Month: March 2015

‘International protection of the internet is a matter of urgency’, says Netherlands Scientific Council for Government Policy (WRR)

Posted on by mrkoot

UPDATE 2015-04-10: today, a week earlier than announced, the Netherlands Scientific Council for Government Policy (WRR) published (.pdf, in English; mirror) WRR-Policy Brief 2, entitled “The public core of the internet: an international agenda for internet governance”.

WRR report: "De publieke kern van het internet"

Cover of WRR report

The Dutch Scientific Council for Government Policy (WRR) sent a report (.pdf, in Dutch) regarding internet-related foreign policy to the Dutch Minister of Foreign Affairs, Bert Koenders. The report is a call to action for the Minister to implement three recommendations:

  1. “Promote the establishment and spreading of the norm that the public core of the internet — the central protocols and infrastructure that are a global public good — must be free of government interference.”
    • This considers the establishment of neutral zones that governments are not allowed to interfere in for the purpose of pursuing national interests, and argues that non-interference is in the interest of all countries.
  2. “Promote that different forms of security in relation to the internet are distinguished from each other nationally and internationally and are addressed by separate actors.”
    • This considers the undesired blend of “security” in terms of CERTs that have a public health-like function for networks vs. “security” in terms of national security, the domain of intelligence services and military cyber units.
  3. “Make expansion of the diplomatic field a part of the agenda for internet diplomacy.”
    • This considers the upcoming participation from countries in the East and South that have economical and political views different from those held by the current powers that be.

These recommendations are unrelated to, but not inconsistent with, the recommendations made in December 2014 by the Dutch Advisory Council on International Affairs (AIV) concerning internet freedom.

Alas, no English version is available of the new WRR report (yet?). According to the WRR website, a Policy Brief on this report will be published on April 16th 2015, during the Global Conference on Cyber Space (GCCS) 2015. The website further states:

International protection of the internet is a matter of urgency

The growth and health of our digital economies and societies are dependent on the backbone protocols and infrastructure of the internet. This backbone is now in need of protection against unwarranted interference to sustain the growth and the integrity of the internet. The internet’s backbone of key protocols and infrastructure can be considered a global public good that provides benefits to everyone in the world. Growing state interference with this backbone underlines the need to set a new agenda for internet governance that departs from the notion of a global public good.

Here is a translation of the report’s summary (~2100 words):

Summary

This report intends to contribute to creating the Dutch agenda for a foreign policy regarding internet. The core thought is that the central protocols and infrastructures of the internet must be considered a public good globally. This public core of the internet must remain free of inappropriate interventions by states and other parties who harm and undermine public trust in the internet.

States strengthen their control over the internet

Internet has become indispensable in our daily lives. It is interwoven with our social lives, consumption, work, relation to the government, and increasingly with objects that we use on a daily basis, from the smart meter to the car we drive and the drawbridge we travel across. For a long time, the administration of the internet was the exclusive domain of what is called the “technical community” in internet circles. That community laid down the foundation for the current social-economic interweaving of the physical and digital life. But the management of the foundation, with the Internet Protocol as its most prominent part, has become controversial. Because of the many interests, opportunities and vulnerabilities of the internet, many governments have gotten involved in it. The policy focus has shifted from a primarily economical view on the internet (the internet economy, telecommunications and networks) to a view determined by (national) security: the internet of cybercrime, vulnerable critical infrastructures, digital espionage and cyber attacks. Moreover, an increasing number of countries want to regulate citizens’ behavior on the internet for varying reasons: from protection copyright and addressing cybercrime to censorship and control over their own population.

The fact that national states demand their space and role on the internet, can have consequences for the crucial foundation of the internet. The internet has been made to function internationally, without regard of persons or nationalities, a basic principle that serves all users. It is mostly the deeper technological layers of the internet, consisting of protocols and standards, that enables information to find its way, and arrives in all parts of the world. When these protocols and standards do not function properly, the functioning and integrity of the entire internet is under pressure. The internet can “break” if we cannot rely on information we send to arrive at its destination, that we find the sites we are looking for, and that they are accessible. Recently, more states have started specifically using the deeper layers of the internet to serve national interests.

Considering the huge stake that is the internet, national and international interests of states must be given more weight within the governance structure. At the same time, it is necessary to be careful that the technological core — on which the growth of the internet is built — is not damaged, and to protect it against inappropriate use. The question how national interests and the governance of the internet as global public good can be balanced, must of course be answered internationally. That requires a clear standpoint from the Netherlands.

The public core of the internet

To that end, this report first argues that parts of the internet have the characteristics of a global public good. In global public goods it is about benefits for everyone in the world that can only be realized and maintained by direct action and cooperation. These benefits mostly follow from the core protocols of the internet, such as the “TCP/IP protocol suite”, various standards, the domain name system (DNS) and routing protocols. The internet as public good only functions if it ensures the core values of universality, interoperability and accessibility, and if it supports the core objectives of information security, namely confidentiality, integrity and availability. It is crucial that we — the users — can rely on the functioning of the most fundamental protocol of the internet, because the trust we have in the social-economic structure built on top of it, depends on it. Although it is inevitable that national states want to shape “the internet” to their own image, ways should be found to ensure the general functioning of this “public core” of the internet.

