Joint statement from the Belgian, Danish, Dutch, Norwegian & Swiss spy oversight bodies: “Strengthening oversight of international data exchange between intelligence and security services”

UPDATE 2019-03-19: the Dutch minister of the Interior has responded (in Dutch) to the joint statement, as per request of the Dutch oversight committee (CTIVD). I added a translation of that response to the post below.

The intelligence oversight bodies in five European countries today announced a “new form of cooperation” via a joint statement (.pdf; mirror) that was signed in Bern (CH) by the five heads of national oversight on 22 October 2018. The participants are:

  • 🇧🇪 Belgium: Belgian Standing Intelligence Agencies Review Committee
    • Locally known as `Comité permanent de contrôle des services de renseignements et de sécurité’ (French) and `Vast Comité van Toezicht op de inlichtingen- en veiligheidsdiensten’ (Dutch)
    • Website: http://www.comiteri.be/
  • 🇩🇰 Denmark: Danish Intelligence Oversight Board
  • 🇳🇱 Netherlands: Review Committee on the Intelligence and Security Services
    • Locally known as `Commissie van Toezicht op de Inlichtingen- en Veiligheidsdiensten’ (CTIVD)
    • Website: https://www.ctivd.nl/
  • 🇳🇴 Norway: EOS Committee – The Norwegian Parliamentary Intelligence Oversight Committee
  • 🇨🇭 Switzerland: Independent Oversight Authority for Intelligence Activities (OA-IA)
    • Locally known as `Unabhängige Aufsichtsbehörde über die nachrichtendienstlichen Tätigkeiten’ (AB-ND)
    • Website: https://www.ab-nd.admin.ch/

According to the statement, it:

  • Describes their project, “which entailed each of them conducting an investigation into their respective countries’ services’ use of information regarding foreign terrorist fighters and sharing our methods, best practices and experiences.”
  • Addresses the challenges they met “when overseeing international data exchange, including the risk of an oversight gap when intelligence and security services cooperate internationally.”
  • Identifies ways to “move forward towards strengthening oversight cooperation, for example through minimizing secrecy between oversight bodies so that certain information can be shared, in order to improve our oversight of international data exchange.”

The challenges to international oversight that are mentioned (and explained) in the statement:

  • “Oversight does not cross national borders”: oversight is limited to national mandates, hence does not have a framework that provides possibilities for international cooperation / matching / comparison / benchmarking.
  • “The challenge of cooperation in the face of secrecy”: speaks for itself.
  • “Assessment of necessity and proportionality”: this can vary depending on, for instance, how different countries interpret and evaluate these; which can include difference is use of margins of appreciation that nation states have under international law with regard to the concept of national security.
  • “Some countries differentiate between citizens and foreigners”: speaks for itself.
  • “Means and methods of data exchange”: informal vs formal, and differences in how exchange takes place in practice.

The most important parts (IMHO, are these paragraphs from the section “5. Oversight of international data exchange – moving forward” (bold emphasis is mine):

“[…]

Due to technological development and increased cooperation, the data exchange between intelligence and security services is intensifying, resulting in an increase of the number of individual data exchanges. The sheer volume of data exchanged may become a challenge in itself. To assess the legitimacy and quality of each individual exchange can become an overwhelming task for the oversight bodies. In addition to conducting spot checks, it is becoming increasingly important to assess the system and framework for data exchange and the existence and functioning of safeguards for the protection of fundamental rights.

To do this effectively, oversight bodies will need to develop new methods. One way forward may be to increasingly use computerized automation and tools developed for conducting oversight of large volumes of data. In order to achieve this, oversight bodies need to expand their IT expertise and knowledge of the services’ systems. Another way to facilitate a more effective oversight would be to take the needs of the oversight bodies into account when the services implement new systems and to strengthen mechanisms of internal and external control.

The oversight bodies of Belgium, Denmark, the Netherlands, Norway and Switzerland will continue to exchange methods and best practices, as well as discuss international challenges to oversight, and the best approaches to overcoming these challenges. We invite oversight bodies from other countries to join us in our efforts to limit the risk of an oversight gap and to improve oversight of international data exchange between intelligence and security services.

UPDATE 2019-03-19: the Dutch minister of the Interior has responded (in Dutch) to the joint statement, as per request of the Dutch oversight committee (CTIVD). My unoffficial translation of the body of her letter:

“[…]

Core statement

In the joint statement, the oversight bodies point out that cooperation between intelligence and security agencies, both bilateral and multilateral, has intensified over recent years. After all, the international character of the terrorist threat necessitates such cooperation. The oversight bodies speak of a risk of a gap in oversight, because the oversight is strictly national and — different from the intelligence cooperation — ends at the country border. The oversight bodies state that national legislation can impede the exercise of effective oversight regarding developments in such cooperation. The five oversight bodies therefore initiated a project in which they shared experiences and methods, without sharing classified information between them.

A necessary step to effectuate the cooperation of the oversight bodies should, according to the oversight bodies, be that national oversight bodies are permitted to communicate about classified topics. The oversight bodies note that once intelligence and security services have exchanged classified information, there would be no reason for national oversight bodies to lag behind. That however requires that the Dutch law be amended, because the legal confidentiality obligation precludes such a course of action. Besides, in explaining its position, the CTIVD informed me that the intended information exchange should be limited in absolute terms and at least restricted to information that the oversight bodies already have access to in the course of their supervisory duties.

Considerations

I recognize the interest expressed by the oversight bodies, namely that the international exchange of information between intelligence and security services meets an adequate level of data protection, and that this can be monitored. I have drawn attention to this in various bilateral discussions with colleagues from abroad. I therefore welcome cooperation in this context between national oversight bodies. However, the amendment of the Intelligence and Security Services Act 2017 (Wiv2017), to make it possible to exchange classified information between oversight bodies, encounters objections.

The risk of an oversight gap, perceived by the CTIVD, is primarily related to the structure of national oversight by the various oversight bodies. There are significant differences between the supervisors. For example, the Dutch oversight system arranges that the CTIVD may also investigate the international cooperation of the services, which is not the case for every oversight body. It is not reasonable to amend the Wiv2017, because the amendment would only have an effect on the Dutch oversight body, and does not mandate a legal authority to foreign oversight bodies to exchange their state-secret information with the Dutch body. Furthermore, the exchange of classified information between oversight bodies has an impact on ministerial responsibilities. For the cooperation of the AIVD [aka GISS] or MIVD [aka DISS] with foreign services and the fact that classified data are shared with those services, the Minister of Defense and I are respectively [sic] fully responsible and can be held accountable by Parliament. Even if, for example, there is compromise of classified data. The Wiv2017 positions the CTIVD as an independent body, for which the Minister of Defense and I have only limited responsibility, namely only for the legal framework as such. This position is also endorsed by the CTIVD.

The foregoing does not change the fact that I share the interest pursued by the oversight bodies. I do, however, expect more relief if more attention is paid to the topic of oversight and if agreements are made within the framework of entering into bilateral or multilateral cooperation between intelligence and security services. I would like to dedicate myself to this.”

EOF