On June 23rd 2015, the Dutch Minister of the Interior submitted the outlines of the 2015 year plan (in Dutch) of the General Intelligence & Security Service (AIVD) to the parliament.

The idea of a “year plan” was proposed by the oversight committee (CTIVD), and is intended to inform intelligence consumers, stakeholders, the parliament and society about what they can expect from the AIVD in the next year. Due to the nature of it contents, the year plan itself is a state secret. The year plan has been discussed with, and approved by, the government’s Council for the Intelligence & Security Services (RIV) on June 9th 2015, and was subsequently accepted by the cabinet. The present letter from the minister, the first of its kind, is referred to in Dutch as “Jaarplanbrief”, which (literally) translates to “Year Plan Letter”. It is scheduled as input, among other inputs, for the parliamentary General Meeting on intelligence & security services’ affairs that will take place on July 1st 2015  [postponed to September 2nd 2015].

The cabinet is currently preparing an intelligence bill that will, besides change the oversight framework and safeguards, grant the AIVD and the Military Intelligence & Security Service (MIVD) to perform unspecific (bulk) interception of cable communications. That bill is yet to be released into public consultation (it will appear here); the letter below precedes it.

The remainder of this post consists of a translation of that letter; hyperlinks are mine.

National security and the role of the AIVD

Security is a core task of the government. The AIVD ensures national security by timely identification of threats, (political) developments and risks that are not immediately visible. To this end, the AIVD carries out domestic and foreign investigations, taking into account the safeguards of the Dutch Security & Intelligence Act of 2002 (.pdf) (Wiv2002). Collecting and interpreting intelligence is not an objective on and by itself. It is an essential condition to thwart terrorist attacks, disrupt terrorist traveling, detect espionage, and, more generally, support government policy to protect the democratic rule of law and other important state interests. The AIVD shares specific knowledge and information with its partners (for instance public administrators, policy makers, the National Police) and instigates other organizations to act.

AIVD year plan on the basis of Integrated Intelligence & Security Policy (Dutch: “Geïntegreerde Aanwijzing I&V”)

The AIVD Year Plan 2015 is, for the first time, based on the system of an Integrated Intelligence & Security Policy [“GA I&V”, abbreviating its Dutch title, “Geïntegreerde Aanwijzing Inlichtingen & Veiligheid”], as introduced following the cabinet response to the review of the Wiv2002 [by the Dessens Committee] (Parliamentary Papers, 2013-2014, 33 820, nr. 2). Although the GA I&V will not have a formal legal basis until the Wiv2002 has been changed, the cabinet has decided to start using the system this year. The GA I&V describes the needs of intelligence consumers concerning various themes and focus areas, and is, from now on, the basis for the year plans of the AIVD and the MIVD. The accompanying Year Plan Letter intended for the parliament will as of 2016 be available before January 1st of each year, in accordance with the motion filed by Van der Staaij c.s. (Parliamentary Papers, 2014-2015, 29 754, nr. 295).

Strengthening of AIVD budget

On June 30th 2014 the cabinet decided to grant a structural addition of EUR 25 million to the AIVD budget as of 2015. Reason for this budget increase was the changing threat landscape. Worrying developments happened both nationally and internationally. The intensification is meant for investigations concerning the threat from persons traveling to Syria for jihad, developments in Iraq, and developments concerning instability in the Middle-East and the outside borders of Europe. Intensification was also necessary concerning cyber threats.

On February 25th 2015 the cabinet decided on a new strengthening of the security chain. This concerns the prolonged nature of the worsened threat landscape concerning jihadism. This strengthening enables the services and organizations involved to counter the jihadist threat in the coming years. The structural addition to the AIVD’s budget increases in phases up to EUR 40 million a year per 2020. The AIVD’s budget is then EUR 230 million. This enables the structural strengthening of the investigation capability concerning radicalization and counter-terrorism, without harm to other important investigations (left-wing and right-wing extremism, foreign intelligence).

The AIVD Year Plan 2015 establishes the priorities and accents, as reflected in this Year Plan Letter, considering the aforementioned strengthening.