Two forms of internet governance

To provide insight into this tension, two forms of internet governance are distinguished in this report. In the first place, governance of the internet infrastructure. This involves the governance, organization and development of the deeper layers of the internet, that give direction to the development of the internet. The interest of the internet as collective infrastructure is paramount in this. Opposing this, is the governance that uses internet infrastructure. In this case, the internet is used as a means to control contents and behavior on the internet. That can vary from protecting copyrights and intellectual property to the censoring and surveillance of citizens by governments. Increasingly often, the infrastructure and the central protocols themselves are considered to be legitimate instruments to pursue national or economical interests. Whereas internet governance used to be primarily governance of the internet — in which administration and functioning of the internet is put first —, there now increasingly is governance via or using the internet.

Threat within the governance of the internet

The administration of the public core of the internet — the governance of the internet — resides at a number of organizations that are often together referred to as “technical community”. Although it is in principle in good hands, pressure is building from various angles. Political and economical interests, and differences of opinion — sometimes combined with new technological possibilities — challenge the collective character of the internet:

  • Large economic interests — such as the protection of copyright and business models for data transport — put large pressure on politics to eliminate net neutrality, formerly a default of the internet, are in fact protect it through legislation.
  • The administration of names and numbers of the internet (the IANA function) has become politicized. For reasons of international political legitimacy, there is large pressure to remove that administration from the immediate sphere of influence of the US: after all, it is of vital importance to nearly all countries. The Netherlands is served by an “agnostic” shaping of the IANA function, in which administrative tasks remain in the hands of the technical community, and that more political tasks allow room to accommodate the political and economical interests.
  • The discussion about ICANN (which carries out the IANA function) is also an important test case for the Dutch and European internet diplomacy to bring the formation of international coalitions beyond “the usual suspects” of the transatlantic axis.
  • Another challenge is the rise of national security thinking on the internet. The engineers approach of the CERTs (aimed at keeping the network “healthy”) and the international cooperation therein are hindered by actors focused on national security, such as intelligence services and military cyber units. A mixture of these views is undesirable, because the partial interest of national security opposes the collective interest of the security of the network as a whole.

Threats resulting from governance via the internet

States also directly target the public core of the internet, for various interests. They sometimes affect central protocols. Such practices undermine the reliability and security of the functioning the entire internet. Firstly in technical sense, but in extension of that also in economical and socio-cultural sense: if we cannot rely on the integrity, availability and confidentiality of the internet, that has consequences to the manner in which we want and can use it. The tension between political and economical interests on the one hand, and the interests of the internet as a public infrastructure on the other hands, become clear in dossiers such as:

  • Legislation that should protect copyrights and uses protocols and the DNS as a means, such as the American legislative proposals SOPA and PIPA and the ACTA design treaty.
  • Various forms of censorship and surveillance that use vital protocols and the “services” of internet intermediates such as ISPs.
  • The online activities of intelligence & security services and military cyber units that undermine the integrity of the public core of the internet by compromising hardware, software, protocols and standards, and keeping vulnerabilities in hardware and software secret.
  • Some forms of internet and/or data nationalism in which states seek to shield off a part of their internet.

On the basis of these findings, this report concludes that governments must act with serious restrain regarding policy, legislation and operational activities that affect the core protocols of the internet. This also applies to private parties that fulfill a key role considering this public core.

Towards a foreign internet policy

What contribution can the Netherlands deliver? The overarching interest of internet security firstly assumes a diplomatic approach in which the internet — explicitly and independently — is raised to a spearhead. Next to traditional spearheads such as trade, human rights and peace & security, the government should prioritize and develop a foreign internet policy. For a small, but relatively influential diplomatic actor in this field such as the Netherlands, “practice what you preach” must be the most solid basis to act as a role model. In new national legislation, the question whether the Netherlands can justify it internationally, must be an important consideration. On the area of fundamental rights and internet policy, the Netherlands should consistently get a passing grade to really claim a leader’s role.

This role entails a diplomatic effort aimed at protecting the public core of the internet. The protection of the public core of the infrastructure thus requires, in addition to political action in states, also a large restraint from those same states. To achieve that, new forms of power and dissent must be organized. The principles of mixture, separation and restraint, three classic principles of bonding power, must therefore be translated to the international context.

Recommendations

The central recommendation that the internet must explicitly be a spearhead of the foreign policy is further developed in this report into three recommendations:

  • Promote the establishment and spreading of the norm that the public core of the internet — the central protocols and infrastructure that are a global public good — must be free of government interference.

Firstly, it is about an international norm in which the central protocols of the internet are marked as a neutral zone, in which government interference on behalf of national interests is not allowed. In five year, a much larger group of countries have the technical capabilities that are now only in the hands of a few superpowers. If meanwhile also the norm arises that national states can freely determine whether they want or don’t want to intervene in the central protocols of the internet for reasons of national interest, that has a very damaging effect on the internet as a global public good.

A number of important fora are available to the Netherlands for establishing and spreading this norm. Firstly, the EU, and via the EY also trade agreements in which such a norm could be included as a clause. Fora such as the Council of Europe, the OECD, the OSCE and the UN also provide possibilities to anchor this norm. A seed can be planted that can grow to a wider regime over time.

  • Promote that different forms of security in relation to the internet are distinguished from each other nationally and internationally and are addressed by separate actors.

Secondly, it is about making distinction between various forms of security related to the internet. That requires a strict demarcation and a separation of duties and organizations, and mostly also a restraint of the tendency of states to make national security the dominant view of the internet. Notably the technical approach by CERTs, who have a more “public health”-like approach of the security of the network as a whole, and the approach from national security, in which national interests are put before the interest of the network, must remain separated.

  • Make expansion of the diplomatic fielda part of the agenda for internet diplomacy.

