Month: November 2013

Interception of telecommunications by the AIVD: rules and regulations (new on AIVD website)

Today the AIVD added (in English) the below content to its website. Don’t forget that oversight on Dutch SIGINT is still broken. The AIVD states that regarding mass interception of non-cablebound communications (for SIGINT purposes) it “must present a well-founded request to the minister”. From the CTIVD oversight reports it is clear that the AIVD has been failing to do so in the period 2008-2013.

Interception of telecommunications by the AIVD: rules and regulations

The interception of telecommunications by secret services is surrounded by myths and misunderstandings. What is interception according to the Dutch intelligence services and what kinds of interception do we define? What does the law say? By whom and how are the Dutch intelligence services supervised?
Telecommunications have always been a vital source of information in the world of intelligence and security services. And the importance has only increased further, because, just like everyone else, those subject to investigation by the AIVD increasingly use telecommunications and Internet services. In the old days telecommunications mainly consisted of landlines, fax machines and radio links. With the introduction of the Internet and mobile telephones the number of possibilities increased exponentially, including the use of wireless networks, text messaging, chat rooms, etc.

Telecommunications can take place in three ways:

  • via a wireless connection (non cable-bound), also called ether communication (e.g. mobile telephony and satellite links);
  • via cable (glass fibre and copper connections);
  • via a combination of the two.

Content and metadata

Telecommunications consist of the message (content) and all the data added for the purpose of transport (metadata), such as a telephone number, an IP number, an email address or location data.

Intercepting telecommunications first and foremost means collecting metadata. Metadata is less substantial in size and can be analysed more quickly. In addition, gathering metadata is a less serious privacy infringement. Analysis of the metadata shows whether the matching content of traffic may be relevant for AIVD investigations.
Most data is irrelevant for AIVD investigations. If, based on a carefully designed assessment trajectory, the data does prove to be important, the Minister of the Interior and Kingdom Relations must be asked for permission to also look at the content.

What does the law say?

The Intelligence and Security Services Act 2002 (Wiv 2002) gives the AIVD special investigative powers to intercept, store and search telecommunications, and to gain access to the content, but there are restrictions.

Mass interception versus targeted interception of telecommunications

There are various differences between mass interception and targeted interception of telecommunications.

Mass interception of telecommunications (non cable-bound/ether traffic):
  • The interception does not require prior permission.
  • You do not yet know who or what you are looking for.
  • Telecommunications of several users are intercepted, not just of potentially interesting people or organisations.
  • You do not yet know all the characteristics, such as the mobile telephone number and/or email address of a person or organisation.
  • You expect to find relevant communications in certain communication streams regarding specific topics, people or organisations.
Targeted interception of telecommunications (cable-bound and non cable-bound):
  • This requires prior permission.
  • You know who or what you are looking for: the communications of person or organisation ‘x’.
  • You possess unique characteristics, such as a mobile telephone number and/or email address of person ‘x’.
  • You are allowed to look at the content of the telecommunications.

Cable-bound versus non cable-bound

The difference between intercepting cable-bound and non cable-bound communications has been explained above. In practice, however, telecommunications run both via cable and in the ether. A telephone call to Australia does not run via a single ‘line’, for instance, but is usually transmitted via a ‘collection of wired and ether connections’. Whether telecommunications run via cable or not is irrelevant for content, range or type of communication means. The AIVD is permitted to mass intercept non cable-bound communications only.


The parameters for approved targeted and mass interception of telecommunications have been standardised in detail by law.

Mass interception of telecommunications (non cable-bound)

Mass interception of telecommunications, for example by means of satellites, does not require the approval of the minister, because its content is not being processed and thus -according to the law- does not infringe the secrecy of correspondence, which includes telephone and telegraph.

Within the bulk of data, which is acquired through mass interception, subsequently a selection can be made to isolate the telecommunications traffic pertaining to one specific person or organisation. Such a selection requires approval of the minister because it infringes on personal privacy. After the selection has been made the content of the communications may be disclosed. (Article 27, Wiv 2002).

The AIVD must present a well-founded request to the minister.

The request must state the reason why it is necessary to employ this special power, whether the invasion of privacy merits the intended result (proportionality) and whether the information cannot be acquired in a different, less invasive, manner (subsidiarity).

Targeted interception of telecommunications

The AIVD is also allowed to intercept, receive, store, research and take knowledge of the content of targeted telecommunications. Within specific parameters the AIVD is authorised to tap public telecommunications networks and services including Internet traffic in real time; the classic eavesdropping (Article 25 Wiv 2002).
A request for targeted interception also must show that the AIVD can substantiate the necessity, proportionality and subsidiarity of the means to be deployed.


The AIVD is supervised by the independent Committee on the Intelligence and Security Services (CTIVD). The CTIVD oversees whether the AIVD’s (and the MIVD’s) activities are lawful. The CTIVD has also investigated the manner in which the AIVD and MIVD deploy mass interception (Signal Intelligence). The reports pertaining to this subject are accessible on the Committee’s site.
In addition, the Committee on the Intelligence and Security Services (CTIVD) of the Lower House is responsible for the parliamentary supervision of the intelligence and security services. This committee is comprised of the Lower House chairpersons of the parliamentary parties.


Reading notes on `Evaluating the Quality of Intelligence Analysis: By What (Mis) Measure?’ (Stephen Marrin, 2012)

UPDATE 2017-03-22: related reading: “How good is your batting average?” Early IC Efforts To Assess the Accuracy of Estimates by Jim Marchio, in Studies in Intelligence Volume 60, Number 4 (December 2016).

