On December 23rd 2014, the Dutch Review Committee on the Intelligence and Security Services (CTIVD) sent a letter (.pdf, in Dutch) to prime minister Mark Rutte to announce it will establish a knowledge network of a group of academics that agreed to be consulted by the CTIVD during investigations. Several of the members of this network have been asked to be available to provide feedback on the contents, coherence and relevance of (draft) oversight investigation plans, reports, and advice; their names will be disclosed following the outcomes of the security screenings. The remainder of this post consists of an unofficial translation of the CTIVD’s letter.

Subject: Knowledge network and feedback group concerning the CTIVD

Article 76 of the Dutch Intelligence & Security Act of 2002 (Wiv2002) provides the Dutch Review Committee on the Intelligence and Security Services (CTIVD) the power to commission experts to perform certain tasks, if such is necessary for its proper functioning. The CTIVD hereby informs you about the way in which it uses this authority as of December 1st 2014. The CTIVD aims to carry out independent investigations into the lawfulness of the activities carried out by the AIVD and MIVD, to provide insight into properly balancing national security and privacy. To ensure robust and future-proof oversight, it is necessary to closely monitor the relevant technological, legal and societal developments. The CTIVD has established an knowledge network consisting of several experts to support that. The knowledge network must advise and inform the CTIVD on said developments. The experts participate on personal capacity. The knowledge network meets at least three times a year, for instance around the establishment of annual plans and evaluation, or on the occasion of relevant events. The CTIVD can thus use the input provided by the knowledge network for prioritizing, deciding, and focusing investigations. The knowledge network currently consists of seven experts, namely:

• Nico van Eijk (professor of information law, specialized in telecommunications law, University of Amsterdam)
• Bob de Graaff (professor of intelligence & security studies, Utrecht University, and professor of intelligence and security, Netherlands Defense Academy (NLDA))
• Constant Hijzen (teacher of national security, Leiden University)
• Mireille Hildebrandt (professor of IT and rule of law, Radboud University)
• Bart Jacobs (professor software security & correctness, Radboud University)
• Rick Lawson (professor of European law, and dean of faculty of law, Leiden University)
• Erwin Muller (professor of security & law, and vice-chair of the Dutch Safety Board, Leiden University)

The CTIVD asked several of the experts to also be available to advise, at an early stage, on the contents, coherence and relevance of (draft) oversight investigation plans, reports, and advices. The CTIVD will involve individual members to provide feedback, per investigation, depending on their field of expertise. By involving experts at an early stage of investigations, their input has a direct effect of the set up of investigations and oversight reports. This means that the experts may be exposed to state secrets. Although drafts of secret appendices to oversight reports will not be presented to the experts, and the experts will not be involved in case investigations or hearings of persons, the experts may access documents that have not (yet) been declassified by the relevant Minister. Security screenings at the A level [=highest level for non-officials] will be carried out in consultation with the AIVD. The names of the persons involved in providing feedback will be announced following the outcome of the screenings. Not until then, the experts will be involved in investigations.

The honorarium for the experts is in accordance with the Decision fees advisory boards and committees.

This is an excellent development.

EOF

An open letter (in Dutch) by Dutch MP Tofik Dibi references Peggy McIntosh’s 1988 working paper White Privilege: Unpacking the Invisible Knapsack (.pdf; mirror 1; mirror 2). McIntosh is a US-based feminist and anti-racism activist. In the paper, she enumerates dozens of daily effects of white privilege in the US. Some of the stated effects probably don’t exist in the Netherlands in 2014, but some probably do — the latter is the reason Dibi, of Moroccan descent, cites McIntosh’s work. Just think of the debate about Black Pete. Some of the effects that do exist may be mostly a problem of perception; others however will be a problem of reality. Both deserve attention. McIntosh’s list provides a useful starting point for introspection. Here is the 50-point list as included in an adapted version (mirror) of her original working paper:

