimes, for quite exceptional reasons, it may be permissible to use open post as a channel of communications. Without these quite exceptional reasons, allowing of no alternative, it is to be completely avoided.
  19. When the post is used, it will be advisable to get through post boxes; that is to say, people who will receive mail for you and pass it on. This ought to be their only function. They should not be part of the show. They will have to be chosen for the personal friendship which they have with you or with one of your agents. The explanation you give them will depend on circumstances; the letters, of course, must be apparently innocent incontinence. A phrase, signature or embodied code will give the message. The letter ought to be concocted in such fashion as to fit in with the recipient’s social background. The writer ought therefore to be given details of the post boxes assigned to them. An insipid letter is in itself suspicious. If however, a signature or phrase is sufficient to convey the message, then a card with greetings will do.
  20. Make a day’s journey, rather than take a risk, either by phone or post. If you do not have a prearranged message to give by phone, never dial your number before having thought about your conversation. Do not improvise even the dummy part of it. But do not be too elaborate. The great rule here, as in all else connected with the job, is to be natural.
  21. If you have phoned a line or a prospective line of yours from a public box and have to look up the number, do not leave the book lying open on that page.
  22. When you choose a safe house to use for meetings or as a depot, let it be safe. If you can, avoid one that is overlooked by other houses. If it is, the main entrance should be that used for other houses as well. Make sure there are no suspicious servants. Especially, of course, be sure of the occupants. Again, these should be chosen for reasons of personal friendship with some member of the organization and should be discreet. The story told to them will once again depend on circumstances. They should have no other place in the show, or if this is unavoidable, then calls at the house should be made as far as possible after dark.
  23. Always be yourself. Always be natural inside the setting you have cast for yourself. This is especially important when meeting people for the first time or when traveling on a job or when in restaurants or public places in the course of one. In trains or restaurants people have ample time to study those nearest them. The calm quiet person attracts little attention. Never strain after an effect. You would not do so in ordinary life. Look upon your job as perfectly normal and natural.
  24. When involved in business, look at other people as little as possible, and don’t dawdle. You will then have a good chance of passing unnoticed. Looks draw looks.
  25. Do not dress in a fashion calculated to strike the eye or to single you out easily.
  26. Do not stand around. And as well as being punctual yourself, see that those with whom you are dealing are punctual. Especially if the meeting is in a public place; a man waiting around will draw attention. But even if it is not in a public place, try to arrive and make others arrive on the dot. An arrival before the time causes as much inconvenience as one after time.
  27. If you have a rendezvous, first make sure you are not followed. Tell the other person to do likewise. But do not act in any exaggerated fashion. Do not take a taxi to a house address connected with your work. If it cannot be avoided, make sure you are not under observation when you get into it. Or give another address, such as that of a café or restaurant nearby.
  28. Try to avoid journeys to places where you will be noticeable. If you have to make such journeys, repeat them as little as possible, and take all means to make yourself fit in quietly with the background.
  29. Make as many of your difficult appointments as you can after dark. Turn the blackout to good use. If you cannot make it after dark, make it very early morning when people are only half awake and not on the lookout for strange goings-on.
  30. Avoid restaurants, cafes and bars for meetings and conversations. Above all never make an initial contact in one of them. Let it be outside. Use abundance of detail and description of persons to be met, and have one or two good distinguishing marks. Have a password that can be given to the wrong person without unduly exciting infestation.
  31. If interviews cannot be conducted in a safe house, then take a walk together in the country. Cemeteries, museums and churches are useful places to bear in mind.
  32. Use your own judgment as to whether or not you ought to talk to chance travel or table companions. It may be useful. It may be the opposite. It may be of no consequence whatsoever. Think, however, before you enter upon a real conversation, whether this particular enlargement of the number of those who will recognize and spot you in the future is liable or not to be a disadvantage. Always carry reading matter. Not only will it save you from being bored, it is protective armor if you want to avoid a conversation or to break off an embarrassing one.
  33. Always be polite to people, but not exaggeratedly so. With the following class of persons who come to know you — hotel and restaurant staffs, taxi drivers, train personnel etc., be pleasant. Someday, they may prove useful to you. Be generous in your tips to them, but again, not exaggeratedly so. Give just a little more than the other fellow does – unless the cover under which you are working does not permit this. Give only normal tips. however, to waiters and taxi drivers, etc., when you are on the job. Don’t give them any stimulus, even of gratification, to make you stick in their minds. Be as brief and casual as possible.
  34. Easiness and confidence do not come readily to all of us. They must be assiduously cultivated. Not only because they help us personally, but they also help to produce similar reactions in those we are handling.
  35. Never deal out the intense, the dramatic stuff, to a person before you have quietly obtained his confidence in your levelheadedness.
  36. If you’re angling for a man, lead him around to where you want him; put the obvious idea in his head, and make the suggestion of possibilities come to him. Express, if necessary – but with great tact — a wistful disbelief in the possibilities at which you are aiming. “How fine it would be if only someone could… but of course, etc. etc.” And always leave a line of retreat open to yourself.
  37. Never take a person for granted. Very seldom judge a person to be above suspicion. Remember that we live by deceiving others. Others live by deceiving us. Unless others take persons for granted or believe in them, we would never get our results. The others have people as clever as we; if they can be taken in, so can we. Therefore, be suspicious.
  38. Above all, don’t deceive yourself. Don’t decide that the other person is fit or is all right, because you yourself would like it to be that way. You are dealing in people’s lives.
  39. When you have made a contact, till you are absolutely sure of your man — and perhaps even then — be a small but eager intermediary. Have a “They” in the background for whom you act and to whom you are responsible. If “They” are harsh, if “They” decide to break it off, it is never any fault of yours, and indeed you can pretend to have a personal grievance about it. “They” are always great gluttons for results and very stingy with cash until “They” get them. When the results come along, “They” always send messages of congratulation and encouragement.
  40. Try to find agents who do not work for money alone, but for conviction. Remember, however, that not by conviction alone, does the man live. If they need financial help, give it to them. And avoid the “woolly” type of idealist, the fellow who lives in the clouds.
  41. Become a real friend of your agents. Remember that he has a human side so bind him to you by taking an interest in his personal affairs and in his family. But never let the friendship be stronger than your sense of duty to the work. That must always be impervious to any sentimental considerations. Otherwise, your vision will be distorted, your judgment affected, and you may be reluctant, even, to place your men in a position of danger. You may also, by indulgence toward him, let him endanger others.
  42. Gain the confidence of your agents, but be wary of giving them more of yours than is necessary. He may fall by the way side; he may quarrel with you; it may be advisable for a number of reasons to drop him. In that case, obviously, the less information he possesses, the better. Equally obviously, if an agent runs the risk of falling into the hands of the enemy, it is unfair both to him and the show to put him in possession of more knowledge than he needs.
  43. If your agent can be laid off work periodically, this is a very good thing. And during his rest periods, let him show himself in another field and in other capacities.
  44. Teach them at least the elements of technique. Do not merely leave it to his own good judgment, and then hope for the best. Insist, for a long time at least, on his not showing too much initiative, but make him carry out strictly the instructions which you give him. His initiative will he tested when unexpected circumstances arise. Tell him off soundly when he errs; praise him when he does well.