These are my reading notes concerning `Evaluating the Quality of Intelligence Analysis: By What (Mis) Measure?‘ (Stephen Marrin, 2012).

Marrin provides an exposition of the problem of evaluating the quality of intelligence analysis. Marrin first discusses three measures that are employed for retrospective evaluation of the quality of intelligence analysis:

  • Accuracy;
  • Preventing surprise;
  • Influence on policy.

According to Marrin, all measures are problematic, and considering the inevitability of intelligence failures, evaluation of intelligence quality should not rely on absolute measures (e.g. black/white: something is accurate or inaccurate) but be oriented toward relative measures and `improving on the margins’.

Below are snippets from various sections of Marrin’s paper that I keep here for my own purposes. Emphasis is mine.


“One way to evaluate intelligence analysis is according to an accuracy standard. (…) However, while using accuracy as an evaluative criterion is simple in theory, actually comparing the analysis to ground truth and determining whether the analysis was accurate or inaccurate can be very difficult to implement in practice.

First, there is the presence of qualifiers in the analysis. Uncertainty is part of the intelligence production process. (…) When precise information is desired, such as the condition of a country’s WMD program, a CIA analyst cobbles together bits and pieces of information to form a picture or story and frequently discovers many gaps in the data. As a result, an intelligence analyst’s judgment frequently rests on a rickety foundation of assumptions, inferences and educated guesses.

Caveats and qualifiers are necessary in finished intelligence as a way to communicate analytic uncertainty.  Intelligence agencies would be performing a disservice to policymakers if their judgments communicated greater certainty than the analysts possessed.


Words such as ‘probably’, ‘likely’ and ‘may’ are scattered throughout intelligence publications and prevent easy assessment of accuracy.


Removing caveats for sake of simplicity in assessing intelligence accuracy also unfairly removes the record of analytic uncertainty and, in the end, assesses something with which the analyst never would have agreed. For example, if an analyst says that a coup is likely to occur in a foreign country within six months, and the coup happened 12 months later, would that analysis be accurate or inaccurate?


In addition, the analytic judgment could not be considered completely accurate nor completely inaccurate; it is somewhere in between. It is for this reason that the then-Director of Central Intelligence George Tenet said: ‘In the intelligence business, you are almost never completely wrong or completely right’.


In addition, even if accurate analysis was produced, a ‘self-negating prophecy’ resulting from analysis produced within a decision cycle could occur. This means that intelligence analysis can help change what may happen in the future, making the analysis inaccurate. (…) This causal dynamic exists for all intelligence issues including political, economic, and scientific due to the nature of the intelligence mission.”

Preventing surprise

“Like accuracy, another absolute standard for evaluating analytic quality involves the prevention of decision-maker surprise. By describing, explaining, evaluating, and forecasting the external environment, intelligence analysts facilitate decision-maker understanding to the point that decision-makers are not surprised by the events that take place. When decision-makers are surprised, by definition there must have been an intelligence failure since it failed to achieve its objective; preventing surprise.

The problem with this expectation, of course, is that surprise is ever present in international relations. Many surprises are the intentional result of adversaries who employ secrecy to hide their intentions. Secrecy in policy creation and implementation magnifies the effectiveness of power application internationally because, when done successfully, the intended target has little or no time to effectively counter the respective policy. (…)

(…) According to Christopher Andrew: ‘Good intelligence diminishes surprise, but even the best cannot possibly prevent it altogether. Human behavior is not, and probably never will be, fully predictable’. Richard Betts, in his article on the inevitability of intelligence failure, suggests that policies should be implemented in such a way as to be able to withstand the inevitability of surprise, with ‘tolerance for disaster’. (…)”

Betts and Shifting the Standard from Absolute to Relative

“Richard Betts has made the greatest contributions to shifting the evaluative metric from the unattainable ideal of accuracy to something more realistic with his argument that intelligence failures, consisting of either inaccuracy or surprise, are inevitable. Betts’ argument is a sophisticated one which acknowledges that (1) the analytic task is really difficult; and (2) anything done to ‘fix’ or reform perceived problems will lead to other problems. (…)

Betts is primarily responding to earlier efforts to eliminate failure by identifying causes of inaccuracy or surprise and then trying to eliminate them one by one. Many causes of failure have been identified, including an individual analyst’s cognitive limitations, and as a result ‘analysis is subject to many pitfalls – biases, stereotypes, mirror-imaging, simplistic thinking, confusion between cause and effect, bureaucratic politics, group-think, and a host of other human failings’, according to Ron Garst and Max Gross. Many efforts to identify causes of failure then proceed to produce recommendations for ways to eliminate them.

Betts, on the other hand, does not believe failure can be eliminated. According to Betts, failure results from paradoxes of perception that include the impossibility of perfect warning, and the distortion of analysis due to motivated biases resulting from organizational or operational goals. Another source of analytic inaccuracy, according to Betts, is a byproduct of the inherent ambiguity of information, which is related to the limitations of intelligence analysis due to the inductive fallacy which Klaus Knorr highlighted in 1964.

(…) Betts’ conclusion that failure will be inevitable has become the consensus among intelligence scholars. (…)

(…) Yet at the same time Betts says that failure can become less frequent on the margins and also has recommendations for how policymakers can make the inevitable failures less costly or significant.”