A demographic shift is taking place on the internet: away from North and West, towards the East and South. Other voices than the European and American one will in the near future speak louder, and will contain different economical and political ideas. It therefore is important to pursue a wide diplomatic effort to convince the so-called swing states that leaving the public core alone is in the interest of all states. Also, private parties must explicit be made part of the diplomatic effort regarding internet governance. Considering the great power of internet giants such as Google and Apple, governments can no longer ignore these parties in diplomatic sense. These companies are more than possible investors or privacy violators: they are parties that need serious diplomatic attention because of their crucial role in digital life, with all the contradictions that come with diplomacy. And lastly, the expertise of NGOs and other private parties must be made productive, without creating false expectations about their role in the administration of the internet. A lot can be whole here, especially regarding thinking about the consequences of internet governance for the technical functioning of the internet as a whole.

Related:

EOF

Supreme Court of the Netherlands upholds conviction of AIVD intelligence officer for leaking classified information to newspaper

Posted on by mrkoot

On March 31st 2015, the Supreme Court of the Netherlands upheld (in Dutch) the conviction of an employee of the Dutch General Intelligence & Security Service (AIVD) for leaking classified information to journalists working for Dutch newspaper De Telegraaf. The court ruled that the AIVD official cannot invoke rights granted by Article 10 ECHR concerning protection of journalistic sources.

Here is a translation of a report (in Dutch) by Security.nl based on the official press release (in Dutch):

Conviction of AIVD employee for leaking classified information to newspaper De Telegraaf is upheld

The Supreme Court of the Netherlands in The Hague today ruled that the conviction of an employee of the AIVD for leaking classified information to newspaper De Telegraaf is upheld. The court states that the employee cannot invoke the journalistic source protection rights. The conviction of the employee’s partner, however, must be done again in a new trial. The Supreme Court finds that the lower court insufficiently made clear to what extent he was intentionally involved in providing the classified information. The employee was sentenced to 16 months prison, her partner 8 months.

The case is about two publications in De Telegraaf in 2009; one on the AIVD’s role in informing the cabinet about the start of the war in Iraq, and one on the security of the Dalai Lama during his visit to the Netherlands. Because the AIVD suspected that information was leaked from the inside, the phone of the journalists involved was eavesdropped on by the AIVD to determine whether that suspicion was justified.

Resulting from a complaint filed by De Telegraaf and the journalists involved, the Dutch Review Committee on the Intelligence and Security Services (CTIVD) found, in hindsight, that the use of phone taps against the journalists was disproportionate. According to the judge, the AIVD should have considered the journalists’ right to protect sources more important than tracing the possible leak. As a result, the journalists were not prosecuted for violating state secrecy. The AIVD official who had  leaked the information, and her partner, were prosecuted.

Illegally obtained evidence

During the appeal, the Supreme Court stated that the evidence that the AIVD had illegally obtained by eavesdropping on the journalists could be used in the case against the AIVD employee. According to the Supreme Court, the lower court was justified in ruling that this evidence does not need to be excluded, because the journalistic right to protect sources does not apply to the employee. From the context of her employment, the employee was bound to confidentiality. The fact that the CTIVD found that the AIVD had gone too far is, according to the Supreme Court, not an extraordinary circumstance that could justify the leaking.

EOF

“The Netherlands: a freedom of information toddler” (Roger Vleugels, 2015)

Posted on by mrkoot

In March 2015, Dutch Freedom of Information (FOI) expert Roger Vleugels (Twitter: @RogerVleugels; LinkedIn: Roger Vleugels) sent a mailing about his upcoming FOI courses. That mailing had attached an English leaflet entitled “The Netherlands: a freedom of information toddler”, that contains reflections by Vleugels on the state of play of FOI in the Netherlands. Here are the contents of that leaflet (published with permission):

The Netherlands: a freedom of information toddler

A country with a FOIA paradox: few requests, lots of obstruction and lots of success

Quite contradictory to its image, the level of transparency in the Netherlands is poor. Within the government bodies the urge to improve the transparency is even poorer.
However, especially in the eyes of the Dutch themselves, the image of the Netherlands is one of a transparent country.

For sure, we are one of the first countries with a FOIA, a Freedom of information act in power. Worldwide the seventh. The first FOIA, the Wob, came into power in May 1980 after nine years of parliament and cabinet obstructions. This Wob in itself is a quite liberal FOIA.

Almost no use was made of the Wob in the first ten years of its existence. On national level, the use grew from a couple of hundred requests per year in the early nineteen nineties, via 1.000 at the turn of the millennium, to about 2.000-2.500 per year today.
On local level, almost no requests were filed in the last centuries. Serious requesting at a local level started some fifteen years ago and has stabilized at about five or six thousand requests per year, for all the about 400 municipalities combined.

Compared to its use in comparable countries, like the Anglo-Saxon and Scandinavian ones, the use of the Wob is poor. Per capita, the Netherlands file 5 to 10 times fewer requests.

The reason why we file so little requests is the same reason why the Dutch parliament has a poor inquiry performance: We simply have no inherent cultural desire to be or to have govern- ment watchdogs. We tend to believe our ministers and civil servants, with little questions asked. Despite that, one of our export products is transparency.

There are more paradoxes. Using the Wob, verb: wobbing, meets obstruction on an above average level. And, a paradox again, the success rate is also above average.

Obstruction is fierce. Lots of time delay; copious misuse of exemptions; idiotic exemptions like ‘disproportionate disadvantage’; a very broad definition of ‘personal deliberations’; Wob-offices are understaffed and have fairly unskilled civil servants. There are almost no courses for Wob- officials. This obstruction has grown bigger in recent years, largely as a result of a more and more imperious government style.