  45. Do not be afraid to be harsh, or even harsh with others, if it is your duty to be so. You are expected to be likewise with yourself. When necessity arises neither your own feelings not those of others matter. Only the job — the lives and safety of those entrusted to you — is what counts.
  46. Remember that you have no right to expect of others what you are not prepared to do yourself. But on the other hand, do not rashly expose yourself in any unnecessary displays of personal courage that may endanger the whole shooting match. It often takes more moral courage to ask another fellow to do a dangerous task than to do it yourself. But if this is the proper course to follow, then you must follow it.
  47. If you have an agent who is really very important to you, who is almost essential to your organization, try not to let them know this. Infer, without belittling him, that there are other lines and other groups of a bigger nature inside the shadow, and that — while he and his particular group are doing fine work — they are but part of a mosaic.
  48. Never let your agent get the bit between his teeth and run away with you. If you cannot manage it easily yourself, there are always the terrible “They.”
  49. But if your agent knows the ground on which he is working better than you, always be ready to listen to his advice and to consult him. The man on the spot is the man who can judge.
  50. In the same way, if you get directives from HQ, which to you seem ill-advised, do not be afraid to oppose these directives. You are there for pointing things out. This is particularly so if there is grave danger to security without a real corresponding advantage for which the risk may be taken. For that, fight anybody with everything you’ve got.
  51. If you have several groups, keep them separate unless the moment comes for concerted action. Keep your lines separate; and within the bounds of reason and security, try to multiply them. Each separation and each multiplication minimizes the danger of total loss. Multiplication of lines also gives the possibility of resting each line, which is often a very desirable thing.
  52. Never set a thing really going, whether it be big or small, before you see it in its details. Do not count on luck. Or only on bad luck.
  53. When using couriers, who are in themselves trustworthy — (here again, the important element of personal friendship ought to be made to play its part) — but whom it is better to keep in the dark as to the real nature of what they are carrying, commercial smuggling will often provide an excellent cover. Apart from being a valid reason for secrecy, it gives people a kick and also provides one with a reason for offering payment. Furthermore, it involves a courier in something in which it is in his own personal advantage to conceal.
  54. To build this cover, should there be no bulk of material to pass, but only a document or a letter, it will be well always to enclose this properly sealed in a field dummy parcel with an unsealed outer wrapping.
  55. The ingredients for any new setup are: serious consideration of the field and of the elements at your disposal; the finding of one key man or more; safe surroundings for encounter; safe houses to meet in; post boxes; couriers; the finding of natural covers and pretext for journeys, etc.; the division of labor; separation into cells; the principal danger in constructing personal friendships between the elements (this is enormously important); avoidance of repetition.
  56. The thing to aim at, unless it is a question of a special job, is not quick results, which may blow up the show, but the initiation of a series of results, which will keep on growing and which, because the show has the proper protective mechanism to keep it under cover, will lead to discovery.
  57. Serious groundwork is much more important than rapid action. The organization does not merely consist of the people actively working but the potential agents whom you have placed where they may be needed, and upon whom you may call, if need arises.
  58. As with an organization, so with a particular individual. His first job in a new field is to forget about everything excepting his groundwork; that is, the effecting of his cover. Once people label him, the job is half done. People take things so much for granted and only with difficulty change their sizing-up of a man once they have made it. They have to be jolted out of it. It is up to you to see that they are not. If they do suspect, do not take it that all is lost and accept the position. Go back to your cover and build it up again. You will at first puzzle them and finally persuade them.
  59. The cover you choose will depend upon the type of work that you have to do. So also will the social life in which you indulge. It may be necessary to lead a full social existence; it may be advisable to stay in the background. You must school yourself not to do any wishful thinking in the sense of persuading yourself that what you want to do is what you ought to do.
  60. Your cover and social behavior, naturally, ought to be chosen to fit in with your background and character. Neither should be too much of a strain. Use them well. Imprint them, gradually but steadfastly on people’s minds. When your name crops up in conversation they must have something to say about you, something concrete outside of your real work.
  61. The place you live in is often a thorny problem. Hotels are seldom satisfactory. A flat of your own where you have everything under control is desirable; if you can share it with a discreet friend who is not in the business, so much the better. You can relax into a normal life when you get home, and he will also give you an opportunity of cover. Obviously the greatest care is to be taken in the choice of servants. But it is preferable to have a reliable servant than to have none at all. People cannot get in to search or fix telephones, etc. in your absence. And if you want to not be at home for awkward callers (either personal or telephonic), servants make that possible.
  62. If a man is married, the presence of his wife may be an advantage or disadvantage. That will depend on the nature of the job — as well as on the nature of the husband and wife.
  63. Should a husband tell his wife what he is doing? It is taken for granted that people in this line are possessed of discretion and judgment. If a man thinks his wife is to be trusted, then he may certainly tell her what he is doing — without necessarily telling her the confidential details of particular jobs. It would be fair to neither husband nor wife to keep her in the dark unless there were serious reasons demanding this. A wife would naturally have to be coached in behavior in the same way as an agent.
  64. Away from the job, among your other contacts, never know too much. Often you will have to bite down on your vanity, which would like to show what you know. This is especially hard when you hear a wrong assertion being made or a misstatement of events.
  65. Not knowing too much does not mean not knowing anything. Unless there is a special reason for it, it is not good either to appear a nitwit or a person lacking in discretion. This does not invite the placing of confidence in you.
  66. Show your intelligence, but be quiet on anything along the line you are working. Make others do the speaking. A good thing sometimes is to be personally interested as “a good patriot and anxious to pass along anything useful to official channels in the hope that it may eventually get to the right quarter.”
  67. When you think a man is possessed of useful knowledge or may in other ways be of value to you, remember that praise is acceptable to the vast majority of men. When honest praise is difficult, a spot of flattery will do equally well.
  68. Within the limits of your principles, be all things to all men. But don’t betray your principles. The strongest force in your show is you. Your sense of right, your sense of respect for yourself and others. And it is your job to bend circumstances to your will, not to let circumstances bend or twist you.
  69. In your work, always be in harmony with your own conscience. Put yourself periodically in the dock for cross examination. You can never do more than your best; only your best is good enough. And remember that only the job counts — not you personally, excepting satisfaction of a job well done.
  70. It is one of the finest jobs going. no matter how small the part you play may appear to be. Countless people would give anything to be in it. Remember that and appreciate the privilege. No matter what others may do, play your part well.
  71. Never get into a rut. Or rest on your oars. There are always new lines around the corner, always changes and variations to be introduced. Unchanging habits of work lead to carelessness and detection.
  72. If anything, overestimate the opposition. Certainly never underestimate it. But do not let that lead to nervousness or lack of confidence. Don’t get rattled, and know that with hard work, calmness, and by never irrevocably compromising yourself, you can always, always best them.
  73. Lastly, and above all — REMEMBER SECURITY.