The Batting Average Metaphor

“Metaphors from baseball are frequently employed by scholars to frame the evaluation of intelligence performance precisely because many useful inferences can be derived from them. For example, the difference between the fielding percentage, where most anything less than perfection is an error, and a batting average, which provides more room for error without condemnation, highlights the importance of the standard used to evaluate relative performance. In addition, the use of the batting average metric also makes it clear that it is relative success versus an opposing force in the context of a competition where the fates of the batters will, as Betts says, ‘depend heavily on the quality of the pitching they face’. The fact that relative success or failure is contingent on the skill of the opposition has clear parallels in the world of intelligence.”

Using Decision-makers’ Evaluative Framework

“(…) Intelligence analysis is regularly ignored by decision-makers, and frequently has limited to no impact on the decisions they make.

As a result, a new kind of theory or model more effectively explaining what happens at the intersection of intelligence analysis and decision-making has been developed. It conceptualizes the purpose of intelligence as to ensure that decision-makers’ power is used as effectively and efficiently as possible, with the purpose of intelligence analysis being to integrate and assess information as a delegated, subordinate, and duplicative step in a decision-making process. This conceptualization privileges the role of the decision-maker in the assessment process over that of the analyst, thus turning the standard model in its head.

(…) Unfortunately, this emphasis on the significance of the decision-maker in evaluating the analytic product has not been universally embraced by scholars, practitioners, or the general public. Instead, more simplistic measures such as accuracy or surprise tend to predominate the discussion of intelligence performance as a way of characterizing failures. Yet evaluating intelligence analysis using the decision-makers’ perspective could be important since, as Kuhns suggests, the decision-maker is ‘the only person whose opinion really matters’. If decision-makers find the analysis informative, insightful, relevant or useful, then the intelligence analysis has succeeded whereas if the decision-makers are left unsatisfied then the analysis has failed.

Intelligence analysis can be evaluated based on the decision-maker’s perception of its relevance, influence, utility or impact. First, there is intelligence analysis that is relevant to decision-makers. (…) Second, there is intelligence analysis that is influential in terms of shaping or influencing the decision-maker’s judgment on a particular issue. (…) Third, there is intelligence analysis that is useful – which also has to be relevant by definition – and could indicate analysis that is either useful in the sense of improving judgment (i.e. influential) or useful in the sense of achieving policy outcomes, or both.

Asking for feedback from decision-makers may be a way to evaluate the analysis’ relevance, influence on judgment or utility, but doing so can be fraught with peril. Policymaker satisfaction with intelligence analysis is a notoriously fickle and idiosyncratic metric. Decision-makers may not be satisfied with intelligence analysis if it conflicts with their own biases, assumptions, policy preferences, or conveys information that indicates a policy may be failing. (…)

(…) Unfortunately, as Ford goes on to say, reason is not the only factor that drives policymaking. Instead, ‘all kinds of forces go into their making of policy, not excluding timidity, ambition, hubris, misunderstandings, budgetary ploys, and regard for how this or that policy will play in Peoria’.

Clarifying Purpose and Improving on the Margins

“In the end, there is no single metric or standard used to evaluate intelligence analysis, and different people use different standards. This highlights an even more significant issue: the reason that different standards are used is because there is no consensus in either the practitioner’s or scholar’s camp regarding the purpose of intelligence analysis.Some believe that the purpose of intelligence analysis is to be accurate; others believe the purpose is to prevent surprise; while yet others believe the purpose is to be influential or useful. If the intelligence analysis does not meet any of these criteria, then failure is the descriptor that is frequently used.

But the fact that different kinds of failures really represent different normative visions of what intelligence analysis is supposed to accomplish is not acknowledged by most participants. Despite the fact that intelligence analysis has existed as a function of government for decades, both practitioners and scholars have failed to develop a consensus on or even acknowledge differences of opinion regarding exactly what it is supposed to do.

If the failure is determined to be inaccuracy, is the implicit expectation perfection? If the failure is one of surprise, is the implicit expectation omniscience? If the failure is one of lack of influence, to what degree is that more of a policy failure than an intelligence failure? These are questions that both scholars and practitioners should make explicit when they discuss the quality of intelligence analysis and the causes of intelligence failure.

Perhaps the goal of policy should be trying to improve intelligence analysis across the board by improving accuracy, preventing surprise and increasing the value of the product for the decision-maker. But even this will not eliminate failures altogether. As Betts has said, echoing Knorr before him, we should focus on improving performance on the margins – raising the batting average by 50 points, or raising the level of liquid in the glass – not achieving perfection or omniscience.


Finally, understanding and improving intelligence analysis may also require clarifying what we believe the purpose of intelligence analysis is, or what the purposes of intelligence analysis are, and how to best achieve them. Rather than focusing on and studying failure, perhaps trying to achieve success will do more to improve the quality of intelligence analysis than trying to eliminate failure.”


Reading notes on ethics of intelligence collection: the `Just Intelligence Principles’ (Ross Bellaby, 2012)

For my own purposes I hereby post some reading notes from What’s the Harm? The Ethics of Intelligence Collection ($, 2012) by Ross Bellaby.

Bellaby states:

“If liberal democracies are to be seen abiding by the rules, norms and ideals to which they subscribe, then so must their intelligence communities.
At the centre of the topic of ‘intelligence ethics’, often ridiculed as ‘oxymoronic’, is the tension between the belief that ‘there are aspects of the intelligence business, as practised by all major countries, that seem notably disreputable’, and the argument that ‘without secret intelligence we will not understand sufficiently the nature of some important threats that face us’; that political communities have an ethical obligation to act so as to protect its people.”

