The current Dutch Intelligence & Security Act of 2002 (Wiv2002) only permits bulk interception of ether communications (e.g. satellite and radio), but not of cable communications (e.g. fiber, copper). The Wiv2002 codified the interception practice as it had existed for decades, which did not include bulk interception of cable communications. In August 2014, the Dutch government sent a letter to parliament that describes the development of the bill that will change the law (more). Yesterday, February 10th 2015, the Dutch parliament discussed these plans. A summary of highlights was published (in Dutch) on news site Tweakers by Joost Schellevis. Here is a translation of his article (hyperlinks and parts in  are mine):
Plasterk: AIVD will not intercept everyone
By Joost Schellevis
The secret service will not wiretap everyone if the powers of the secret services will be expanded. That was promised by Minister of the Interior, Ronald Plasterk, in the House. “I rule out that AMS-IX will be tapped entirely”, stated to Plasterk.
Tuesday evening, the House debated on the expansion of powers of the AIVD and MIVD. The cabinet wants to permit the services to carry out untargeted [e.g. in mass]; they are now only permitted to wiretap specific internet connections, but cannot collect large amounts of data seeking for patterns.
This does not mean that everyone will be eavesdropped on without a reason, Plasterk states. “I rule out that AMS-IX will be tapped in its entirety”, he states, referencing the largest internet exchange of the Netherlands, and one of the largest exchanges in the word. The Minister, who is responsible for the AIVD, does not exclude that the AMS-IX will be wiretapped. According to Plasterk, untargeted wiretaps can only be used for a “limited goal”. Eavesdropping of all Dutch citizens does not qualify for that, he says. “I cannot imagine a limited goal for which that is acceptable”, according to the Minister. MP Jeroen Recourt (PvdA) questioned how that promise will be laid down in law.
“Concerning the impression that the Netherlands is mass-wiretapped: that’s not true”, states his colleague, Minister of Defense Jeanine Hennis-Plasschaert, who is responsible for the MIVD. Without the new powers, the MIVD would be “deaf and blind”, according to the Minister. Where the AIVD focuses on threats within the Netherlands, the MIVD deals with threats abroad, such as areas where Dutch military personnel operate.
Plasterk gave an example of the use of the new powers: the services will be able to gather who calls certain numbers in Syria. “Then we can map those networks”, according to Plasterk. This only involves metadata, i.e., who calls who; not the contents of the communication. Next, certain phone numbers can be intercepted. Although Plasterk mentioned phone numbers, he later added that this could also involve internet traffic.
Coalition partners VVD and PvdA, who have a joint majority in the House, earlier already stated they will support the plans. According the MP Jeroen Recourt (PvdA) the cabinet has found a good balance between privacy and security. “Privacy must be guaranteed, but the secret services must also be able to do their work”, according to Recourt prior to the debate. Recourt finds the word “untargeted wiretapping” misleading. “It suggests that a large dragnet will be used, but that is not the case.”
MP Klaas Dijkhoff (VVD) agrees, he says to Tweakers. “The image that ‘untargeted’ suggests is a US-like system in which we intercept the entire internet, and search it for something interesting afterwards”, according to Dijkhoff. He notes that the power cannot be used without a reason, and that the Minister must approve it.
Nonetheless, resistance emerged in the rest of the House. “I want the cabinet to first prove why this is necessary”, according to MP Gerard Schouw (D66) prior to the debate. “Furthermore, oversight must be improved. Otherwise, no expansion of powers should take place, in our opinion. The effectiveness must also be justified in a better way.” Schouw also plead for a privacy impact assessment [more] of the proposal legislation.
The Socialist Party (SP) was even more critical; MP Ronald van Raak asked why the cabinet thinks this power is necessary at this time. The Christian Union thinks the premise of the law to be “good”, but made several remarks. “Why is no judge involved in placing a tap?”, asked MP Gert Jan Segers.
The PVV and SGP were more positive about the legislation. “The law must be modernized”, stated MP Roelof Bisschop (SGP). MP Martin Bosma (PVV) was more sure: “If you sit behind your desk at the editors of Charlie Hebdo and don’t come home, that is an infringement on privacy too”, stated Bosma, referencing the attacks in Paris.