PS. The above points are not intended for any cursory, even interested, glance. They will bear — each of them — serious attention, and at least occasional re-perusal. It is probable, furthermore, that dotted here and there among them will be found claims that have particular present application for each person who reads them. These, naturally, are meant to be acted upon straightaway.”

EOF

[Dutch] IVD-en en bevoegdheden: een blik vanuit het veiligheidsperspectief

Privacy en veiligheid zijn complexe thema’s. Dat bewijst zich in debat over de Nederlandse inlichtingen- en veiligheidsdiensten, zoals over het concept-wetsvoorstel Wiv20xx. In het zeer leeswaardige rapport Veiligheid en privacy – Een zoektocht naar een nieuwe balans (.pdf, 2007, Muller, Kummeling en Bron) staan tien handvatten voor debat over vraagstukken die zowel vanuit privacyperspectief als veiligheidsperspectief kunnen worden bezien. Twee van die handvatten luiden “betrek beide thema’s in het debat” en “durf elkaars ambassadeur te zijn”. Dat betekent (bijvoorbeeld) dat bij een debat over uitbreiding van bevoegdheden niet alleen aandacht nodig is voor de mogelijke ongewenste effecten van die uitbreiding, maar ook voor de mogelijke ongewenste effecten van het uitblijven daarvan. Posts op dit blog zijn relatief vaak opgesteld vanuit het eerste perspectief. In deze post wordt vanuit het veiligheidsperspectief gekeken. Dat doe ik in de vorm van twee citaten: één van Bob de Graaff uit zijn artikel De Nederlandse inlichtingen- en veiligheidsdiensten: nooit te oud om te leren (2011; mirror) en één van de minister van Defensie uit een commissievergadering die in februari 2015 plaatsvond.

De Graaff beschrijft in zijn artikel beknopt de geschiedenis van de Nederlandse inlichtingen- en veiligheidsdiensten. De laatste twee paragrafen beschrijven ontwikkelingen bij de diensten en hun werkveld in de periode 1990-2011. In het licht van het concept-wetsvoorstel Wiv20xx vind ik de afsluitende alinea een belangrijke:

Het grootste gevaar is dat in het huidige veiligheidsklimaat de diensten te star en bureaucratisch opereren tegen tegenstanders die voor een deel in staat zijn tot een veel grotere organisatorische flexibiliteit, die profiteren van het feit dat zij sneller leren van de zich wijzigende omstandigheden en die steeds minder mensen nodig hebben om een steeds grotere mate van vernietiging teweeg te brengen.

Hierbij de twee laatste alinea’s uit het artikel van De Graaff:

[…]
1990-nu: dynamiek en onzekerheid

Het was duidelijk dat de dienst aan verandering toe was. Het koppel minister Dales (van Binnenlandse Zaken) en BVD-hoofd Docters van Leeuwen schudde begin jaren negentig de dienst op. Onderdeel daarvan was een grotere transparantie blijkende uit jaarverslagen en incidentele rapporten. Aan het begin van het volgende decennium, in 2002 kwam een nieuwe wet op de inlichtingen- en veiligheidsdiensten tot stand, die tot de dag van vandaag geldt. Deze wet was onder meer noodzakelijk doordat het Europese Hof van Justitie had bepaald dat de klachtprocedure ten aanzien van inlichtingen- en veiligheidsdiensten in Nederland onvoldoende geregeld was en onvoldoende duidelijk was wie wanneer welke inzet van bijzondere inlichtingenmiddelen tegen zijn of haar persoon kon verwachten. De wet bezegelde voorts de inmiddels tot stand gekomen samenwerking van de afzonderlijke militaire inlichtingen- en veiligheidsdiensten in de Militaire Inlichtingen- en Veiligheidsdienst (MIVD). Omdat gebleken was dat Nederland het toch niet zonder een civiele inlichtingendienst kon stellen, werd bovendien de inlichtingendienst voor het buitenland geïntegreerd in de veiligheidsdienst, waardoor de BVD veranderde in Algemene Inlichtingen- en Veiligheidsdienst (AIVD). Dat was een weinig gelukkige combinatie gezien de geheel verschillende disciplines die inlichtingen en veiligheidswerk vergen.

Niettemin leek dit alsnog goed uit te pakken aangezien de dreiging van het islamistisch terrorisme zich manifesteerde. Internationaal gezien opmerkelijk vroeg, signaleerde de – toen nog – BVD het gevaar daarvan in een openbaar rapport. Aanvankelijk werd deze signalering cynisch begroet: ging het hier misschien om een nieuwe vorm van werkverschaffing? De aanslagen door al-Qa’ida van 11 september 2001 in de Verenigde Staten, gevolgd door aanslagen in Madrid, Istanbul en Londen, stelden de dienst echter in het gelijk.

Het veiligheidsklimaat veranderde door deze aanslagen drastisch. Het budget en de bevoegdheden van de diensten werden sterk uitgebreid. In de jaren zeventig en tachtig was in de ogen van velen een goede veiligheidsdienst nog een dienst geweest die zo weinig mogelijk wist over de Nederlandse burgers, maar vooral in de nasleep van de moorden op Fortuyn (2002) en Van Gogh (2004) en de aanslag op Koninginnedag 2009 won de opvatting dat een veiligheidsdienst in Nederland niet genoeg kon weten over zijn burgers aan kracht.