Bellaby proposes an ethical framework for intelligence collection, building from primum non nocere — the Hippocratic injunction of “first, do no harm”. Next, Bellaby states (emphasis is mine):

“The first step in establishing an ethic against harm begins with the realization that individuals have certain requirements that are both ‘vital’ to their well- being and vulnerable to external interference. These ‘vital interests’ are the prerequisites or preconditions that must be maintained if individuals are to fulfil their ultimate goals and aspirations. Joel Feinberg calls these requirements ‘welfare interests’. John Rawls calls them ‘primary goods’. Essentially they amount to the same thing – that is, regardless of what one’s conception of the good life might be, these preconditions must be first satisfied in order to achieve them. These interests include individuals’ physical and mental integrity, their autonomy, liberty, sense of self-worth and privacy. Without these vital interests any individual is unable to pursue other ultimate interests, purposes, goals or plans. Of such fundamental importance are these interests to the individual that they have intrinsic value. Damaging them can therefore cause harm regardless of the repercussions. That is, even if on balance the individual does not experience the harm in a ‘tangible and material’ way, s/he can still be said to be harmed if the vital interests are violated or wronged. In this way, these interests are a person’s most important ones and thus demand protection. (…)”

Bellaby then identifies the following `vital interests’ of humans:

  • Physical integrity: “for example, (…) what sort of physical treatment potentially dangerous suspects can expect.”
  • Mental integrity : concerns “actions that can cause debilitating levels of stress or anxiety to the individual.”
  • Autonomy: “the capacity for self-rule”; “one must be able to decide for oneself, without external manipulation or interference, what shape one’s own life will take.”
  • Liberty: “closely connected to the concept of autonomy”. “Whereas autonomy is the freedom to decide one’s will, liberty is the freedom from constraints on acting out that will.”
  • Human Dignity as Amour-propre: A Sense of One’s Own Self-Worth: how individuals view themselves and how others view them. “Confidence in one’s self-worth is so fundamental that without it one can become unable to continue or realize endeavours that are needed to fulfil one’s aspirations. Without self-respect individuals feel worthless; nothing ‘seems worth doing’, activities become ‘empty and vain’ and people ‘sink into apathy and cynicism’.”
  • Privacy: in context of intelligence collection, two concepts are “of particular relevance”: privacy as boundaries and privacy as control. “Boundaries mark out areas where outside intrusion is unwelcome. (…) In comparison, privacy as control is the right of individuals to control those things pertaining to themselves, that is, ‘the control we have over information about ourselves’ or the ‘control over one’s personal affairs’.”

Regarding harm to privacy, Bellaby states the following:

“However, by intercepting another’s communications, their privacy is violated. This is because, first, the activity involves intercepting and utilizing without consent information that is essentially the individual’s property, and second, by violating a sphere with a strong expectation that the individual is ‘in’ private, represented by the clear distinction between the ‘inside’ of the communication where the message exists and the ‘outside’ where the rest of society exists.”

Regarding surveillance (dataveillance, CCTV, data mining, covert surveillance), he states:

“By collecting individual personal information in this way, an individual’s privacy and autonomy is violated. The individual’s privacy is violated in that the information collected is the individual’s personal property; it pertains to their actions and personal details. By collecting and collating this information, the individual’s right to control and keep it private is violated.”

In order to limit the harm done to vital human interests by intelligence collection, and outline exactly when harm is justified, Bellaby proposes the following `just intelligence principles’ as an ethical framework for intelligence collection:

  • Just cause: there must be a sufficient threat to justify the harm that might be caused by the intelligence collection activity.

    “Thomas Aquinas argued that for a war to be just there must be some reason or injury to give cause, namely that ‘those who are attacked must be attacked because they deserve it on account of some fault’. Currently, international law frames ‘self-defence’ as the main justification for going to war.”


  • Authority: there must be legitimate authority, representing the political community’s interests, sanctioning the activity.

    “For a war to be considered morally permissible according to the just war tradition it must be authorized by the right authority, that is, those who have the right to command by virtue of their position. As Aquinas stated, ‘the ruler for whom the war is to be fought must have the authority to do so’ and ‘a private person does not have the right to make war’. (…) Similarly, one can argue that in order for intelligence collection to be just, there must be a legitimate authority present to sanction the harms that can be caused.”


  • Intention: the means should be used for the intended purpose and not for other (political, economic, social) objectives.

    “Leaders must be able to justify their decisions, noting that they had the right intentions; ‘for those that slip the dogs of war, it is not sufficient that things turn out for the best’.”

    “Another implication of this principle is reflected in the current debate on personal information databases and how crossover information collection should be restricted. If information is collected – DNA, fingerprints, personal data for example – under a just cause with the appropriate degree of evidence, but was incidentally connected to another crime, then the information can be used since the original just cause and correct intention was present. This would be analogous to finding illegal goods incidentally while performing a legal search. However, what is not permissible is to use a just cause such as tax fraud to justify the collection and retention of DNA, as this type of information is unrelated and is not reflecting the original just cause, clearly outside what should be the correct intention.”

  • Proportion: the harm that is perceived to be caused should be outweighed by the perceived gains.

    “One can argue that, for the intelligence collection to be just, the level of harm that one perceives to be caused, or prevented, by the collection should be outweighed by the perceived gains.”