GroenLinks was not present during the debate, but earlier stated to be critical of the plan. “This plan is very awkward”, stated MP Liesbeth van Tongeren. According to GroenLinks, it has not been proven that data collection leads to more arrests. The Party for Animals (PvdD) was also absent.
The bill will appear in April, or so promised Minister Plasterk during the debate. The cabinet will attempt to carry out an internet consultation, in which interested parties can provide their feedback to the bill. Plasterk could however not guarantee it. The cabinet hopes that the bill will be implemented next year.
Whether the law will indeed become reality, is difficult to predict. The Senate currently opposes it: in a motion filed by Senator Hans Franken (CDA), the Senate asked the cabinet to renounce ‘untargeted and large-scale surveillance of cable communications’. The motion was co-signed by Senators of the Socialist Party, PvdA, D66 and GroenLinks. Next month, however, provincial elections are held, as a result of which the composition of the Senate changes.
On February 6th, prior to the debate, Bastiaan Goslings, Governance and Policy Officer at AMS-IX, expressed (in Dutch) concern that expansion of powers will harm the digital economy:
The necessary trust that foreign parties must have to do business here, will disappear as a result of these plans. The Netherlands will lose its key role in the global internet. (…) Lots of safeguards are emphasized in rhetoric language, but I am seriously concerned about the extent of this law. (…) It fundamentally deteriorates our integrity.
During the debate, the Dutch Minister of Defense mentioned the following justifications for the new law, in terms of consequences of not having that law:
- cyber threats cannot be identified timely;
- Dutch military personnel abroad is probably less protected and supported (the Minister added that cable networks are increasingly used in mission areas and conflict zones);
- terrorist activities may not be identified timely;
- the true intentions of risk countries who may be seeking WMDs will remain hidden (the Minister added, with strong seriousness in voice and facial expression, that we lost insight into activities of countries possibly seeking WMDs, because those countries changed to cable communications);
- we are not able to quickly build an information position in upcoming crises abroad;
- theft of intellectual property, vital economical information, and state secrets goes unnoticed.
Two days after the debate, Prime Minister Mark Rutte stated (in Dutch) that freedom and democracy are at stake with jihad.
Privacy First, a Dutch privacy advocacy organization, announced (in Dutch) that they will go to court if the bulk interception law will be adopted.
Reflecting on the debate, kudos for useful questions and tenacity go to opposition MPs:
- Gerard Schouw (D66) for questions about proportionality, effectiveness, insisting on a privacy impact assessment for this law, asking for transparency (e.g. interception statistics such as published in Belgium (more) and Germany, but not in the Netherlands) and for referencing previous findings by the oversight committee CTIVD of unlawfulness and carelessness in the use of existing powers;
- Ronald van Raak (SP), for his persistence in questioning whether the law won’t simply be bypassed by the bulk interception that is already being carried out by foreign states.
And to a lesser extent, kudos for questions asked by two MPs of the two political parties representing the government:
- Jeroen Recourt (PvdA) for asking how the Minister plans to lay down in law his promise concerning proportionality, e.g., that not all citizens will be wiretapped;
- Anouchka van Miltenburg (VVD) for questioning the contradiction of requiring “untargeted interception” to be “goal-bound”, and asking whether raw bulk intercepts (i.e., from the acquisition phase, the first phase in the new interception framework; successive phases will be subject to heavier safeguards and oversight) can be exchanged with foreign states.
In April 2015, the Global Conference on CyberSpace (GCCS) 2015 takes place in the Netherlands. We’ll see whether the new interception bill will be available by then, whether the government will have submitted to the House its pending proposal to grant hacking powers to the police, and, hopefully, to what extent the Dutch government follows the recommendations on internet freedom made in December 2014 by the Advisory Council on International Affairs (AIV). Furthermore, the Minister of Foreign Affairs, Bert Koenders stated in a speech that the Dutch government will launch a “new, large initiative” to improve cyber security and prevent cyber crime:
We will launch a large new initiative for capacity building in cyber, open to states and private companies in order to assist countries to create sufficient capacity to improve cyber security and prevent cyber crime.
The latter will be likely be announced at GCCS 2015. [UPDATE: …and it indeed was (April 2015): the Global Forum on Cyber Expertise.]