Het islamistisch terrorisme bleek meer dan voorgaande vormen van terrorisme transnationaal van aard en er bestonden verbanden tussen binnen- en buitenlandse radicalen. In 2010 bepleitte het toenmalige hoofd van de AIVD bij de presentatie van het jaarverslag van de dienst daarom voor meer buitenlandse spionage onder het motto van forward defense. Opvallend was daarbij dat het diensthoofd niet aan de orde stelde hoe in dit geval de taakverdeling moest zijn met de MIVD. De taakgebieden die hij noemde (Irak, Afghanistan, Jemen en Somalië) leken nu juist op het bordje van de militaire dienst te liggen. Een ander heikel punt tussen beide diensten betrof de samenwerking ten aanzien van de Nationale Sigint Organisatie (NSO). Een ander punt waarop AIVD en MIVD het met elkaar eens zullen moeten worden betreft cyber intelligence, een onderwerp dat de laatste jaren snel aan belangstelling heeft gewonnen.
Verder lag het de AIVD zwaar op de maag dat na de aanslagen in Madrid het instituut van Nationaal Coördinator Terrorismebestrijding (NCTb) in het leven was geroepen. Dit was weliswaar geen ‘derde dienst’ naast de AIVD en de MIVD, maar de NCTb beschikte wel over een eigen analyseafdeling en had gemakkelijk toegang tot de ministerraad. Het monopolie op de civiele inlichtingenanalyse was daardoor verloren gegaan. Anders dan misschien verwacht kwam de NCTb niet verzwakt, maar juist getalsmatig versterkt uit de kabinetsformatie van dat jaar tevoorschijn. De NCTb kreeg nu de coördinatie voor veiligheid in algemene zin en veranderde in de Nationaal Coördinator Terrorismebestrijding en Veiligheid (NCTV). Daarnaast is er nog de roep bij de politie om, los van ondersteunende activiteiten ten behoeve van de AIVD, ook zelf aan inlichtingenvergaring te doen in het kader van intelligence led policing.

Terwijl de behoefte aan internationale samenwerking is toegenomen in het kader van de bestrijding van terrorisme, constateerde de commissie-Davids naar het regeringsbeleid met betrekking tot de oorlog in Irak dat Nederland niet al te zeer afhankelijk mocht zijn van buitenlandse inlichtingen. Die conclusie was natuurlijk zeer welkom in een tijd van bezuinigingen, maar er blijft een zekere spanning bestaan tussen nationale onafhankelijkheid op het terrein van inlichtingen en internationale samenwerking.

De toekomst

De politiek-maatschappelijke acceptatie van inlichtingen- en veiligheidsdiensten is de afgelopen jaren sterk toegenomen, maar daarmee ook de publieke en politieke aandacht voor hun werk. Geregeld ontstaan te hoge verwachtingen van het werk van diensten: ‘Satellieten zien toch alles’ en ‘Zo iemand kun je toch voortdurend volgen’. Een belangrijke taak van de diensten zal daarom moeten zijn: het bevorderen van educatie, voorlichting en een sterk verwachtingenmanagement.

Dreigingen komen van meerdere, soms nauwelijks te verwachten kanten en (bijvoorbeeld bij cyber security) met een tot nu toe ongekende snelheid. In combinatie met de maatschappelijke druk zal er sneller informatie aan afnemers beschikbaar worden gesteld, iets wat nu al blijkt uit het toegenomen aantal zogeheten ambtsberichten van de diensten. Die snelheid zal mogelijk afbreuk doen aan kwaliteit en betrouwbaarheid. Tegelijkertijd moeten inlichtingen- en veiligheidsdiensten steeds meer concurreren met organisaties die early warning afgeven op basis van volledig open informatie. Om die concurrentie het hoofd te kunnen bieden, zouden inlichtingen- en veiligheidsdiensten een soort betrouwbaarheids- of kwaliteitsoordeel kunnen uitspreken over concrete informatie. Dat staat echter weer haaks op de snelheid van aanlevering. Het zal interessant zijn om te zien hoe die spanning wordt opgeheven.

Er zal een voortgaande neiging zijn om analyses methodischer te maken en deels te automatiseren. Dat kan niet anders in een tijdperk waarin op informatie gebaseerde organisaties tenonder dreigen te gaan aan information overload. Tegelijk moet er ruimte blijven om met behulp van verbeeldingskracht en intuïtie te werk te gaan, want tegenstanders zullen juist vaak proberen te verrassen door het ondenkbare of onmogelijk geachte te doen.

De Nederlandse diensten moeten ervan uitgaan dat de dynamiek in hun taakomgeving waarschijnlijk alleen nog maar meer zal toenemen, dat zij weliswaar groot zijn geworden ten tijde van de Koude Oorlog, maar dat dat een unieke tijd was met bipolariteit en grote voorspelbaarheid, die routines mogelijk maakte. De toekomst vereist een lerend vermogen van de diensten, wat betekent dat ook individuele medewerkers in staat moeten zijn op meta-niveau hun eigen werkwijze te bezien. Het is de vraag of de diensten thans zodanig gestructureerd zijn dat zij het personeel daartoe in staat stellen en of het vertrouwen in het eigen personeel ook aanwezig is in het licht van enkele recente integriteitsincidenten onder medewerkers.

Het grootste gevaar is dat in het huidige veiligheidsklimaat de diensten te star en bureaucratisch opereren tegen tegenstanders die voor een deel in staat zijn tot een veel grotere organisatorische flexibiliteit, die profiteren van het feit dat zij sneller leren van de zich wijzigende omstandigheden en die steeds minder mensen nodig hebben om een steeds grotere mate van vernietiging teweeg te brengen.

Ten tweede een selectie van woorden die de minister van Defensie uitsprak tijdens de vergadering van de cie-BZK+Defensie dd 10 februari 2015 over de kwestie van ongerichte interceptie van kabelcommunicatie (markering is van mij):

[…]

Het is ook een feit dat in het digitale tijdperk waarin wij nu leven, de opbrengst van klassieke interceptiemethoden onmiskenbaar afneemt. De opkomst van mobiele communicatiemiddelen en complexe netwerken hebben daartoe geleid. Dat heeft gevolgen. Gevolgen als wij de wet niet technologieonafhankelijk maken. Gevolgen omdat wij cyberdreigingen mogelijk niet tijdig onderkennen. Gevolgen omdat Nederlandse militairen op missie mogelijk minder goed kunnen worden beschermd en ondersteund. Gevolgen omdat terroristische activiteiten mogelijk niet tijdig worden onderkend. Gevolgen omdat de werkelijke intenties van risicolanden, bijvoorbeeld op het gebied van massavernietigingswapens, verborgen blijven. Gevolgen omdat we niet in staat zijn om bij snel opkomende crises in het buitenland snel een toereikende informatiepositie op te bouwen. Gevolgen omdat de ontvreemding van intellectueel eigendom, vitale economische informatie en staatsgeheimen mogelijk onopgemerkt blijft.