  • Last resort [=subsidiarity]: less harmful acts should be attempted before more harmful ones are chosen.

    “In order for an intelligence collection means to be just, it must only be used once other less or none harmful means have been exhausted or are redundant.”

  • Discrimination: There should be discrimination between legitimate and illegitimate targets.

    “The principle of discrimination for the just intelligence principles therefore distinguishes between those individuals without involvement in a threat (and thereby protected), and those who have made themselves a part of the threat (and by so doing have become legitimate targets). According to the degree to which an individual has assimilated himself, either through making himself a threat or acting in a manner that forfeits his rights, the level of harm which can be used against him will alter.”

The first five principles are borrowed from jus ad bellum, Just War Theory. That theory includes Likelihood of Success as a sixth criterium; for Just Intelligence, Bellaby replaced it with Discrimination.

For full context, always read the original document. (Which I’m sorry to say is paywalled in this case.)



Letter from Minister Plasterk to Dutch Senate on NSA, privacy and economic espionage

UPDATE 2013-11-27: here (.pdf, Nov 27) is the EU Report on the Findings by the EU Co-chairs of the ad hoc EU-US Working Group on Data Protection — i.e., the EU-US expert group established in response to the revelations about NSA-related activities on European territory that is referred to in the post below.

On November 15th, the Dutch Minister of the Interior and Kingdom Relations, Ronald Plasterk, sent a letter (in Dutch) to the Dutch Senate. The letter addresses questions concerning the impact of the Snowden revelations on ongoing TAFTA negotiations and EU Data Protection negotiations, and mentions SWIFT. Below is my translation. Parts in [] are mine.

WARNING: this is an unofficial translation.

Date: November 15th 2013 Subject: NSA, privacy and (economic) espionage

1. Did the revelations of Mr. Snowden come as a surprise to the government?

Original Dutch: “1. Kwamen de onthullingen van de heer Snowden voor de regering als een verrassing?

2. Has the government thoroughly informed itself about the significance of the revelations of Mr. Snowden for the constitutional protection of the privacy of citizens?

Yes. The government is committed to careful and adequate protection of personal data. This is a point of attention in the bilateral discussions currently taking place with the U.S. government in response to the revelations about the NSA. The Minister of Foreign Affair already expressed his concerns about the NSA’s activities to his American colleague Kerry, and I spoke with the director of the NSA. The Netherlands also assesses the initiative of Germany and France to reach agreements with the Americans as positive, has contacted with both countries, and will make an active contribution where possible.

An EU-US expert group exists that is deliberating on protecting the privacy and electronic data of citizens. The aim of this expert group is to gain insight into each other’s programs and how they are anchored in the rule of law.

Also, the State Secretary of Security and Justice and I are actively involved in the negotiations on the new EU legislation on the protection of privacy. The significance of the revelations of Mr. Snowden will be included in this.
Also see the answer to question 3.

Original Dutch: “2. Heeft de regering zich diepgaand op de hoogte gesteld van de betekenis van de onthullingen van de heer Snowden voor de grondrechtelijke bescherming van de persoonlijke levenssfeer van de burgers?
Ja. Het Kabinet hecht aan zorgvuldige en deugdelijke bescherming van persoonsgegevens. Dit is een punt van aandacht in de gesprekken die momenteel bilateraal worden gevoerd met de Amerikaanse overheid naar aanleiding van de onthullingen over de NSA. Zo heeft de minister van Buitenlandse Zaken reeds zijn zorgen over de activiteiten van de NSA overgebracht aan zijn Amerikaanse collega Kerry en heb ik gesproken met de directeur van de NSA. Daarnaast beoordeelt Nederland het initiatief van Duitsland en Frankrijk om te komen tot afspraken met de Amerikanen als positief, heeft hierover contact met beide landen, en zal waar mogelijk een actieve bijdrage leveren.
Er is een EU-VS expertgroep gestart die zich buigt over de bescherming van de persoonlijke levenssfeer en van elektronische gegevens van burgers. Het doel van deze expertgroep is inzicht krijgen in elkaars programma’s en de wijze waarop deze zijn verankerd in de rechtstaat.
Tevens zijn de staatssecretaris van Veiligheid en Justitie en ik actief betrokken bij de onderhandelingen over de nieuwe Europese wetgeving voor de bescherming van de persoonlijke levenssfeer. De betekenis van de onthullingen van de heer Snowden zal hierbij worden meegenomen. Zie ook het antwoord op vraag 3.”

3. What are consequences of the disclosures for the negotiations on EU legislation regarding the protection of personal data?

During the JHA Councils of July and from October 2013 an – always informal – exchange of views took place on the consequences that could be associated with the revelations. Decisions have not been made on these matters. I refer the Parliament to the reports on the council meetings.

On September 16th, is a “Friends of the Presidency”-meeting (an informal meeting where no formal decisions are made) was held dedicated to two proposals to amend Chapter V of the EU Data Protection Regulation. This chapter covers the transfer of personal data from the EU to third countries. For a report of that discussion, I refer to the report on the negotiations relating to the Q3/2013. The discussion on Chapter V of the Regulation will be continued. The outcome of the ongoing discussions between the EU and the U.S. on the collection of data and the underlying legislation will be taken into account.

In addition to the Council, the European Parliament is also deliberating on the legislation. The European Parliament pays specific attention to the transfer of personal data from the EU to the authorities of third countries. It goes without saying that the issue will be explicitly addressed in due course in the trialogue between the Commission, Council and European Parliament.