Priorities and accents of AIVD investigations

Concerning the legal tasks of the AIVD, insight is given below into the priorities and accents that are put central in 2015 in each focus area:

Jihadist terrorism

The Netherlands has a terrorist threat level that is qualified as “substantial” [explanation] since March 2013. Approximately 200 jihadists have left the Netherlands to join the fight in Syria and Iraq. Furthermore, a number of persons with a Dutch background support the jihad in other conflict zones, such as Somalia. They train, and obtain knowledge, expertise and fighting experience, and get into contact with local, regional and international terrorist groups. They are a threat for the (regimes in the) countries concerned, but often also for the Western interests there. When these jihadists return to the Netherlands, they are a potential threat. Part of these persons can continue their terrorist activities in the Netherlands.

There is also a threat from jihadist groups that are active in various countries, and that also have an international agenda. The most well-known organizations are core al-Qa’ida (AQ core), the related groups AQAS (AQ on the Arabian Peninsula), AQIM (AQ in the Islamic Maghreb), al-Shabaab (Somalia) and Jabhat al-Nusra (Syria). Besides that, the Islamic State in Iraq and al-Sham (ISIS) intends to carry out attacks in the West. The increasing role of old, transnational jihadist networks that were active in the 1990s is also worrying. Active veterans seem to increasingly put themselves forward as facilitators for a new generation of jihadists. These veterans have the right contacts to have a supporting role to groups with an international agenda.

The jihadist threat against the West is currently also stems from individuals who are not associated with a particular group, and who have or have not traveled abroad. Sympathizers are used worldwide to carry out relatively simple attacks. The attacks in Paris and Copenhagen are examples, and can inspire radical muslims to carry out similar terrorist activities. Moreover, the attacks in Paris make clear that various independent elements can come together: individuals, sympathizers, diffuse local networks, relations with and inspiration from old transnational networks and persons sympathizing with rival jihadist groups, but who nonetheless on their own grasp opportunities to carry out attacks nearly simultaneously and jointly.

Furthermore, jihadists who’s travels are disrupted can pose a threat to the West. The attacks that were carried out in Canada and Australia in the Fall of 2014 and can be related to ISIS illustrate this threat. In the Netherlands as well, signs exist that a threat can exist from jihadists who’s travels were disrupted.

The AIVD’s efforts are aimed at timely identification of the aforementioned national and international jihadist threats, to provide operational perspectives to the relevant government organization(s). Besides that, efforts are aimed at contributing to the prevention of Dutch youngsters traveling abroad to conflict zones, and at identifying the threat from (returned) jihad fighters. The AIVD also attempts to impede the supporting and recruiting activities for participation in the international violent jihad. Naturally, the AIVD can not act alone concerning jihadi terrorism, and active cooperation takes place with other organizations, such as the NCTV, the National Police, the Public Prosecution Service, the municipalities and Child Protective Services. Also, international cooperation takes place with foreign intelligence and security services.

Radicalization and extremism

Radicalization of various groups in the Dutch public is reason for concern to the AIVD, and reason for the intensification of the investigation. Recent developments in, among others, the Middle-East have effects that stretch to the Netherlands. In the last two years, a large number of people traveled to the conflict in Syria and Iraq. A far larger number feels involved in this conflict, for personal or ideological reasons. The attraction of jihadism has various consequences.

The public AIVD report Transformation of jihadism in the Netherlands (.pdf, 2009) points out the potential threat from the broad group of sympathizers and supporters of radical islam in the Netherlands, who are not immediately involved with or can not be related to actual jihadist activities, but who create support and growing potential. It is therefore important to have good insight into radicalization processes among this group. Not only the strong momentum that the jihadi movement has gained is reason for serious concern. Also the growth of a different specific form of radical islam, dawa-salafism, is an increasing risk. Dawa-salafism has in recent years taken more ground in the islamic landscape of the Netherlands, both physically and online. Preachers who work outside the established dawa-salafist organizations loudened the intolerant and anti-democratic message that dawa-salafism and jihadism share. The voices of established salafist preachers have hardened. The resistance that established dawa-salafist organizations claimed they could offer against jihadism is decreased partially because of that.