1. I can if I wish arrange to be in the company of people of my race most of the time.
2. I can avoid spending time with people whom I was trained to mistrust and who have learned to mistrust my kind or me.
3. If I should need to move, I can be pretty sure of renting or purchasing housing in an area which I can afford and in which I would want to live.
4. I can be pretty sure that my neighbors in such a location will be neutral or pleasant to me.
5. I can go shopping alone most of the time, pretty well assured that I will not be followed or harassed.
6. I can turn on the television or open to the front page of the paper and see people of my race widely represented.
7. When I am told about our national heritage or about “civilization,” I am shown that people of my color made it what it is.
8. I can be sure that my children will be given curricular materials that testify to the existence of their race.
9. If I want to, I can be pretty sure of finding a publisher for this piece on white privilege.
10. I can be pretty sure of having my voice heard in a group in which I am the only member of my race.
11. I can be casual about whether or not to listen to another person’s voice in a group in which s/he is the only member of his/her race.
12. I can go into a music shop and count on finding the music of my race represented, into a supermarket and find the staple foods which fit with my cultural traditions, into a hairdresser’s shop and find someone who can cut my hair.
13. Whether I use checks, credit cards or cash, I can count on my skin color not to work against the appearance of financial reliability.
14. I can arrange to protect my children most of the time from people who might not like them.
15. I do not have to educate my children to be aware of systemic racism for their own daily physical protection.
16. I can be pretty sure that my children’s teachers and employers will tolerate them if they fit school and workplace norms; my chief worries about them do not concern others’ attitudes toward their race.
17. I can talk with my mouth full and not have people put this down to my color.
18. I can swear, or dress in second hand clothes, or not answer letters, without having people attribute these choices to the bad morals, the poverty or the illiteracy of my race.
19. I can speak in public to a powerful male group without putting my race on trial.
20. I can do well in a challenging situation without being called a credit to my race.
21. I am never asked to speak for all the people of my racial group.
22. I can remain oblivious of the language and customs of persons of color who constitute the world’s majority without feeling in my culture any penalty for such oblivion.
23. I can criticize our government and talk about how much I fear its policies and behavior without being seen as a cultural outsider.
24. I can be pretty sure that if I ask to talk to the “person in charge”, I will be facing a person of my race.
25. If a traffic cop pulls me over or if the IRS audits my tax return, I can be sure I haven’t been singled out because of my race.
26. I can easily buy posters, post-cards, picture books, greeting cards, dolls, toys and children’s magazines featuring people of my race.
27. I can go home from most meetings of organizations I belong to feeling somewhat tied in, rather than isolated, out-of-place, outnumbered, unheard, held at a distance or feared.
28. I can be pretty sure that an argument with a colleague of another race is more likely to jeopardize her/his chances for advancement than to jeopardize mine.
29. I can be pretty sure that if I argue for the promotion of a person of another race, or a program centering on race, this is not likely to cost me heavily within my present setting, even if my colleagues disagree with me.
30. If I declare there is a racial issue at hand, or there isn’t a racial issue at hand, my race will lend me more credibility for either position than a person of color will have.
31. I can choose to ignore developments in minority writing and minority activist programs, or disparage them, or learn from them, but in any case, I can find ways to be more or less protected from negative consequences of any of these choices.
32. My culture gives me little fear about ignoring the perspectives and powers of people of other races.
33. I am not made acutely aware that my shape, bearing or body odor will be taken as a reflection on my race.
34. I can worry about racism without being seen as self-interested or self-seeking.
35. I can take a job with an affirmative action employer without having my co-workers on the job suspect that I got it because of my race.
36. If my day, week or year is going badly, I need not ask of each negative episode or situation whether it had racial overtones.
37. I can be pretty sure of finding people who would be willing to talk with me and advise me about my next steps, professionally.
38. I can think over many options, social, political, imaginative or professional, without asking whether a person of my race would be accepted or allowed to do what I want to do.
39. I can be late to a meeting without having the lateness reflect on my race.
40. I can choose public accommodation without fearing that people of my race cannot get in or will be mistreated in the places I have chosen.
41. I can be sure that if I need legal or medical help, my race will not work against me.
42. I can arrange my activities so that I will never have to experience feelings of rejection owing to my race.
43. If I have low credibility as a leader I can be sure that my race is not the problem.
44. I can easily find academic courses and institutions which give attention only to people of my race.
45. I can expect figurative language and imagery in all of the arts to testify to experiences of my race.
46. I can chose blemish cover or bandages in “flesh” color and have them more or less match my skin.
47. I can travel alone or with my spouse without expecting embarrassment or hostility in those who deal with us.
48. I have no difficulty finding neighborhoods where people approve of our household.
49. My children are given texts and classes which implicitly support our kind of family unit and do not turn them against my choice of domestic partnership.
50. I will feel welcomed and “normal” in the usual walks of public life, institutional and social.