Original Dutch: “3. Welke gevolgen hebben de onthullingen voor de onderhandelingen over de te wijzigen EU-wetgeving ten aanzien van de bescherming van persoonsgegevens?
Tijdens de JBZ-Raden van juli en van oktober 2013 is – telkens informeel – van gedachten gewisseld over de consequenties die aan de onthullingen verbonden zouden kunnen worden. Besluiten zijn terzake niet genomen. Ik verwijs de Kamer naar de verslagen over de raadsvergaderingen.
Op 16 september 2013 is er een zogeheten Friends of the Presidency-vergadering (een informele vergadering waarin geen formele besluitvorming plaatsvindt) gewijd aan twee voorstellen tot aanpassing van hoofdstuk V van de EU verordening gegevensbescherming. In dat hoofdstuk wordt de doorgifte van persoonsgegevens uit de EU naar derde landen geregeld. Voor een verslag van dat beraad, verwijs ik graag naar de rapportage over de onderhandelingen die betrekking heeft op het derde kwartaal van dit jaar. De discussie over Hoofdstuk V van de verordening zal nog worden voortgezet. Daarbij zullen de uitkomsten van het nog lopende beraad tussen de EU en de VS over de verzameling van gegevens en de daaraan ten grondslag liggende wetgevingssystemen betrokken worden.
Naast de Raad beraadslaagt ook het Europees Parlement over het wetgevingspakket. Het Europees Parlement schenkt nadrukkelijk aandacht aan de doorgifte van persoonsgegevens uit de EU aan de overheden van derde landen. Het spreekt voor zich dat het onderwerp te zijner tijd in de triloog tussen Commissie, Raad en Europees Parlement nadrukkelijk aan de orde komt.”

4. What are the consequences of the revelations for the negotiations between the EU and the U.S. to establish a free-trade agreement[, the Transatlantic Free Trade Area (TAFTA)]? Does the EU demand that EU standards regarding privacy apply where EU citizens are involved in the implementation of that agreement?

The government believes it is still important that we shortly come to an ambitious and comprehensive agreement with the United States. It is the Netherlands itself that has a lot to gain: in addition to a expected structural growth of the Dutch GDP by 4 billion a year, the agreement also provides new jobs and lower prices. The government makes no connection between EU standards regarding privacy and the free-trade agreement.

Original Dutch: “4. Welke gevolgen hebben de onthullingen voor de onderhandelingen tussen de EU en de VS over een te sluiten vrijhandelsverdrag? Eist de EU dat de EU-normen ten aanzien van privacy van toepassing zijn voor zover Unieburgers betrokken zijn bij de toepassing van het verdrag?
Het kabinet vindt het nog steeds van belang dat we spoedig tot een ambitieus en veelomvattend akkoord met de Verenigde Staten komen. Juist Nederland heeft daar veel bij te winnen: naast een structurele verwachte groei van het Nederlandse BNP met 4 miljard per jaar, levert het akkoord ook nieuwe banen en lagere prijzen op. Het kabinet legt geen verband tussen EU-normen ten aanzien van privacy en het verdrag.”

5. How has the government responded to the relevation that financial data was tapped by the NSA via SWIFT, which has server in the Netherlands? What preventive measures have been taken? Can the government confirm whether this data is still tapped by the NSA?

I can not confirm the accuracy of the messages on the interception of SWIFT by the NSA. I am aware that Commissioner Malmström, following the media reports of the tapping of SWIFT by the NSA on September 12th, has asked the U.S. authorities to clarify this issue and that this topic is part of the discussions between the U.S. and the EU. See also the answer to the questions posed by the MP’s Koolmees and Schouw (both D66) on the media reports that the servers of the Society for Worldwide Interbank Financial Telecommunication (SWIFT) may be tapped by the NSA (publication date October 16th, 2013, reference: 2013D41109).

Original Dutch: “5. Op welke wijze heeft de regering gereageerd op de onthulling dat ook de bankgegevens via SWIFT, waarvan er in Nederland servers staan, getapt worden door de NSA? Welke maatregelen ter voorkoming zijn er getroffen? Kan de regering aangeven of deze gegevens nog steeds getapt worden door de NSA?
Ik kan de juistheid van de berichten over het aftappen van SWIFT door de NSA niet bevestigen.
Het is mij bekend dat Eurocommissaris Malmström de Amerikaanse autoriteiten op 12 september jl. per brief om opheldering heeft gevraagd naar aanleiding van de berichtgeving over de het aftappen van SWIFT door de NSA en dat dit onderwerp deel uit maakt van het beraad tussen de VS en de EU. Zie ook het antwoord op de Kamervragen van de leden Koolmees en Schouw(beiden D66) inzake over het bericht dat de servers van de Society for Worldwide Interbank Financial Telecommunication (SWIFT) mogelijk zijn afgetapt door de NSA (publicatiedatum 16 oktober 2013, kenmerk 2013D41109).”

6. Has the government formed a picture of the economic damage that the private sectors suffers as result of the theft of confidential data? If so, what steps will the government take in this?