On the other hand: The few Dutch requesters that do attempt to free information using the Wob, are fairly high skilled, and generally very persistent. They file relatively many complaints and court appeals, on average resulting in over than ten major disclosures each month. Month after month, year after year.

In 35% of the cases, the first decision after filing a Wob request results in a satisfactory level of disclosure. This figure rises to 45% after an administrative complaint, to 65% after a court appeal, and to 75% after a high court appeal.

Since 1986 I filed for or with my clients 5,000 requests, 2,500 administrative complaints, 800 court appeals and 100 high court appeals. Most of my clients are mainstream Dutch press organizations. Among my clients are also special interest groups, NGO’s, researchers and private persons.

In this leaflet you find a selection of the successful ones, to give you an impression of the topic range. Not included are, of course, operational cases.

Regards, Roger

Vleugels publishes two free-of-charge monthly journals, funded by himself and voluntary donations from subscribers (suggested donation: EUR 42 per year):

  • Fring Intelligence: “Fringe Intelligence offers a selection of dozens of articles on not yet established intel news or on intel news next to mainstream. There are special sections on Natural resources intelligence and on Intelligence 2.0.”
  • Fringe Spitting: “Fringe Spitting provides news and tools for FOIA and Wob specialists with a focus on litigation.”

The journals “have 3,000+ subscribers in 115 countries: 55% intelligence specialists, 30% press, 15% FOIA/Wob specialists”. To receive samples, send a mail with subject “FRINGE SAMPLES” to . To subscribe, send one with subject “START FRINGE”.

Vleugels’ provides the following overview of his activities between 2003 and 2014 (note: he lectures on FOI since 1986):

Vleugels FOIA resume

Related:

EOF

‘Following unclarity about several layoffs, unrest among personnel of Dutch intelligence service AIVD’

Posted on by mrkoot

On March 28th 2015, Dutch newspaper NRC Handelsblad published a piece (in Dutch) about the Dutch General Intelligence & Security Service (AIVD). Here is a translation:

‘Explosive situation’ on the workplace of the AIVD

by Tom-Jan Meeus

An “explosive situation” has emerged on the workplace of the AIVD as result of a series of wrong political decisions and mistakes by the management. This says former AIVD employee Kees Jan Dellebeke (63) today in NRC Handelsblad.

Dellebeke worked at the AIVD until 2012, for 39 years, in almost all important functions — such as counterespionage and undercover operations —, as well as for its predecessor, the BVD. He still has contact with his former colleagues.

Dellebeke states that AIVD employees recently responded furiously (“this is a shitpile”) when the AIVD management cut down a discussion on the AIVD’s intranet.

Agents fired who would be vulnerable to blackmail

The discussion emerged after at least five secret agents where fired, among others because they would be vulnerable to blackmail due to a divorce or mortgage debt. Their colleagues asked what criteria the management used for that, says Dellebeke. When the management turned out not to apply clear and precise rules, unrest escalated on the intranet, Dellebeke states.

After this, the management felt necessitate “to apply means of force to keep the personnel in line”.

Dellebeke states that the unusual intensity of this conflict follows from internal problems at the AIVD since the cabinet in 2012 decides to cut a third of the service’s budget. Meanwhile, these cuts have been undone under the threat of muslim terrorism, but the negative effects are still felt, says Dellebeke.

‘Best people left the AIVD’

Those cuts resulted in “departure of the best people” at the AIVD, while in addition the ‘central education for secret agent’ was closed, says Dellebeke. The result is that, now that the service is hiring again, mostly young people are at work that lack professional know-how. A “brain drain”, according to Dellebeke. He also states that the head of the AIVD, Rob Bertholee, lacks an “intelligence vision” that “all those uncertain employees yearn for”. The AIVD declined to comment.

Members of parliament already announced they will submit questions about this to the Minister of the Interior, who is responsible for the AIVD.

EOF

Summary of report on the Netherlands Counterterrorism (CT) Infobox, a joint operation of Dutch govt organizations

Posted on by mrkoot

Logo of CT Infobox

[click image to enlarge]

In March 2015, the Research and Documentation Centre (WODC) of the Dutch Ministry of Security & Justice published a report (.pdf, in Dutch) on the Netherlands Counterterrorism Information Box, aka “CT Infobox”. The CT Infobox was established following the terrorist attacks in Madrid (2004), and serves as a platform for exchange of data about persons that are, from the perspective of terrorism, a potential risk to the Dutch society. Its purpose is “to improve the official information position in respect of persons posing a potential terrorist or radical threat to Dutch society, and to enable appropriate action to be taken against them”.

It is centered at the Dutch General Intelligence & Security Service (AIVD), and is a joint operation of various Dutch government organizations:

  • the General Intelligence & Security Service (AIVD)
  • the Military Intelligence & Security Service (MIVD)
  • the Fiscal Information and Investigation Service (FIOD-ECD; now part of “Inlichtingendienst (ID) Belastingdienst”)
  • the Financial Intelligence Unit Netherlands (FIU Nederland)
  • the Immigration and Naturalization Service (IND)
  • the Netherlands Police Agency (“Landelijke Eenheid” of the National Police)
  • the Royal Netherlands Marechaussee (KMar)
  • the Public Prosecution Service (OM)
  • the National Coordinator for Security & Counterterrorism (NCTV)
  • Inspectorate SZW (“Inspectie SZW”; per January 2012 it merged the former Social Intelligence and Investigation Service (SIOD), Work and Income Inspectorate (IWI) and Labor Inspection (“Arbeidsinspectie”) together)