Carefully considering the suggested effects is not only beneficial to those who perceive them: society as a whole benefits when these effects do not exist. Perhaps, for instance, reducing feelings of exclusion may reduce crime and radicalization; or, stated in a positive sense, increase the number of people who are happy and productive members of society. (Just to be sure: I don’t intend to suggest that everyone who feels excluded is bound to be unproductive, radicalize, or be involved in crime.)

UPDATE 2017-07-15: different but related, it should be noted that working class citizens, including white working class, (obviously) find themselves negatively impacted by globalization and technological development; not to mention by the meritocratic rat-race that seems to be a logical consequence thereof. It doesn’t require a degree in sociology or public administration to see that those issues can affect social cohesion, including aspects related to white privilege. To cite Bertolt Brecht: “Erst kommt das Fressen, und dann kommt die Moral” — an observation relevant to people of all classes. See Stop Demonizing the White Working Class and, notably,  Joan C. Williams‘ book White Working Class – Overcoming Class Cluelessness in America (2017). And Susan Faludi’s book Stiffed: The Betrayal of American Men (2000).

EOF

Here is a list of arguments by John Young (@Cryptomeorg) on why there can be no solution to preventing communication systems abuse (adapted from source):

1. Due to the technology of cellphone systems, like the Internet, there is not likely to be a means to prevent geolocation and user data from being accessed by unauthorized parties.
2. At best there will be legal protections which cannot be technologically fulfilled.
3. It has become common for legal programs and promises of digital data protection and privacy to mislead about technological capabilities.
4. Operators of communication systems are aware of the impossibility of technological protection to fulfill legal requirements but join in the deception in order to assure customers, officials and watchdogs that protection is possible.
5. Operators of communication systems work in concert with governments to allow access beyond what is legislated, in accord with long-standing practices worldwide. [Also see James Bamford talk at 31c3: A century of secret deals between the NSA and the telecom industry]
6. Operators of communication systems also permit access to the systems by third parties under contract provisions which are customarily revealed only in part to users, and in some cases only in part to officials.
7. Most communications systems are privately owned and ran for profit, even those ostensibly owned by governments. Information about these systems is closely guarded against outside parties learning about the systems’ capabilities, including governments, and in many cases, third parties who may not know in full how their participation is used by the system operators.
8. Deception about communication systems is fundamental to guarding information about the systems from competitors, governments, third parties, rogue employees, spies and criminals, many of who work in concert.
9. Every communication system is a spying system. Digital systems are far easier to penetrate than analogue systems and thus much easier to use for spying.
10. Deception about digital systems is fundamental to their carefully guarded operation.
11. Every manufacturer of communication systems equipment is capable of being penetrated, corrupted and bribed. Undiscovered covert attacks are most lethal to the manufacturer’s survival; discovered attacks are most often concealed, denies, lied about, used against competitors, secretly sold as products by the manufacturer, by their rogue employees, by inside spies of competitors. Deception about successful attacks is fundamental to the systems’ operation.
12. The only protection against communication systems is to avoid their use. Protections of promises of encryption, proxy use, Tor-like anonymity and “military-grade” comsec technology are magic acts — ELINT, SIGINT and COMINT always prevail over comsec. The most widely trusted and promoted systems are the most likely to be penetrated, exploited, spied upon, successfully attacked, covertly compromised with faults hidden by promoters, operators, competitors, compromisers and attackers all of whom warn against the others while mutually benefiting from continuous alarms about security and privacy.
13. Avoidance of communication systems does not eliminate the exploitation of data already collected, manufacture of false data, targeting of those who avoid the systems, planting concealed tracking devices on a person, using others to track a person.

Some good thinking points.

EOF

In April 2012, the Washington Post reported Pentagon plans to fast-track acquisition of cyber weapons. Due to the rapidly changing nature of IT, conventional approaches of military acquisition are now considered too slow and cumbersome. The Pentagon dreamed up “Rapid Cyber Acquisition” in response. The remainder of this post cited some paragraphs that describe cyber acquisition by the US DoD.