The government has no insight into the quantitative economic damage that businesses suffer from theft of confidential data. However, there are several qualitative insights into the economic loss due to theft of confidential information and industrial espionage. In a study from 2011 that was commissioned by the British government [0], the annual economic loss in the United Kingdom due to cybercrime was estimated at 27 billion pounds. This is a conservative estimate, the amount is probably higher and increases every year. Industrial espionage takes 28% (7.6 billion pounds) and identity theft accounted for 6.3% (1.7 billion pounds). It is estimated that the industry contributes 75% of the damage. TNO has projected these findings to the Dutch situation and estimates the total national damage caused by cybercrime, with digital espionage as part of it, to be at least 10 billion euros [1]. Industrial espionage accounts for approximately 2 billion. These are estimates, the exact damage is difficult to determine or can not be determined.
The Dutch government is focusing on several areas to avoid digital espionage and combat theft of confidential data:

  • The AIVD and MIVD provide briefings to create awareness among government entities and industry about the threat of cyber espionage, and give advice on information security.
  • Within the National Cyber ​​Security Center (NCSC), an active information exchange exists between government services and the private sector – for instance the vital sectors – on (direct) threats and vulnerabilities.
  • In the Second National Cyber ​​Security Strategy (NCSS2) that the government has recently presented to the Parliament, an action is taken to develop a detection and response network. This partnership between public and private parties will be an important step to make the Netherlands digitally more secure and resilient.
  • The government commissioned the development of the Vulnerability Analysis Espionage (KWAS) and an associated manual and e-learning module. The Espionage Vulnerability Assessment Manual helps companies and organizations to investigate the risks of espionage themselves.
  • Hardware and software are vulnerable to cyber crime; computer infected with malware are also used for espionage. Besides awareness programs, a quality mark is being developed for secure software.
  • The Minister of Security and Justice, being the coordinating minister for cyber security, has sent the new government-wide National Cyber ​​Security Strategy to the Parliament. This includes extensive coverage of measures to increase the overall resilience in the digital domain.

Also see the answer to the questions posed by the MP’s Schouw and Sjoerdsma (both D66) on media reports that Russian spies are very active in the Netherlands (publication date May 23, 2013rd, reference: 2013D20939).

Original Dutch: “6. Heeft de regering zich een beeld gevormd van de economische schade die het bedrijfsleven lijdt door de diefstal van vertrouwelijke gegevens? Zo ja, welke stappen zal de regering hierin nemen?
Het Kabinet heeft geen inzicht in de kwantitatieve economische schade die het bedrijfsleven lijdt door diefstal van vertrouwelijke gegevens. Wel bestaan er diverse inzichten in de kwalitatieve economische schade als gevolg van diefstal van vertrouwelijke gegevens en industriële spionage. In een onderzoek uit 2011 dat is uitgevoerde in opdracht van de Britse overheid1, wordt de jaarlijkse economische schade in het Verenigd Koninkrijk als gevolg van cybercrime geschat op 27 miljard pond. Dit is een conservatieve schatting; waarschijnlijk is het bedrag hoger en neemt het ieder jaar toe. Industriële spionage neemt 28% (7,6 miljard pond) voor zijn rekening en identity theft 6,3% (1,7 miljard pond). Geschat wordt dat het bedrijfsleven 75% van de schade draagt. TNO2 heeft deze bevindingen geschaald naar de Nederlandse situatie en schat de totale nationale schade als gevolg van cybercrime, met als onderdeel daarvan digitale spionage, op minimaal 10 miljard euro. Binnen dit bedrag neemt industriële spionage ca. 2 miljard euro voor zijn rekening. Het gaat hier om schattingen, de exacte schade is lastig of niet vast te stellen.
De Nederlandse overheid zet in op verschillende vlakken om digitale spionage en diefstal van vertrouwelijke gegevens te voorkomen en te bestrijden:
– De AIVD en de MIVD geven briefings om bewustzijn te creëren bij overheden en het bedrijfsleven voor de dreiging van digitale spionage en geeft advies over informatiebeveiliging.
– Binnen het Nationaal Cyber Security Centrum (NCSC) wordt actief informatie uitgewisseld tussen overheidsdiensten en bedrijfsleven – zoals de vitale sectoren – over (directe) dreigingen en kwetsbaarheden.
– In de Tweede Nationale Cyber Security Strategie (NCSS2) die het kabinet recent heeft aangeboden aan de Tweede Kamer, is een actie opgenomen om een detectie- en responsenetwerk te ontwikkelen. Met dit samenwerkingsverband tussen publieke en private partijen zal een belangrijke stap gezet worden bij het digitaal veiliger en weerbaarder maken van Nederland.
– Het kabinet heeft de Kwetsbaarheidsanalyse Spionage (KWAS) en een bijbehorende handleiding en e-learningmodule laten ontwikkelen. De Handleiding Kwetsbaarheidsonderzoek spionage helpt bedrijven en organisaties zelf onderzoek te doen naar de risico’s van spionage.
– Hard- en software zijn kwetsbaar voor cybercriminaliteit; computers met besmette componenten of waar malware is binnengedrongen, worden ook ingezet voor spionage. Naast bewustwordingsprogramma’s wordt gewerkt aan de ontwikkeling van een keurmerk voor veilige software.
– De minister van Veiligheid en Justitie heeft als coördinerend minister voor cyber security de nieuwe kabinetsbrede Nationale Cyber Security Strategie aan de Kamer gezonden. Hierin is uitgebreid aandacht voor maatregelen ter verhoging van de algehele weerbaarheid in het digitale domein.
Zie ook het antwoord op de Kamervragen van de leden Schouw en Sjoerdsma (beiden D66) inzake bericht dat Russische spionnen erg actief zijn in Nederland (publicatiedatum 23 mei 2013, kenmerk: 2013D20939).”

7. What steps has the government taken to counter the ongoing privacy breaches?

See the answer to question 2.