Dan geef ik enkele voorbeelden die in het bijzonder gelden voor de MIVD, zoals het goed ondersteunen van militairen op missies. Daar hecht ik zeer aan. Ik moet overigens enigszins met meel in de mond praten, want er is altijd een rubriceringsniveau. Ook in gebieden in Afrika, het Midden-Oosten en Azië, waar Nederlandse militairen optreden, verloopt telecommunicatie steeds vaker via kabelnetwerken. As we speak, worden die kabelnetwerken aangelegd op land en in zee. Het gebruik van het internet en mobiele devices neemt ook in de gordel van instabiliteit explosief toe. Zelfs in en nabij conflictgebieden worden generaties aan telecommunicatiemiddelen overgeslagen en worden in een hoog tempo moderne en breedbandige netwerken aangelegd.

Dan kom ik op een ander punt waar ik zeer aan hecht, namelijk het tegengaan van de proliferatie van massavernietigingswapens. Het zicht op de intenties en de activiteiten van landen die mogelijk streven naar het bezit van massavernietigingswapen is de afgelopen tijd echt aanzienlijk gekelderd, door de overschakeling op andere, zeer waarschijnlijk kabelgebonden communicatievormen. Hiervan is geen woord gelogen. We moeten daar niet naïef in zijn. Pogingen om bijvoorbeeld in Nederland dual-use goederen te verwerven, kunnen eveneens onzichtbaar blijven. Ook daar hebben we voorbeelden van.

Dan kom ik op het tegengaan van digitale spionage en digitale sabotage in Nederland en met betrekking tot Nederlandse belangen. Vrijwel alle cyberdreigingen verlopen inmiddels via het kabelnetwerk. Het gaat daarbij bijvoorbeeld om malware van staten die uit zijn op Nederlandse staatsgeheimen en bedrijfsgeheimen of om malware van groeperingen of individuen die de groeiende afhankelijkheid van overheden en bedrijven van digitale systemen willen benutten om de nationale vitale infrastructuur te ontwrichten. Het zijn niet zomaar kleine dingen, het zijn grote zaken.

Vervolgens kom ik op het ondersteunen van de cyberoperaties van de krijgsmacht in het buitenland. Wellicht hebt u vernomen dat wij hebben besloten tot het instellen van een cybercommando dat niet alleen defensief maar ook offensief kan optreden. Dat kan alleen maar mogelijk worden gemaakt als er toegang is tot de kabel.

Je moet ook de militair-technische ontwikkelingen onderkennen. De informatiepositie van de MIVD is aanwijsbaar verslechterd als gevolg van het verplaatsen van het communicatieverkeer naar de kabel. Ik heb eerder gezegd dat de dienst doof en blind aan het worden is en ik herhaal het hier. Het stond deze week ook in de krant. De indruk wordt nu gewekt dat Nederland massaal zal worden afgeluisterd, maar niets is minder waar. Ik heb een paar concrete voorbeelden genoemd, hoewel ik niet helemaal tot in detail kan gaan, die er echt toe doen voor de informatiepositie van Nederland, de bescherming van de staatsveiligheid en onze belangen in het buitenland. Ik hoop dat ik daarmee de urgentie hiervan voor het voetlicht heb gebracht.

De minister noemde hier dus de volgende voorbeelden van gevolgen van het uitblijven van ongerichte interceptie van kabelcommunicatie (deze beslaan zowel werkgebied van de MIVD als de AIVD):

  • cyberdreigingen worden mogelijk niet tijdig onderkend;
  • Nederlandse militairen op missie kunnen mogelijk minder goed worden beschermd en ondersteund;
  • terroristische activiteiten worden mogelijk niet tijdig onderkend;
  • de werkelijke intenties van risicolanden, bijvoorbeeld op het gebied van massavernietigingswapens, blijven verborgen (N.B.: Hennis trok tijdens de vergadering vooral een ernstig gezicht bij het uitspreken van deze woorden: “Het zicht op de intenties en de activiteiten van landen die mogelijk streven naar het bezit van massavernietigingswapen is de afgelopen tijd echt aanzienlijk gekelderd, door de overschakeling op andere, zeer waarschijnlijk kabelgebonden communicatievormen. Hiervan is geen woord gelogen.”)
  • we zijn niet in staat zijn om bij snel opkomende crises in het buitenland snel een toereikende informatiepositie op te bouwen;
  • de ontvreemding van intellectueel eigendom, vitale economische informatie en staatsgeheimen blijft mogelijk onopgemerkt.

Aan elk argument zal óók informatie ten grondslag liggen die voor de buitenstaander niet bekend en/of niet te controleren is, met name op het gebied van methoden, bronnen en (praktische, financiële en personele) beperkingen van de diensten. Wel kan je als buitenstaander trachten om bij elk voorbeeld op basis van openbare c.q. algemeen bekende informatie aannemelijk te maken dat bestaande bevoegdheden niet toereikend zijn, en dat in redelijkheid kan worden gesproken van noodzaak van ongerichte search/interceptie van kabelcommunicatie in binnen- en/of buitenland. (De bewijslast voor het aantonen van noodzaak blijft natuurlijk bij de overheid.)

Zo kan voor het eerste voorbeeld — het onderkennen van digitale dreigingen — worden betoogd dat het in het kader van contraspionage noodzakelijk is om signature-based en anomaly-based malware/intrusion detection uit te voeren (bijvoorbeeld middels DPI-systemen), en dat daar zonder Artikel 33+34 Wiv20xx onvoldoende juridische ruimte voor bestaat. Aanvullend kan worden betoogd dat omdat kennis van de toegepaste anomaly-based methoden en (vooral) de gebruikte signatures zeer gevoelige informatie kan betreffen, deze niet bekend moet zijn bij derden (zoals ISPs en organisaties die in potentie doelwit kunnen zijn van spionage), en het daarom onwenselijk is de intrusion detection (decentraal) bij derden te beleggen.

Voor wie meer wil weten over het veiligheidsperspectief, en leeswerk niet schuwt:

Specifiek met betrekking tot signals intelligence is het blog van Peter Koop (@electrospaces) zeer de moeite waard: daar geeft Koop kritische duidingen en analyses van (onder andere) NSA- en GCHQ-documenten die (onder andere) via Snowden openbaar zijn geworden. Zie daar bijvoorbeeld de post NSA’s Foreign Partnerships (2014, laatste update: maart 2015). En ProPublica publiceerde een overzicht (2014) van NSA-programma’s die via Snowden zijn onthuld, geordend naar bulk vs. targeted en domestic vs. foreign.