The Dutch Review Committee on the Intelligence and Security Services (CTIVD) in 2007 published an oversight report (.pdf, in Dutch) about the CT Infobox, as well as the CT Infobox covenant (.pdf, in Dutch) . The oversight report states, among others, that the CT Infobox (then) contained data about 160 persons, and involved ca. 12 fte of AIVD personnel and ca. 10 fte of KLPD personnel. To my knowledge, no recent statistics are available. In February 2015, the AIVD estimated the number of persons who traveled to Syria to be some 150. In a 2014 report by the AIVD about jihad movements in the Netherlands it is stated “a few hundred” supporters and “a few thousand” sympathizers are among the Dutch population. So it shouldn’t be a stretch to expect the CT Infobox to contain data about a few hundred persons. To my knowledge, no numbers are available about other forms of extremism. In the 2007 report, the CTIVD noted that “different from common believe, the CT Infobox is not an entity in which persons are constantly followed and controlled”. And furthermore, that information supplied to the CT Infobox does not leave the CT Infobox — the CT Infobox only provides analyses based on that data to help determine how to handle a person —, and the CT Infobox is not a direct exchange of information between the participating agencies.

The WODC report contains an English summary. Here it is in its entirety (~4700 words):

Summary

CT Infobox 10 years

The Netherlands Counterterrorism Information Box (CT Infobox) was established ten years ago to improve the official information position in respect of persons posing a potential terrorist or radical threat to Dutch society, and to enable appropriate action to be taken against them. Its objective was to facilitate co-operation and the sharing of information about those individuals between government agencies. It was hoped that a better information position would enable more focused selection of those representing a genuine danger, that a broader arsenal of strategies to counter them could be considered and that co-operation and information sharing would result in customised recommendations to CT Infobox participants and third parties on how to deal with them, thus reducing the threat they pose.

With the CT Infobox now ten years old, the need is felt to analyse (i) the original assumptions underlying its organisation and operations, including the extent to which they are supported by empirical evidence, and (ii) how the box functions in practice and how futureproof it is.

Our analysis is based primarily upon interviews, academic literature and policy documents. To investigate the structure of the CT Infobox and the policy logic behind it, we conducted interviews and examined policy documents. Academic literature was then consulted to determine whether there is empirical support for that logic. In making this analysis, we drew a distinction between the functioning of the box at the operational level and its governance. As far as its practical workings are concerned, our principal sources were interviews with box personnel and with members of the Coordinating Board responsible for its oversight. We also spoke with several representatives of organisations involved in counterterrorism at the national level. To supplement the interviews, we studied the confidential annual reports of the CT Infobox itself, reports from the Intelligence and Security Services Regulatory Commission (Commissie van Toezicht betreffende de Inlichtingen- en Veiligheidsdiensten, CTIVD) and a number of other policy documents. Finally, we visited the box on several occasions to observe its work directly.

It has not proven possible to establish empirically whether the risk to Dutch society posed by individuals with terrorist or radical motives has been alleviated by the creation of the CT Infobox. However, we have been able to investigate whether the box has indeed brought about the kind of co-operation between government agencies which was envisaged when it was first set up. In this closing chapter, we summarise the principal findings of our investigation and reflect upon the future of the CT Infobox.

The Counterterrorism Information Box has undergone a series of changes over the past ten years. The number of participating agencies has grown from five to ten, and its working methods have also evolved. But what has remained constant throughout is the basic principle behind it: the CT Infobox provides a space within which official bodies can share information and communicate about certain individuals and jointly devise recommendations on how to deal with them.

The overall picture produced by this investigation is that the intended co-operation and information sharing have indeed been achieved. Participants are satisfied with these aspects of the box’s work, and with the results generated co-operatively. They view the way in which information is shared as unique, and perceive added value in the fact that information can be approached and assessed from a variety of perspectives and knowledge positions. In their opinion, this enables creative thinking about possible actions and generates appropriate recommendations. The members of the Coordinating Board, the body which oversees and directs the box, are also positive about it. They praised it in particular for the speed and efficiency with which it processes data, for its comprehensive assessment of information and for its social return on investment. The members of the Coordinating Board and the box’s own personnel agree that it is an important resource in the fight against terrorism.

To a certain extent, this positive image is surprising. All too often, after all, efforts by government agencies to co-operate and to share information are beset with problems. We therefore feel that it would be useful in this concluding chapter to focus upon how the CT Infobox is organised and to mention those factors which make it work in the way our interviewees say it does. We shall first discuss the form of co-operation within the box and then briefly consider the way in which it is governed. To conclude, we mention a number of dilemmas relevant to deliberations concerning the future of the CT Infobox.

Co-operation and information sharing between government agencies

From the literature, it is apparent that there are fundamental problems with co-operation and information sharing between government agencies. This is because all have their own tasks and responsibilities, and because partnership arrangements between them often fail to define clear authority relationships. This frequently results in tensions arising between their own interests – maintaining their own autonomy and identity, and achieving their own objectives – and the common interest which gave rise to the partnership. The less the partners are able to account for the benefits of the arrangement to their own organisation, the more their own identities come under threat and the more problematic the partnership becomes. The academic literature highlights a number of factors which appear to determine the extent to which chain partners are able to forge co-operative relationships.

  • The dominance of the chain problem.
  • How the partnership is organised.
  • The underlying legal principles, namely:
    • proportionality, subsidiarity and purpose limitation; and
    • the legal basis.
  • People and resources, especially in terms of:
    • mutual trust; and,
    • data management and the communications system.

In this chapter we look at how the CT Infobox approaches these factors in principle and in practice.