Section 933 of Public Law 111-383 (.pdf, 2011) lays out the DoD’s strategy for acquisition and oversight of cyber warfare capabilities:

Subtitle D—Cyber Warfare, Cyber Security, and Related Matters

[…]

SEC. 933. STRATEGY FOR ACQUISITION AND OVERSIGHT OF DEPARTMENT OF DEFENSE CYBER WARFARE CAPABILITIES.

• (a) STRATEGY REQUIRED.—The Secretary of Defense, in consultation with the Secretaries of the military departments, shall develop a strategy to provide for the rapid acquisition of tools, applications, and other capabilities for cyber warfare for the United States Cyber Command and the cyber operations components of the military departments.
• (b) BASIC ELEMENTS.—The strategy required by subsection (a) shall include the following:
  • (1) An orderly process for determining and approving operational requirements.
  • (2) A well-defined, repeatable, transparent, and disciplined process for developing capabilities to meet such requirements, in accordance with the information technology acquisition process developed pursuant to section 804 of the National Defense Authorization Act for Fiscal Year 2010 (Public Law 111–84; 10 U.S.C. 2225 note).
  • (3) The allocation of facilities and other resources to thoroughly test such capabilities in development, before deployment, and before use in order to validate performance and take into account collateral damage and other so-called second-order effects.
• (c) ADDITIONAL ELEMENTS.—The strategy required by subsection (a) shall also provide for the following:
  • (1) Safeguards to prevent—
  • (A) the circumvention of operational requirements and acquisition processes through informal relationships among the United States Cyber Command, the Armed Forces, the National Security Agency, and the Defense Information Systems Agency; and
  • (B) the abuse of quick-reaction processes otherwise available for the rapid fielding of capabilities.
  • (2) The establishment of reporting and oversight processes for requirements generation and approval for cyber warfare capabilities, the assignment of responsibility for providing capabilities to meet such requirements, and the execution of development and deployment of such capabilities, under the authority of the Chairman of the Joint Requirements Oversight Council, the Under Secretary of Defense for Policy, and other officials in the Office of the Secretary of Defense, as designated in the strategy.
  • (3) The establishment and maintenance of test and evaluation facilities and resources for cyber infrastructure to support research and development, operational test and evaluation, operational planning and effects testing, and training by replicating or emulating networks and infrastructure maintained and operated by the military and political organizations of potential United States adversaries, by domestic and foreign telecommunications service providers, and by the Department of Defense.
  • (4) An organization or organizations within the Department of Defense to be responsible for the operation and maintenance of cyber infrastructure for research, development, test, and evaluation purposes.
  • (5) Appropriate disclosure regarding United States cyber warfare capabilities to the independent test and evaluation community, and the involvement of that community in the development and maintenance of such capabilities, regardless of classification.
  • (6) The role of the private sector and appropriate Department of Defense organizations in developing capabilities to operate in cyberspace, and a clear process for determining whether to allocate responsibility for responding to Department of Defense cyber warfare requirements through Federal Government personnel, contracts with private sector entities, or a combination of both.
  • (7) The roles of each military department, and of the combat support Defense Agencies, in the development of cyber warfare capabilities in support of offensive, defensive, and intelligence operational requirements.
  • (8) Mechanisms to promote information sharing, cooperative agreements, and collaboration with international, interagency, academic, and industrial partners in the development of cyber warfare capabilities.
  • (9) The manner in which the Department of Defense will promote interoperability, share innovation, and avoid unproductive duplication in cyber warfare capabilities through specialization among the components of the Department responsible for developing cyber capabilities.
• (d) REPORT ON STRATEGY.—
  • (1) REPORT REQUIRED.—Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall submit to the appropriate committees of Congress a report on the strategy required by subsection (a). The report shall include a comprehensive description of the strategy and plans (including a schedule) for the implementation of the strategy.
  • (2) APPROPRIATE COMMITTEES OF CONGRESS DEFINED.—In this subsection, the term ‘‘appropriate committees of Congress’’ means—
    • (A) the Committee on Armed Services, the Committee on Appropriations, and the Select Committee on Intelligence of the Senate; and
    • (B) the Committee on Armed Services, the Committee on Appropriations, and the Permanent Select Committee on Intelligence of the House of Representatives.