The threat from (the growth of) radical islam in the Netherlands is twofold: on the one hand, this growth can lead to violence in the form of jihadist terrorism, on the other hand it can itself form a threat to the democratic rule of law because of the intolerant and anti-democratic message that is spread. The AIVD investigates both types of threat. The investigation into persons and organizations who spread jihadist thoughts helps in timely insight into jihadists, and facilitates the AIVD research into the focus of investigations into jihadist terrorism. The investigation into non-jihadist radical islam helps, among others, the NCTV, the local governments and other relevant organizations in taking measures against individuals who promote anti-integrative and intolerant isolationism.

The left-wing extremism in the Netherlands in characterized by erratic developments, with sometimes large peaks in intensity and threat. In the right-wing extremism, a form of hardly organized and unstructured ‘new’ right-wing extremism is developing next to the some remaining small ‘classic’ right-wing extremist groups. The latter involves ‘anti-islamic’ persons and groups who often ad hoc focus on (alleged) islamist excesses. Besides the actual threat from this, the perceived threat and the societal unrest must be taken into account that follows from that as a result of inflation of the threat from right-wing extremism by left-wing activists and extremists from their anti-fascist viewpoint. The interpretation of the factual threat that the AIVD recognizes from left-wing extremism and right-wing extremism is essential in providing an operational perspective for local and national officials.

Proliferation of WMDs

WMDs potentially pose a significant threat for international peace and security. The Netherlands has signed treaties aimed at countering proliferation of such weapons. The joint Unit Counterproliferation (UCP) of the AIVD and MIVD investigates countries that are suspected of — in violation of international treaties — pursuing WMDs and  means of transfer, or already possess those. The efforts of the AIVD and MIVD are aimed at obtaining an independent information position concerning WMD programs in risk countries, so as to inform the Dutch government. Acquisition activities by or on behalf of risk countries via the Netherlands is countered. This prevents that Dutch companies knowingly or unknowingly contribute to the proliferation of (parts of) WMDs.

Investigations into states

Considering the uncertain and unpredictable international environment and the risks involved for international peace and security, intelligence is of vital importance to the establishment of Dutch foreign policy. The AIVD’s investigations into states are carried out to provide the government with background information and an operational perspective, and to use it in consultations on topics that affect the Dutch national and international political interests. The investigations into states are increasingly related to the AIVD’s security tasks. For a number of states, a joint intelligence need is defined by intelligence consumers in the GA I&V for the AIVD and MIVD. The execution of these investigations takes place in close (operational) cooperation and consultation with the MIVD.

(Digital) espionage and cyber threats

The AIVD carries out structural investigations into foreign intelligence activities (espionage) that take place in the Netherlands or are targeted at Dutch interests. This investigation is aimed at identifying and disrupting unwanted activities through independent AIVD action, or by providing operational perspectives to the relevant authorities.

Concerning digital espionage, the AIVD has in recent years observed various digital attacks aimed at espionage and gathering vulnerable and valuable (political, military, economical and technical) information. Examples are numerous, and the threat and damage is significant. Additionally, digital attacks aimed at sabotage or societal disruption can be involved. Digital attacks such as Flame, Shamoon and Stuxnet, but also less advanced attacks such as DDoS attacks showed in recent years how (parts of) vital sectors can be disrupted or damaged. A significant problem of cyber attacks is that they can often be difficult to trace to a perpetrator or whoever commissioned the attack, and that they can be deployed from and via nearly every country. The AIVD investigates cyber attacks, and if necessary in cooperation with the National Cyber Security Center (NCSC).

Promoting protection and the guarding and security of designated property and services

On the area of the promotion of measures to protect designated interests, the efforts of the AIVD are aimed at promoting measures for protecting processes, organizations and sectors that are important for national and economical security. This involves, for instance, the protection of vital parts of government and the private sector from terrorism, but also the protection of data that is classified on grounds of national security. The AIVD’s efforts are also aimed at informing the government and (vital) private parties about threats and risks, and at providing recommendations for the purpose of taking adequate protective measures. Furthermore, threat analyses are made for the NCTV’s Counterterrorism Alert system (ATb). The NL-NCSA (NBV), part of the AIVD, advises the national government about information security, for instance concerning preventive measures for detection of and response to security breaches. The AIVD also, at request, evaluates security products before they are used by the national government.