EOF

Outlines of the Dutch General Intelligence & Security Service (AIVD) Year Plan for 2016

On December 16th 2015, the Dutch government submitted a “year plan letter” to the House of Representatives that covers the outlines of the General Intelligence & Security Service (AIVD) priorities in 2016. It is a follow-up to, and references, the first-ever year plan letter, submitted on June 23rd 2015. A translation of that earlier letter is available here.

The remainder of this post consists of a translation of the paragraphs that describe the focus areas regarding intelligence. Links, parts in [], typos and translation errors are mine.

[…]

National security and the role of the AIVD

Security is a core task of the government. The AIVD ensures national security by timely identification of threats, (political) developments and risks that are not immediately visible. To this end, the AIVD carries out domestic and foreign investigations, taking into account the safeguards of the Dutch Security & Intelligence Act of 2002 (.pdf) (Wiv2002). Collecting and interpreting intelligence is not an objective on and by itself. It is an essential condition to thwart terrorist attacks, disrupt terrorist traveling, detect espionage, and, more generally, support government policy to protect the democratic rule of law and other important state interests. The AIVD shares specific knowledge and information with its partners (for instance public administrators, policy makers, the National Police) and instigates other organizations to act.

Integrated Intelligence & Security Policy [Dutch: “Geïntegreerde Aanwijzing I&V”]

On June 23rd 2015 I informed the House of Representatives about the priorities and accents of the AIVD in 2015 (Parliamentary Papers 30 977, nr. 119), for the first time on the basis of an Integrated Intelligence & Security Policy. This Integrated Policy describes the intelligence needs of various intelligence consumers and is the basis for the year plans of the AIVD and the Military Intelligence & Security Service (MIVD). The Integrated Policy also takes into account prior budgets increases appointed by the government for the multi-year budget of the AIVD. The priorities and accents laid down in my letter of June 23rd are largely continued in 2016, because the Integrated Policy lays down the intelligence need for multiple years. At the same time it must be observed that worrying developments keep taking place within various existing areas of interest. The threat concerning jihadist terrorism, the instability at the borders of Europe, the large increase of migration flows and the changes in global power relations require undiminished attention and efforts within the AIVD’s investigations.

Priorities and accents of AIVD investigations

Concerning the legal tasks of the AIVD, insight is given below into the (changed) priorities and accents that are put central in 2016 in each focus areas:

Jihadist terrorism

The Netherlands has a terrorist threat level that is qualified as “substantial” since March 2013. In my letter of June 23rd I describe the current developments concerning jihadist terrorism, such as regarding the threat from jihadists from the Netherlands that have traveled abroad, jihadist groups that have an international agenda, and the increasing role of old transnational networks. I also state that different, unrelated elements can come together, such as mavericks, sympathizers, diffuse local networks, and relations or inspirations with other networks and groups. These threats remain current. The tragic events in Paris on November 13rd emphasize this. The efforts of the AIVD therewith remain focused, undiminished, on the timely identification of said national and international jihadist threats, to provide relevant government organizations with perspectives to act. Furthermore, the efforts are focused on preventing Dutch youngster from traveling to conflict zones and on the timely identification of the threat from (returned) jihadist fighters. In addition, the AIVD attempts to disrupt the supportive and recruiting activities regarding participation in violent international jihad. Especially concerning this topic, active cooperation takes place with domestic and foreign organizations, including the NCTV, the National Police, the Public Prosecution Service, municipalities, and Child Protective Services. International cooperation takes place with various foreign intelligence & security services, and within Europe, operational information is frequently exchanged within the Counter Terrorist Group (CTG). In the Spring of 2016, the AIVD chairs the CTG, and the AIVD has prioritized the further intensification of this cooperation.

Migration flows

The AIVD investigates possible security risks for the Netherlands and Dutch interests as result of the strongly increased migration flows to Europe. This investigation takes place from the perspectives mentioned above, including (jihadist) terrorism, radicalization, left-wing and right-wing extremism and tensions between groups inside the Netherlands. Investigation into specific countries also takes place. Where necessary, the progress of these investigation is discussed at the national and international level with the AIVD’s partners.

Radicalization

In the coming years, radicalization of various groups inside the Netherlands remains a cause for concern. The persisting international tensions provide a breeding group that, in combination with the national situation and personal circumstances, in the near future keeps resulting in a climate in which radicalization takes place. The recent AIVD/NCTV publication “Salafism in the Netherlands, diversity and dynamics” provides the most recent insight in the anti-democratic and intolerant character of parts of the salafist spectrum, combined with the risks for the democratic rule of law that is associated with their growth as observed by the AIVD.

The AIVD emphasized that the threat that stems from (the growth of) radical islam in the Netherlands is twofold: on the one hand, it can result in violence in the form of jihadist terrorism. On the other hand, it can by itself pose a threat to the democratic rule of law, because of the intolerant and anti-democratic thoughts that are spread. The AIVD investigates both types of threats. The investigation of persons and organizations that propagate jihadist thoughts helps in getting timely insight into jihadists, and thereby facilitates the AIVD’s investigation of jihadist terrorism. The investigation into non-jihadist radical islam helps, among others, the NCTV, the local governments, and other relevant organizations in taking measures against individuals who instigate others into anti-integrative and intolerant isolationism.

Left-wing and right-wing extremism

With regard to the investigation of left-wing and right-wing extremism, the developments and related priorities and accents described in my letter of June 23rd remain in place. The investigatory efforts regarding this area of interest will be continued in 2016. The interpretation of the factual threat that the AIVD attributes to left-wing and right-wing extremism is essential in providing the NCTV and local and national authorities with perspectives for acting.

Proliferation of WMDs

WMDs are potentially a great threat to international peace and security. The Netherlands has signed international treaties focused on preventing the proliferation of such weapons. The joint Unit Counter-Proliferation of the AIVD and MIVD investigates countries that are suspected of developing WMDs and means of transmission, or already posses those, in violation of these treaties. The priorities for the (joint) investigation by both services remain in place for 2016.

Investigation of countries

The AIVD’s investigation of countries is carried out to provide the government with background information and perspectives for acting and to use in discussion on topics that affect the Dutch national and international political interests. This investigation is increasingly closely related to the AIVD’s security tasks. Countries regarding which a joint intelligence need is laid down for the AIVD and MIVD in the Integrated Policy are investigated in close (operational) cooperation and consultation with the MIVD. The intelligence need laid down in the Integrated Policy for investigation of countries remains unchanged in 2016.