The DoD’s ACC Test & Evaluation Management Guide states that this strategy has been elaborated on, and mentions four cyber capability “need” timelines (2012):

[The] USD(AT&L) worked with the DoD cyber community to develop a common framework for the Services and Defense Agencies to acquire cyberspace operations capabilities.

The framework addresses requirements, acquisition, testing, and governance. To execute this new framework, the traditional defense acquisition framework will be aggressively streamlined to accommodate cyberspace operations’ quick reaction timelines, while at the same time managing risk. There are four cyber capability “need” timelines: A – less than 30 days; B – 30 days to 9 months; C – 9 to 18 months; D – greater than 18 months (likely to follow traditional acquisition processes).

An evaluation of operational risk to mission success is central to testing in all four cyberspace operations acquisition processes and will be the primary driver in determining the degree of testing appropriate for each capability. Whichever of the four processes is followed, an integrated team of testers, certifiers, and users must help develop the requirements, identify the significant operational risks, and work to address those risks through T&E. T&E of cyberspace operations capabilities must support risk management in any of the four acquisition paths by providing decision makers with credible, relevant, and efficient estimates of system and operational performance. T&E processes and products must be tailored to program need, risk, and risk tolerance; be fully integrated into capability development processes; leverage testing as a service; and efficiently synthesize developmental, operational, and specialty T&E perspectives to generate data for independent evaluation.

EOF

Om wat meer context te geven bij enkele punten uit het verlanglijstje voor de nieuwe Wiv en de toekomst van onze IVD’en, hierbij enkele notities over transparantie en geheimhouding inzake de IVD’en.

Bij niet-staatsgeheime bijzondere informatie — dus niet gerubriceerd als Stg. Confidentieel, Stg. Geheim of Stg. Zeer Geheim; maar bijvoorbeeld wel informatie die als Departementaal Vertrouwelijk wordt beschouwd — wordt gesteld dat ongeautoriseerde toegang nadeel aan de belangen van één of meer ministeries veroorzaakt. Bij staatsgeheime bijzondere informatie gaat het om schade.

De CTIVD citeert in toezichtsrapport 33 (.pdf, 2012) een fragment uit het (geheime) beveiligingsplan van de AIVD:

[Het beveiligingsplan van de AIVD] stelt het volgende:

“(…) inbreuken op de vertrouwelijkheid of veiligheid tasten de slagkracht, effectiviteit en geloofwaardigheid van de dienst aan omdat:

• bronnen, medewerkers en relaties fysieke, geestelijke of maatschappelijke schade oplopen;
• vertrouwelijke informatie wordt gecompromitteerd;
• lopende onderzoeken gefrustreerd worden;
• interstatelijke betrekkingen, politieke verhoudingen, opsporings- en vervolgingsbelangen, de privacy van individuen geschaad of verstoord worden;
• het imago van en het zorgvuldig opgebouwde vertrouwen in de AIVD aangetast worden;
• de voorbeeldfunctie van de dienst waar het gaat om veiligheid en vertrouwelijkheid niet waargemaakt wordt;
• zij een negatieve invloed hebben op de bereidheid van bronnen en relaties om samen te werken met of informatie te verstrekken aan de AIVD.“

Daarover merkt de CTIVD vervolgens op:

De voornoemde redenen zijn niet in alle gevallen op zichzelf voldoende om informatie staatsgeheim te rubriceren maar geven de ongewenste gevolgen aan van een inbreuk op de vertrouwelijkheid of veiligheid. (…)

Kortom, niet elke denkbare reden voor geheimhouding automatisch een legitieme reden. Waarvan akte.

In het hoofdstuk Tool 3: Intelligence Transparency, Secrecy, and Oversight in a Democracy (.pdf) van de publicatie  Overseeing Intelligence Services: A Toolkit (2012, eds.: Hans Born & Aidan Wills) stelt professor Laurie Nathan een aantal dingen over transparantie. Ter inleiding:

On the one hand, certain aspects of the intelligence community and its activities must be kept secret in order to avoid compromising operations and the lives of intelligence officers and their sources. On the other hand, secrecy is antithetical to democratic governance; it prevents full accountability; and it provides fertile ground for abuse of power, illegality, and a culture of impunity.

