[UPDATED] Dutch Senate requests govt to abstain from legalizing cable SIGINT in a way that permits “unconditional, indiscriminate and large-scale” surveillance

UPDATE 2015-07-02: the Dutch government released an intelligence bill into public consultation. Details here.

UPDATE 2014-10-07: the votes are in: all motions were adopted by the Senate, except the motion filed by senator Strik (GroenLinks). It’ll be interesting to see how the Dutch govt will respond to the Senate’s requests for an investigation on the independence and reliability of standardization bodies such as the IETF (perhaps due to the discussion on Kevin Igoe, associated with NSA, being co-chair of IETF’s Crypto Forum Research Group), NIST (of DUAL_EC fame) and the GSM Association.

On Tuesday September 23rd, the Dutch Senate discussed topics concerning privacy and intelligence & security services. The full transcripts are here (part 1; in Dutch) and here (part 2; in Dutch). The following motions were filed, and will be voted on during the plenary meeting of Tuesday October 7th (h/t @AndreasUdo):

  • [ADOPTED] Senator Franken (CDA) filed a motion (.pdf, in Dutch) requesting the government to abstain from extending interception powers in a way that would permit “unconditional, indiscriminate and large-scale” surveillance of cable communications. Note that Dutch intelligence & security services are currently permitted to carry out bulk interception/search only of non-cablebound communications, such as HF radio and satellite. Oversight on the exercise on that power is currently broken. Nonetheless, the government is currently dreaming up a bill that may extend this power to include cable communications. Think of GCHQ’s Tempora and NSA’s DANCINGOASIS, but on way smaller budget and in a different intelligence culture.
  • [ADOPTED] Senator De Vries (Labour Party) filed a motion (.pdf, in Dutch) requesting the government to investigate the independence and reliability of bodies that standardize security protocols, mentioning IETF, NIST, GSM Association as examples. Think of the DUAL_EC controversy here.
  • [ADOPTED] Senator De Vries (Labour Party) filed a motion (.pdf, in Dutch) requesting the government to create safeguards concerning the decision-making on the disclosure or non-disclosure of vulnerabilities found by the Dutch intelligence & security services (think of the JSCU). The senator states that the decision to disclose or not disclose a vulnerability cannot be made by the services themselves, because the interest of all internet users has to be taken into account; thus implying that the services cannot be relied upon to take the interest of all internet users sufficiently into account.

In addition, the following motions were filed:

  • [ADOPTED] Senator Franken (CDA) filed a motion (.pdf, in Dutch) requesting the government to ensure that the current and future legal framework and oversight mechanisms are compliant to the European Convention on Human Rights (ECHR) and EU legislation concerning data protection. In that same motion, the senator requested to government to protect citizens against observation by Dutch or foreign services in a way that violates the ECHR and to guarantee that the rule of law is not weakened as a result of extraterritorial use of a foreign law. N0 specific examples are mentioned, but one EO 12333 and FISA come to mind.
  • [WITHDRAWN] Senator Strik (GroenLinks) filed a motion (.pdf) requesting the government to “investigate the usefulness and necessity of independent oversight on government institutions that are not covered by the Dutch Review Committee on the Intelligence and Security Services (CTIVD), but that do carry out similar tasks that involve infringement on the right to privacy”.
  • [ADOPTED] Senator Gerkens (Socialist Party) filed a motion (.pdf, in Dutch) requesting the government to commission the Rathenau Institute to investigate the desirability of a committee that can advise on the ethical aspects of digitization; considering the Internet of Things, that will connect “everything and everyone”, will bring opportunities but also threats; considering that the effects of this digital development on society will be not only technological, but also societal, social-legal and social-psychological.


Leave a Reply

Your email address will not be published. Required fields are marked *