Dutch Review Committee on the Intelligence & Security Services (CTIVD) to (self-)assess effectiveness of lawfulness oversight re: large-scale & data-intensive spying

The Dutch Review Committee on the Intelligence & Security Services (CTIVD) has published a press release (in Dutch) about a project it has started to review and uphold the effectiveness of its oversight on the lawfulness of the exercise of special powers by the Dutch intelligence services AIVD (non-military) and MIVD (military). Here is my translation of that press release:

Project Oversight 3.0

News | 25-04-2017 | 13:09

The technological possibilities for the AIVD and MIVD to acquire and analyze data have increased strongly. The Intelligence & Security Bill 20xx contributes to that. As a result of the expansion of the cable interception powers, the bill provides the AIVD and MIVD more possibilities to collect data. At the same time, the bill provides safeguards regarding the analysis of collected data and the deletion of data that is not relevant [to the exercise of the services’ tasks as defined by law]. The CTIVD oversees this. In the parliamentary debate on the bill, the question whether the CTIVD has sufficient in-house technical knowledge to keep pace with the developments. The professional field that the CTIVD must oversee changes, and the CTIVD adapts accordingly.

Objective of the project

Against this background, the CTIVD decided to set up project Oversight 3.0. The objective of this project is to make an inventory of how the organization and procedures of the CTIVD should be structured, so that effective oversight can also be carried out in the future. The emphasis is on the possibilities of (systemic) oversight on the acquisition, analysis and deletion of large amounts of data. Project 3.0 does not include investigation into lawfulness [note: this might have been mentioned because overseeing lawfulness is the normal/default task of the CTIVD, and this project is separate from & additional to that]. The CTIVD will report on this project in its annual report.

Data processing

To uphold effective oversight, the CTIVD must gain more insight into the data housekeeping at the services and the way in which they deal with large(r) data. Project Oversight 3.0 will provide insight into which instruments, organizational changes and technical means must be used by the AIVD and MIVD in support of implementing the new bill. The project also maps the data housekeeping, analysis and administration. The exchange of data/intelligence with national and international partners will be taken into account in this. Furthermore, the project focuses on the way in which the AIVD and MIVD implement safeguards in their systems and enable internal oversight [by the services themselves] and external oversight by the CTIVD [on those safeguards]. These insight will then provide the basis for structuring the CTIVD’s oversight in a way that fits to the new bill and further digitalization of our world.


Project Oversight 3.0 comprises a number of subprojects. There are focuses on topics such as the new power of investigation-oriented interception, the deletion of non-relevant data, and for instance automated data analysis [note: the bill introduces, or rather provides a more specific basis and powers corollary to the acquisition and processing of large data sets].


Oversight 3.0 is a project that will span multiple years. As a first step, an IT adviser has been hired per 1 September 2016. He is responsible for the execution of the project and will advise the CTIVD on what changes are necessary. The IT adviser is also involved in setting up the IT expert unit within the CTIVD. This expert unit will bring together specific technical knowledge. The unit will have various tasks, such as advising and supporting the legal experts, the joint exercise of investigations into lawfulness of the exercise of special powers, and advising the CTIVD on technically complex questions/problems. The unit is expected to consist of three persons.

At the start of 2017, the first subprojects of project Oversight 3.0 have commenced. An annual evaluation will be carried out as part of the project, based on which adjustments can be made to the project if necessary.

One might also recall that in 2014, the CTIVD decided to involve a group of academics in the oversight process. (I personally believe that both that decision, and project Oversight 3.0, are indicators of realism and strength on the part of the CTIVD.)