(Digital) espionage and cyber threats

The intelligence need concerning foreign intelligence activities inside the Netherlands (espionage) or aimed against the Dutch interests remains unchanged in 2016. The investigation is aimed at identifying undesired activities and disrupting those, or by providing perspectives to act to the relevant authorities. Concerning digital espionage, anonymity and profitability of digital attacks provides unprecedented new possibilities for perpetrators and their clients to serve their political and/or economical interests. Examples of observed digital attacks, aimed at espionage and gathering sensitive and valuable information, are numerous and the threat and (potential) damage is great. It can also involve digital attacks aimed at sabotage or societal disruption. The AIVD investigates such cyber attacks and works closely together with the MIVD, the National Cyber Security Center (NCSC) and the NCTV.

[…further paragraphs omitted from translation concern the recruitment of new employees, the draft Dutch intelligence bill, security screenings, budget stuff, co-location of AIVD & MIVD at Frederikskazerne in The Hague, IT and accountability…]

(signed by Ronald Plasterk, the Minister of Internal Affairs & Kingdom Relations)

EOF

Full translation of the Dutch government’s statement on encryption

UPDATE 2016-01-20: during a General Meeting on cyber security, the state secretary for Security & Justice, Klaas Dijkhoff,  confirmed (in Dutch; see) that the Dutch government does not seek weakening encryption: “yes, we are serious about that”.

TL;DR: on January 4th 2016, the Dutch government stated that it will, at this time, not take restrictive legal measures considering the development, availability and use of encryption within the Netherlands. Some things to keep in mind:

  • they explicitly state ‘at this time’ — the possibility remains that their position changes in the future;
  • current Dutch law provides some forms of compelled decryption:
    • first, two provisions exist in intelligence law regarding targeted hacking and targeted interception.
      • The targeted interception power requires prior approval from the minister: if the minister approves a request for targeted interception, the services can then themselves compel “anyone” to help decrypt the intercepted communication;
      • The targeted hacking power (currently) does not require prior approval from the minister; the services can themselves decide to hack a system and to compel “anyone” to help decrypt data;
      • Note: the law does not forbid the use of the compelled decryption powers against a target, but for obvious reasons — e.g. maintaining operational secrecy — it seems likely the compelled decryption powers will typically only be used against third parties, for instance a provider, a roommate, etc.;
    • second, one provision exists in the code of criminal procedure (criminal law) regarding access to a secured computer as part of a criminal investigation. The law forbids the use of this power against a suspect (because of nemo tenetur, i.e., the right to not self-incriminate);
  • in July 2015, the Dutch government proposed compelled decryption for untargeted (bulk) interception in a draft intelligence bill (intelligence law). The draft bill is currently being revised and is expected to be submitted to the House of Representatives by the end of Q1/2016. AFAIK it is expected that the final bill, that will be debated in the House of Representatives, will still include the new decryption provision. The status of the bill can be viewed here;
  • in December 2015, the Dutch government stated they cancelled the decryption provision in the final version of a cybercrime bill (more) (part of criminal law) which would have granted LE the power to, after approval from a magistrate (but not a court), compel suspects of certain “very serious criminal offenses” to decrypt their data under penalty three years imprisonment or a fine of up to ~20k euro. The stated reason for the cancellation: incompatibility with nemo tenetur. Why the government initially included this provision in the draft cybercrime bill — notably following a rather critical study by professor Bert-Jaap Koops — but now cancelled it in the final cybercrime bill, is not clear (to me). The status of the bill can be viewed here.

On January 4th 2016, the Dutch government released a statement on encryption. It is covered by El Reg. Here is a full, unofficial translation of that statement (~1600 words; hyperlinks and parts in [] were added by me):

Government position on encryption

We hereby submit the government position on encryption. This fulfills promises made during the General Meeting of the Telecom Council of June 10th 2015 (Parliamentary Papers 2014-2015, 21501-33, nr. 552) and the General Meeting of the JHA Council of October 7th 2015.

Introduction

Encryption is increasingly easy to obtain and use, and increasingly common in regular data communication. The government, the private sector and citizens increasingly use encryption to protect the confidentiality and integrity of communication and stored data. That is important for public trust in digital products and services, and for the Dutch economy, in the light of the rapidly developing digital society. At the same time, encryption obstructs access to information necessary for prosecution services and intelligence & security services when malicious persons (such as criminals and terrorists) use it. The recent attacks in Paris, where the terrorists possibly used encrypted communications, lead to the justified question what is needed to provide these services with proper insight into attack planning, and to maintain that insight.

The duality described in the previous paragraph was also heard in the public debate in the past months about the dilemmas of the use of encryption. The House [of Representatives; i.e., the lower house] has also discussed this. During the General Meeting of the Telecom Council it was asked what the government intends to do regarding the promotion of strong encryption. Besides that, the House requested the government to establish a position on encryption.

Next, the importance of encryption for the system and information security of the government and the private sector, and for the constitutional protection of privacy and confidential communication, will be discussed. The importance of prosecution of serious criminal offenses and the protection of national security will be laid down. Finally, after weighing of the interests, a conclusion is drawn.

The Dutch situation can not be discussed without taking into account the international context. Software for strong encryption is increasingly available world-wide, and is already integrated in products or services. Considering the broad availability and use of advanced encryption techniques, and the cross-border nature of data traffic, options to act at a national level are limited.

Importance of encryption for the government, private sector and citizens

Cryptography plays a key role in technical security in the digital domain. Many cyber security measures in organizations depend strongly on the use of encryption. Secure storage of passwords, the protection of laptops against loss or theft, and the secure storage of backups are more difficult without the use of encryption. The protection of data transferred via the internet, for instance during internet banking, is only possible through the use of encryption. Due to the connectedness of systems and the global branches and various paths that communication can travel, the risk of interception, breach, access or manipulation of information and communication is always present.

The government increasingly communicates with citizens via digital means, and provides services where confidential data is exchanged, such as the use of DigiD [a national authentication system that Dutch citizens can use to log in to the IRS, the cadastre, their municipality, etc.] or declaring taxes. As stated in the coalition agreement of 2012, citizens and companies should be able to carry out their interactions with the government entirely digitally by 2017. The government has the responsibility to ensure that confidential data is protected against access by third parties: encryption is indispensable for this. The protection of communication within the government also depends on encryption, such as the security of the exchange of diplomatic messages, and military communication.

For companies, encryption is essential to store and transfer business information securely. The ability to use encryption strengthens the international competitiveness of the Netherlands, and promotes an attractive climate for businesses and innovation, including startups, data centers and cloud computing. Trust in secure communication and storage of data is essential for the (future) growing potential of the Dutch economy, that mainly resides in the digital economy.

Encryption supports the protection of privacy and the confidentiality of citizens’ communications, because it provides them with a means to protect the confidentiality and integrity of personal data and communications. This is also important for exercising the right to free speech. It enables citizens, but also persons who hold an important democratic profession, such as journalists, to communicate confidentially.