The CT Infobox approach

Dominance of the chain problem

The literature reveals that the dominance of the problem behind a partnership is an important factor in facilitating chain co-operation. In the case of the CT Infobox, certainly, it seems that co-operation between the parties involved is encouraged by the significance all of them attach to countering terrorism. The participants are unanimous in agreeing that this is a key public policy objective, and all are prepared to make their contribution towards that “higher goal” – even if doing so comes at a price and generates little direct return for the organisation. Members of the Coordinating Board state that they have no problem in finding support for CT Infobox participation within their own organisation or in securing the necessary investment in terms of time and capacity. In this respect, it helps that the arrangement has in practice turned out as originally envisaged at the time the box was established. This fact appears to have a self-reinforcing effect.

Organisation of the partnership

According to the specialist literature, organisations compelled to work together and so to share information are often reticent in that respect because they do not know what the other parties are going to do with their material. Moreover, such collaborations are often dogged by problems related to autonomy, authority relationships, task allocations and responsibilities.

In the case of the CT Infobox, these issues are largely overcome by the way in which the box itself is organised. Information is shared only with its own personnel, who do not pass it on or carry out any operational activities themselves. Within the “box”, material provided by the various participating organisations is combined and assessed from a multidisciplinary perspective. Participants or third parties then receive recommendations based upon that assessment. For example, they may be advised to share particular information with another party (“disclosure advice”), to adopt a particular course of action in respect of a given individual (“awareness advice”) or to initiate a personal targeting operation (in advice to the National Co-ordinator for Counterterrorism and Security). It is up to the recipients themselves to decide whether or not to act upon such advice.

In other words, the CT Infobox operates according to the so-called “closed box” principle. Co-operation is intensive when it comes to information, communication, assessment and advice, but the ultimate response to the recommendations emanating from the box is left up to the individual organisations receiving them. That is neither a task nor a responsibility of the CT Infobox itself. The great advantage of this approach is that the participating agencies retain their autonomy of action, in terms of both whether to act and when. Other parties need only be notified of their activities. At the level of specific actions directly against particular individuals, all that is required is good co-ordination – that is, an effective communications structure. There is no need for any more far-reaching forms of co-operation. Effectively, then, the sharing of information and the action taken in response to it have been completely separated. Because of this, the CT Infobox is virtually free of problems related to co-operation at the level of tasks, responsibilities and authority relationships.

One potential disadvantage of this form of organisation, however, is the possibility that CT Infobox recommendations are not taken seriously or are ignored altogether. Although the way in which they are followed up is monitored, the box has no influence over what is done with them. Nonetheless, our interviewees are not under the impression that their recommendations count for nothing. If they are not taken up, there is usually a good reason and it is up to the box to consider possible alternative approaches.

Underlying legal principles

The academic literature includes lengthy discussions centering on the fact that the information exchanged within chains often includes sensitive personal material and so raises issues of privacy. Consequently, there are a number of important legal factors to be considered when establishing co-operative arrangements of this kind: the extent to which the parties involved concur regarding the purposes for which the information is being shared, how they perceive the proportionality and subsidiarity of this activity and the legal guarantees surrounding it.

Proportionality, subsidiarity and purpose limitation

Our interviewees regard the sharing of sensitive personal information within the context of the CT Infobox as proportional, since this is done to combat terrorism and they see that as an overriding social objective. In addition, all agree that sharing material of this kind should only be done in pursuit of such an overriding objective and so should be protected by adequate legal and organisational safeguards.

Within the CT Infobox, attention is paid to the fact that sharing information about individuals must remain within the bounds of proportionality and subsidiarity. In accordance with these principles, the box only collects material about persons notified to it as posing a potential risk and who also meet its own “placement criteria”.

In practice, this means that there must be indications that the subject is involved in terrorism and so represents a potential danger to the Dutch constitutional legal order. If that is indeed the case, the interviewees deem that sharing information about that person complies with the principles of proportionality and subsidiarity. If not, then in principle they are not “hauled through” the CT Infobox process. Moreover, in theory there are regular reviews intended specifically to “delist” subjects. Although these are less of a priority in busy periods, even then they still are carried out from time to time.

Legal basis of the CT Infobox

It is legally permissible for sensitive personal information to be shared within the CT Infobox because, for statutory purposes, it forms part of the General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst, AIVD) and so is governed by the Intelligence and Security Services Act (Wet op de inlichtingen- en veiligheidsdiensten, Wiv). People from other organisations who carry out work for the CT Infobox have undergone the same security screenings and are subject to the same confidentiality requirements as AIVD personnel. And, as mentioned earlier, there is the so-called “closed box” principle. Government agencies pool their information inside the CT Infobox, but none of that material leaves it: “What’s in the box stays in the box”. It is thus no more than a space within which information can be shared and communicated about. The only things to leave it are recommendations, and the recipients can choose whether or not to act upon that advice. Under this arrangement, staff seconded to the box do not share any of the information they encounter during the course of their work with anyone outside it, including other employees of their own organisation. Not even their own line manager or representatives on the CT Infobox’s Coordinating Board. This form of organisation makes it legally possible to share information held by different government agencies about particular individuals.

There has been some discussion in the Coordinating Board about the legal status of the CT Infobox, with reference to the fact that criminal investigation and intelligence information can only be shared when absolutely necessary for national security. In the panel’s view, all the activities currently undertaken within the “box” do fall within that definition in terms of necessity and purpose limitation. Were its remit to be extended in the future, however, to include broader analyses not focusing solely upon individual subjects, then some members of the panel believe that such activities would have to be specifically defined as one of its objectives. And in that case it would be helpful if the CT Infobox had an explicit legal basis. But because this kind of information may not be shared under normal circumstances, others feel that creating a separate legal basis would be going too far.