Nathan betoogt dat het perspectief “het vinden van een balans tussen geheimhouding en transparantie” een verkeerd perspectief is:

Since openness is a necessary condition of democratic governance and protection of human rights, the challenge in the world of intelligence should not be defined as “finding the right balance between secrecy and transparency.” Rather, secrecy should be regarded as an exception that in every case demands a convincing justification. Whereas the emphasis of intelligence communities throughout the world is on secrecy with some exceptions, in democratic societies the emphasis ought to be on openness with some exceptions. This is a matter of both principle and pragmatic imperative. There is ample historical evidence that power is more likely to be abused, and human rights are more likely to be violated, in conditions of secrecy than in an open political environment. Openness permits effective oversight by parliament and scrutiny by the media and vigilant civil society groups, providing a basis for detecting illegality and misconduct and thereby for preventing the emergence of a culture of impunity.

Een frisse zienswijze. Nathan stelt verder dat “nationale veiligheid”, zonder nadere specificatie, geen acceptabele grond is voor geheimhouding. (NB: voor een uitgebreide Nederlandse verhandeling over “nationale veiligheid” in relatie tot mensenrechten, zie het proefschrift Mensenrechten en staatsveiligheid uit 2005 van jurist Jan-Peter Loof; waarin Loof onder meer betoogt dat er geen betekenisvol verschil valt te maken tussen tussen “nationale veiligheid” en “staatsveiligheid” — iets dat de WIV2002 wel doet.) Nathan citeert een uitspraak uit 1971 van het Amerikaanse hooggerechtshof:

The word ‘security’ is a broad, vague generality whose contours should not be invoked to abrogate the fundamental law embodied in the First Amendment [dealing with freedom of speech]. The guarding of military and diplomatic secrets at the expense of informed representative government provides no real security for our Republic.

Nathan stelt verder het volgende over “nationale veiligheid”:

In a democracy the term “national security” should cover the security of the country, its system of government, its values, and all persons under the jurisdiction of the state. It consequently provides a compelling basis for openness rather than secrecy. It is not something that has to be balanced against human rights and freedoms. A democratic approach to national security encompasses and embraces human rights and freedoms.

Geheimhouding zou volgens Nathan moeten worden gemotiveerd met “specific and significant harm that might arise from the public disclosure of information”, en beperkt tot de volgende gebieden:

• de identiteit van inlichtingenofficieren, informanten en agenten;
• de technische details van operationele methoden;
• de details van bescherming van belangrijke personen;
• huidige operaties en onderzoeken;
• de identiteit en persoonsgegevens van targets.

Dit lijstje dekt niet alle gevallen waarin een terecht beroep op geheimhouding kan worden gedaan: zo ontbreekt aandacht voor belangen van bondgenoten. Maar Nathan brengt ons wel terug naar de kern van de zaak.

Nathan geeft een reeks aanbevelingen over transparantie waarvan ten minste de volgende ook in Nederland de moeite van het overdenken waard lijken:

• The legislation should acknowledge explicitly the importance of transparency and access to information as fundamental principles of democracy that promote human rights and freedoms, good governance, public accountability, and informed debate. The legislation should state that classification of information is consequently an exceptional measure that ought to be used sparingly.
• The criteria for classifying information should indicate that significant harm might arise with a reasonable degree of certainty in the event of public disclosure. The legislation should not permit resort to secrecy on the nebulous grounds of “national security” or “national interest.”
• The legislation should create an obligation on the executive to take steps to promote and facilitate public access to state-held information including, as discussed below, information on the intelligence services.

In de nieuwe Wiv moet méér dan in het huidige Hoofdstuk 4 van de Wiv2002 worden geregeld aan transparantie. Een paragraaf over actieve openbaarheid van (betekenisvolle en ondubbelzinnige) cijfermatige transparantie over de inzet van bijzondere bevoegdheden zou een mooi begin zijn: het stelt de samenleving en het volledige parlement — niet alleen de besloten Tweede Kamer-commissie — in staat een vinger aan de pols te houden van de omvang van de juridisch toegelaten inbreuken die de diensten op onze grondrechten maken. Want vergeet niet: de nieuwe Wiv kan (in zekere zin) elke burger raken.

EOF