Encryption thus enables everyone to ensure the confidentiality and integrity of communication, and defend against, for instance, espionage and cyber crime. Fundamental rights and freedoms, as well as security interests and economic interests, benefit from this.

Encryption, prosecution services and intelligence & security services

The investigatory powers and means available to the services, must be equipped for the present and future digital reality. Effective, lawful access to data promotes the security of the digital and physical world. Encryption used by malicious persons hinders access to data by the prosecution services and intelligence & security services. The services experience these barriers for instance when they investigate the distribution and storage of child pornography, while supporting military missions abroad, while countering cyber attacks, and when they want to gain and maintain insight into terrorists who are planning attacks. Criminals, terrorists and opponents in armed conflicts are often aware that they can attract attention of the services, and also posses advanced encryption methods that are difficult to circumvent or break. The use of such methods requires little technical knowledge, because encryption is often integral part of the internet services that they too can use. That complicates, delays, or makes it impossible to gain (timely) insight in communication for the purpose of protecting national security and the purpose of prosecuting criminal offenses. Furthermore, court hearings and the providing of evidence in court for a conviction can be severely hindered.

The right to privacy and confidentiality of citizens’ communication

As mentioned before, the use of encryption supports citizens in ensuring privacy and confidentiality of their communication. Said lawful access to data and communication by prosecution services and intelligence & security services constitutes a breach of the confidentiality of citizens’ communication.

Confidentiality of communication involves the constitutional protection for privacy and the right to protection of correspondence [letters, snail mail], telephone communication and telegraph communication (hereafter: ‘confidentiality of communications’). These constitutional rights are laid down in, respectively, Article 10 and Article 13 of the Dutch constitution. Besides that, these fundamental rights are laid down in Article 8 ECHR and Article 7 and Article 8 of the Charter of Fundamental Rights of the EU (insofar EU law is affected).

The protection of constitutional rights applies to the digital world. Said constitutional regulations and international regulations provide the framework to counter unlawful breaches. Said rights are not absolute, meaning that limitations can be established insofar they meet the requirements set by the Dutch constitution and the ECHR (and insofar European Union law is affected, the EU Charter). A limitation is permissible when it serves a legitimate purpose, is established by law, and the limitation is foreseeable and cognizable [=transparent]. Furthermore, the limitation must be necessary in a democratic society. Finally, the infringement must be proportional, which means that the government’s purpose of the infringement must be proportional in relation to the infringement on the right to privacy and/or the right to confidentiality of communications.

These requirements provide the framework for weighing the interests involved in encryption, such as the right to privacy and the right to confidentiality of communications, public and national security, and the prevention of criminal offenses. This framework, insofar it involves the special powers of the intelligence & security services, is also laid down in the Intelligence & Security Act of 2002 (‘Wiv2002’, Article 18 and Article 31). The obligations [for third parties] to cooperate with decryption laid down in the Wiv2002 (Article 24, third paragraph, and Article 25, seventh paragraph) and in the Code of Criminal Procedure (‘WvSv’, Article 126m, sixth member) can be invoked if the related special powers are exercised after such weighing.

Discussion and conclusion

Nowadays it is increasingly less often possible to break encryption. Furthermore, it is increasingly less often possible to demand unencrypted data from service providers. Increasingly often, modern uses of encryption mean that data is processed by the service providers only in encrypted form. Considering the importance of investigation and prosecution, and the interests involved with national security, these developments necessitate the search for new solutions.

Currently, there is no outlook on possibilities to, in a general sense, for instance via standards, weaken encryption products without compromising the security of digital systems that use encryption. For instance by introducing a technical doorway [=backdoor, exceptional access] in an encryption product that would enable prosecution services to access encrypted files, digital systems can become vulnerable to criminals, terrorists and foreign intelligence services. This would have undesirable consequences for the security of communicated and stored information, and the integrity of IT systems, which are increasingly important to the functioning of society.

In carrying out their legal tasks, prosecution services and intelligence & security services are partially relying on cooperation from providers of IT products and services. Given this dependence, consultation is necessary with providers regarding effective data provisioning in case of the use of their services by malicious persons, while taking into account everyone’s role and responsibilities, as well as the legal frameworks.

Given this discussion, we draw the following conclusion:

The government has the duty to protect the security of the Netherlands and to prosecute criminal offenses. The government emphasizes the necessity of lawful access to data and communication. Furthermore, governments, companies and citizens benefit from maximum security of digital systems. The government endorses the importance of strong encryption for internet security, for supporting the protection of citizens’ privacy, for confidential communication by the government and companies, and for the Dutch economy.

Therefore, the government believes that at this time it is not desirable to take restricting legal measures concerning the development, availability and use of encryption within the Netherlands. The Netherlands will propagate this conclusion, and the arguments that underlie it, internationally [recall: the Netherlands holds the Presidency of the Council of the EU in the first half of 2016; priorities (see slide 2) for the JHA Council include cybersecurity and efforts to tackle cybercrime, and priorities for the EU-US ministerial JHA meeting include data protection, PNR data, counterterrorism and jihadism]. Regarding the promotion of strong encryption, the Minister of Economic Affairs will follow-up on the intent of the amendment (Parliamentary Papers 2015-2016, 34300 XIII, nr.10) on the budget of the Ministry of Economic Affairs [=grant EUR 500k to OpenSSL].

(signed by the Minister of Security & Justice and the Minister of Economic Affairs)

Further reading:

  • 2016-01-14: French government rejects crypto backdoors as “the wrong solution” (Ars Technica)
  • 2016-01-06: The Father of Online Anonymity Has a Plan to End the Crypto War (Wired). Wired is reporting on David Chaum’s plan to end the crypto war with PrivaTegrity, a backdoor scheme that requires cooperation between nine server administrators from nine countries. Chaum reportedly developed it “as a side project for the last two years along with a team of academic partners at Purdue, Radboud University in the Netherlands, Birmingham University and other schools”. Recall this sentence in the above translation of the Dutch gov’t statement on encryption: “Currently, there is no outlook on possibilities to, in a general sense, for instance via standards, weaken encryption products without compromising the security of digital systems that use encryption“. It is unclear (to me) whether the authors of the Dutch gov’t statement were aware of Chaum’s idea at the time they wrote that sentence. For details on Chaum et al.’s “cMix” scheme, see cMix: Anonymization by High-Performance Scalable Mixing (.pdf, 2016). [UPDATE 2016-01-08: here is a critical view on PrivaTegrity that suggests the human/geopolitical problems surrounding the use of such a system will fail.]
  • 2015-12-08: The second crypto war is not about crypto (Jaap-Henk Hoepman aka @xotoxot)

EOF