In 2007 the CTIVD did recommend that the CT Infobox be afforded a legal status of its own under the Wiv. Its main reason for doing so was “frictions in the co-operation” at management level, which were apparent at that time. A specific legal basis would confirm the equal status of the participants and clarify their roles and positions. From our interviews, however, it is apparent that those past frictions have now all but disappeared.

Nonetheless, some people still consider the fact that not all CT Infobox personnel formally enjoy so-called “Article 60 status” (designation to undertake work on behalf of the AIVD) reason enough to amend the Wiv on this point. Others, by contrast, believe that the current arrangement works fine in practice.

People and resources

When it comes to people and resources, the literature focuses upon technical factors which may facilitate or hinder co-operation and upon individual willingness to collaborate. With regard to the former, the challenge lies in the fact that the different participating organisations all have their own information systems which are configured first and foremost to support their own primary processes rather than the joint activities to be conducted as part of the chain partnership. Introducing a new system often creates a multitude of new problems. According to the literature, the best solution for a chain partnership is an arrangement whereby each participant manages its own data but relevant material is available to all, with communications about that information also possible.

As for encouraging individual willingness to collaborate, several factors play a significant role. Apart from sharing a common goal, these include mutual trust and building social capital. The more people gain confidence in one another, understand each other’s abilities and limitations and appreciate the added value to be derived from the partnership, the more successful it becomes.

Data management and communications system

The CT Infobox does not have a central database. Instead, it has been decided that each participant manages – and so retains control over – its own material. Box personnel have access to more than ninety information systems, although the technical possibilities for automatic searches remain relatively limited. It therefore takes quite a lot of time to search the systems thoroughly.

In principle, personnel can browse through “all the files in the box”. In practice, however, most confine their searches to the systems administered by their own organisations, looking for relevant information about reported individuals. In part this is because of the technical limitations on searches in each others’ systems and in part because they feel “more at home” in their own IT environments. This effectively means that tasks within the “box” are allocated along organisational lines.

When a subject comes under investigation, box personnel tend to look for information about him or her in their own systems. Anything they find is retrieved and added to an in-house system which all can access and update. This assembles data in a comprehensive and structured manner, so that it can be reviewed and assessed coherently.

Once the picture is complete, a risk assessment of the subject is carried out and possible actions to mitigate the threat they pose are communicated. According to our interviewees, the chosen system of communication reveals possible responses which might not have been devised had the underlying information only been viewed from a single perspective. As a result, they claim, it is becoming more likely that a multidisciplinary approach will be chosen and that creative thinking will result in novel forms of intervention being proposed. In that respect, they say, the CT Infobox is still developing rapidly.

Mutual trust

Thanks to all the legal and organisational safeguards surrounding the CT Infobox, there is a high degree of internal mutual trust and personnel do not feel restricted in sharing information. Participants say that they trust one another completely, because everyone has undergone A+ screening and is subject to the same security regime. Communications between box personnel, and their mutual trust, also benefit from the fact that they all work on the same corridor at the AIVD and so can meet in person and, for example, drink coffee together. The atmosphere “inside the box” is good, and its Head’s style of management is also liked. Our interviewees also say that the fact that he comes from the police rather than AIVD emphasises the equality of the partnership.

The members of the Coordinating Board state that their mutual trust has increased greatly in recent years, too. Even outside the context of the CT Infobox, they are more and more likely to be in contact with one another. And for the most part they are highly positive about the atmosphere within the panel itself. The CTIVD review in 2007 found that the AIVD had claimed too prominent a position in the early years, but our interviewees say that that is no longer the case. Overall, they are positive to highly positive about the degree of mutual trust within the panel, about the openness of the collaboration and about governance of the CT Infobox.

Moreover, that trust extends beyond the box itself. Although we have not looked at exactly what factors are taken into consideration when referring individuals to the CT Infobox for investigation, it is striking that a large proportion of these subjects are reported by the AIVD and the police. If they believed that the information they hold about such persons might be misused, they would probably be more reticent in disclosing it.

Governance by the Coordinating Board

The literature reveals that the extent to which any governance model is appropriate to a given network is determined by four factors: the number of participants, the degree of consensus concerning its goal, mutual trust and the need for network competencies. If, as in the case of the CT Infobox, there are a lot of participants, a high degree of consensus, substantial mutual trust and a great need of network competencies, then the most suitable model would seem to be a “network administrative organisation”.

To guide the work of the CT Infobox, an independent committee has been formed: the Coordinating Board (Coördinerend Beraad). All the participating organisations appoint one board-level representative to sit on this body. This means that the box can indeed be characterised as a “network administrative organisation” rather than one run in accordance with “shared governance” (all the participants guide the network in equal measure) or “lead organisation” (one partner assumes leadership) principles. Moreover, this arrangement seems to work well in practice. The Coordinating Board confines itself mainly to strategic decisions and policy matters, whilst day-to-day operational management is in the hands of the Head of the CT Infobox. According to some of Coordinating Board members we interviewed, however, this structure does leave something of a gap between the operational and strategic levels. This is no way a criticism of either the chair of the Coordinating Board or the Head of the CT Infobox, both of whom are very highly regarded, but more about the limited fulfilment by the panel of its assigned role as a proactive governing body. In the view of some interviewees, the panel in its current form acts purely as a reactive “supervisory board”. Some would like to see a stronger policy component to its work, arguing that it should be lobbying for a wider remit for the CT Infobox. For example, one that include supporting analyses based upon the information available within the box. Because this issue touches upon the very purpose of the CT Infobox, it is one which has to be discussed within the Coordinating Board.