Original Dutch: “7. Welke stappen heeft de regering genomen om de voortgaande inbreuken op de privacy tegen te gaan?
Zie het antwoord op vraag 2.”

8. What diplomatic steps does the government usually take when there is economic espionage? Has the government now also taken those?

The government considers any action outside the framework of the Dutch law to not be acceptable. This includes espionage for economic reasons by foreign powers in the Netherlands. The AIVD and MIVD therefore carry out structural investigation of espionage by foreign powers in the Netherlands. If such espionage is detected, measures always follow, both diplomatically and in other areas.

Original Dutch: “8. Welke diplomatieke stappen neemt de regering doorgaans als van economische spionage sprake is? Heeft de regering die thans ook genomen?
Het kabinet acht enig optreden buiten de kaders van de Nederlandse wet niet aanvaardbaar. Spionage om economische redenen van buitenlandse mogendheden in Nederland, valt hier ook onder. De AIVD en de MIVD doen om die reden structureel onderzoek naar spionage van buitenlandse mogendheden in Nederland. Indien dergelijke spionage wordt geconstateerd, dan volgen altijd maatregelen, zowel diplomatiek of op andere terreinen.”

9. Has the government itself and in cooperation with other countries taken measures to get countries that commit these offences to stop? 

See the answers to question 2 and 8.

Original Dutch: “9. Heeft de regering zelf en in samenwerking met andere landen maatregelen genomen om de landen die zich aan deze inbreuken schuldig maken ertoe te brengen deze te beëindigen?
Zie de antwoorden op vraag 2 en 8.”

[0] and-industry-report

Dutch readers are referred to Bits of Freedom’s posts about TAFTA (in Dutch):



Offensive techniques in Dutch National Cyber Security Research Agenda II (NCSRA-2)

On November 4th, the Dutch National Cyber Security Research Agenda II (.pdf, in English), or `NCSRA-2′, was published. The NCSRA is a “guiding document” for the calls for academic (primarily) and non-academic cyber security research proposals in the Netherlands. The first NCSRA, or `NCSRA-1′, was published (.pdf, in English) in 2012.

The old NCSRA-1 (2012) defined seven research themes, and focused almost entirely on defense:

  1. Identity, Privacy and Trust Management
  2. Malware (defensive)
  3. Forensics
  4. Data and Policy Management
  5. Cybercrime and the underground economy
  6. Risk Management, Economics, and Regulation
  7. Secure Design, Tooling, and Engineering

The only real hint at offensive was the final sentence of this paragraph:

“Military/defense. In 2010, Cyberwarfare became frontpage news, as well as a conspicuous reality with the Stuxnet attack on Iran (see page 14). Cyber security is crucial to the military and the Department of Defense both in terms of defensive/reactive capabilities, and in pro-active capabilities. Cyber defense is strongly related to resilience of the various critical infrastructures already mentioned above (Clarke and Knake, 2010). Additionally, forensics and attribution are fertile grounds for research involving many disciplines. However, in most advanced countries interest in a pro-active strike force is growing and more research and study is needed in this area.”

The new NCSRA-2 (2013) defines nine research themes, and now includes offensive (9th theme):

  1. Identity, privacy, and trust management
  2. Malware and malicious infrastructures
  3. Attack detection & prevention, monitoring [NEW]
  4. Forensics and incident management
  5. Data, policy and access management
  6. Cybercrime and the underground economy
  7. Risk management, economics, and regulation
  8. Secure design and engineering
  9. Offensive cyber-capabilities [NEW]

Concerning “Offensive cyber-capabilities”, the NCSRA-2 states:

“In some domains, it is important to develop techniques to strike back at attackers (both physically and by means of a cyber- attack). Besides the cyber-technical advances (often collectively referred to ’hacking back’), these include ways to disrupt financial and other support infrastructures on which the adversary relies. Offensive cyber capacities are equally essential in testing the defenses of existing systems – for instance in penetration testing.
Research challenges include the development of reliable techniques to penetrate other systems, evade defenses, and escalate privileges. Non-technical challenges include the development of legal guide-lines to determine when offensive capacities may be used and by whom, and against which targets. Decision procedures and command structures for the use of offensive cyber force are also areas that require research.”

The Addendum of NCSRA-2 elaborates:

“Operational cyber capabilities are becoming essential for defence organisations, but also in law enforcement and for prosecution. Law enforcement agencies have indicated an interest in offensive technology, not so much for ‘striking back’ at attackers, but with an eye on observing, disrupting and stopping criminal activities, as well aiding the apprehension of the perpetrators. This research theme focuses on improving the knowledge position and the operational cyber-capabilities in the widest sense.”

Possible research topics that are mentioned:

  • Reliable and stealthy attack techniques
  • Offensive countermeasures
  • Cyber intelligence gathering methods and techniques
  • Legal and ethical aspects of offensive cyber capacities and striking back
  • Procedures and command structures for of cyber force
  • Training capabilities for offensive cyber missions/serious gaming
  • Damage assessment (including collateral damage)
  • Integrated cyber and traditional offensive measures
  • Command & control and governance of offensive cyber
  • Ethical and legal considerations

Disciplines that are mentioned:

  • Computer science
  • Criminal, ICT, and International law
  • Law enforcement
  • Military law
  • Military strategy
  • Organisation & Management

One of the example short-term research questions:

“How can law enforcement agencies and/or the military obtain (develop/purchase) offensive technology?”