The future of the CT Infobox

Our interviewees agree that the existence of the CT Infobox is justified, and are positive about its future. All expect it to survive for at least the next decade. They consider it futureproof and believe that ten years from now there will still be a need for the “room to share” which it provides. However, several possible options for its future direction were put forward. These concern its composition, its objectives, its legal status, the role of the Coordinating Board and increasing awareness of its existence. The points discussed with the interviewees are summarised below, in all cases subject to the proviso that these are matters for further discussion. They reflect dilemmas which need to be addressed on a regular basis, because the choices made in these respects are always going to be influenced in part by political and societal developments.

Composition – how many participants?

Strikingly, the majority of our interviewees are satisfied with the current composition of the CT Infobox. In the ten years since it was founded, the number of participants has increased from five to ten. However, there is a dilemma in this respect. At the operational level, it is good to have a large number of organisations represented. But the more of these there are, the more complex that makes the box’s governance. And greater numbers also tend to favour a more conservative approach. Including more participants simply in order to gain access to more sources of information does not appear to be necessary, whilst cutting the number of participants is undesirable from the operational point of view.

To simplify the box’s governance, one idea would be to reduce the size of the Coordinating Board. But that could leave active participants without representation at this level. It is for these reasons that many of the interviewees say that the box’s current composition is “exactly right”.

Objectives – different subjects and analyses?

All the interviewees agree that the public policy objective behind the foundation of the
CT Infobox and the partnership it represents – fighting terrorism – is hugely important. But there is some discussion as to whether its remit should be broadened to include additional subject groups or deepened with more fundamental analyses.

Essentially, the box’s success in combining information has led to calls for more of the same: by collecting more information about more people in the same fashion, other serious threats – from organised crime, for example – could also be tackled better. On the other hand, one of the main reasons why the CT Infobox works so well is that its whole raison d’être – counterterrorism – is regarded as a “greater good” for society as a whole. Were its mission to be extended into other domains, that would give rise to debate about the necessity, proportionality and subsidiarity of sharing information in this way. Some participants would certainly question the legitimacy of doing so for these new purposes. The CT Infobox in its current form works because it targets a very small and specific group. Expansion may cause more problems than it solves.

Effectively, the same applies to analyses. The CT Infobox brings together a lot of information which could be used to produce in-depth analyses. But the more it does this, the more the box drifts away from the original purpose for which it was established. This needs to be taken into account when considering what is possible and desirable.

Interestingly, the Coordinating Board has never discussed this issue in a structured manner. This is reflected in the fact that different members interpret the very word “analyses” in quite different ways, from operational analyses of particular subjects to analyses of broad social trends and phenomena.

As for CT Infobox personnel, they express no particular interest in investigating new subject groups but they do consider the underuse of existing analytical opportunities as a chance missed. What they need more than anything is greater capacity for operational analyses – so that they can investigate subjects in more depth, for example, and conduct tactical analyses. They would also very much like to carry out analyses providing them with an insight into the effects of their recommendations – what works, and under what circumstances – so that they can learn lessons for the future. But there are some personnel who believe that there is added value to be gained from the strategic analysis of trends and developments, too, because they feel that such exercises would help when setting priorities and in designing structural barriers against terrorism. In general, personnel think that greater analytical capacity will make the box more futureproof.

Members of the Coordinating Board talk about analyses in general terms, but in many cases seem to be referring to strategic analyses which could be used in formulating policy. Before deciding whether the CT Infobox should start conducting analyses at some point in the future, then, it is essential to establish exactly what is meant by the term and what the benefits and drawbacks of such an extension of the box’s role might be. The same also applies to expansion to include new subject groups, of course, but at this stage there seems to be less support for that course of action.

Legal status

We have already outlined the previous discussion by the Coordinating Board of the legal status of the CT Infobox. Some believe that it requires an explicit legal basis, others that it is best without one. When considering the box’s future, not only should the need for such a status – as already recommended by the CTIVD – be investigated but also its potential benefits and drawbacks as well as what exactly should or should not be established in law.

Role of the Coordinating Board

As far as the role of the Coordinating Board is concerned, the perceived gap between the operational and strategic governance of the CT Infobox could be filled by ensuring that the panel focus more intensively upon operational issues. Alternatively, it could also operate at greater distance from the box’s day-to-day activities. Both possibilities have their advantages and disadvantages. To make a considered choice in this matter, a variety of options for a revised role for the Coordinating Board should be drawn up so that their respective pros and cons can be weighed up explicitly.

Outside support

To conclude, the future of the CT Infobox will be shaped not only by the degree of support it enjoys among its own personnel and the Coordinating Board, but also to a great extent by its image in the “outside world”. In fact, it can only function properly as long as that world trusts in its work and provides it with sufficient backing. Most of our interviewees expressed no concern about the extent of that support, but some members of the Coordinating Board did note that there should really be broader awareness of the high quality of the products the box delivers and the added value its provides. The CT Infobox operates in an environment in which confidentiality and secrecy play a major role, and so its successes often remain hidden. Despite this, they would find it a good thing if some of the positive feeling which prevails inside the “box” were to be sensed outside it. It is certainly worth considering how this might be achieved. The more openness there is, though, the less of a “closed box” the box becomes. There are conflicting interests at stake, but a balance should be struck between them. Perhaps the “theme days” the CT Infobox organises for its participating agencies could help generate greater openness. As should the picture of its work presented in this report.

EOF