Concerning the guarding and security of designated property and services, the AIVD provides insight into the (potential) threat against politicians, the government, diplomatic representatives, international organizations and large-scale events. This information is provided to the NCTV in the form of threat estimates, threat analyses and risk analyses, and the NCTV then decides about security measures. This task has immediate relations to other investigation objectives, including with regard to radicalization and extremism.

Other AIVD priorities and accents

The other priorities and accents for the AIVD in 2015, including with regard to security screenings and business operations, are discussed below:

Security screenings and designated jobs

Since this year a new, re-calibrated method is used for designating trust positions, and for carrying out security screenings. Only positions that can cause serious and plausible damage to national security are designated as trust positions. Also, the legal principle is that security screenings are the breech block of security, among others because of the privacy infringement involved. In the execution of security screenings, the protection of national security is leading. Research in AIVD systems is the basis of each security screening, in which the nature of the threat recognized by the AIVD determines which information is most relevant. It is intended that at least 90% of the security screenings are completed within the legal term of eight weeks.

Following a recent change of law, the costs of security screenings for private sector appointments can charged to the private requester. This has already been implemented in 2013 for screenings for public sector appointments. In 2015, a cooperation model is developed within the exploratory inquiry into a joint AIVD/MIVD unit for carrying out security screenings. A joint unit should be established by 2017 at the latest.

Inflow of new staff

In the coming years, the inflow of new (operational) personnel will have high priority in the AIVD’s business operations. On the one hand, this new personnel results from the budget increases decided on by the cabinet, on the other hand from vacancies following from the completion of the reorganization per January 1st 2015. A task force has been established within the AIVD for the purpose of optimizing the chain of personnel flow and inflow, for instance concerning recruitment, security screenings, facilities, training and education.

Information provisioning and IT

The AIVD is highly dependent on timely and secure information provisioning. For that reason, it is necessary to make significant investments in renewal of IT. This need is increased as result of the AIVD having to process more data to determine the behavior of targets, of the fact that the AIVD must be present with systems on more locations, and the fact that data processing is increasingly threatened by new forms of cyber attacks. The focus within IT is unabated the continuous assurance of the continuity of IT systems and the renewal and further development of (operational) IT systems.

Inquiry into co-location AIVD and MIVD

At the end of 2014, and interdepartmental project started in which, in cooperation between the ministries of General Affairs, Defense and the Interior, it is investigated to what extent, and under what conditions, it is possible to accommodate the AIVD and the MIVD jointly on the Frederikskazerne. In the summer of 2015, the outcomes of the preliminary investigation on housing will be presented, after which, depending on the outcomes, further decisions will be made.

Follow-up on investigation by Court of Auditors

On May 19th 2015, the Court of Auditors published the report “Budget cuts and intensifications at the AIVD” (.pdf, in Dutch) [note: that report qualifies an earlier EUR 68 million budget cut — a third of the AIVD’s annual budget — as irresponsible]. In the cabinet’s response (.pdf, in Dutch) to this report, it was promised that the targeted investments by the cabinet in the AIVD and the GA I&V will be developed into a multi-year implementation plan. This plan will be delivered by the AIVD in 2015. Education, informatization and permanent innovation will be addressed in assuring this multi-year perspective.

Reports and accountability

Through this Year Plan Letter I provided insight in the priorities and accents for the AIVD in 2015, also in relation to the budget and the cooperation with (chain) partners in the security domain. Public accountability for the execution of the Year Plan will take place in the departmental annual report of the Ministry of the Interior, and in the AIVD’s own annual report. The AIVD will report ad interim about the progress of the Year Plan via, among others, four-monthly progress reports. These progress reports will be shared and discussed with the House Committee for the Intelligence & Security Services. 

EOF

The Dutch National Police website reports (in Dutch) that five persons have been arrested as suspects in a million euro ‘car phishing’ scam. Here is a translation of that report:

EOF

BNR Newsradio reports that the Dutch Data Protection Authority (DPA) rejects the idea of matching online searches made from school computers for jihad-related phrases. Here is a translation of that report (hyperlinks are mine):

The Dutch Data Protection Authority (DPA) sees nothing in placing anti-jihad software on school computers. It is too infringing on pupils’ privacy.

The software can track whether pupils use the school computer to search for jihad-related phrases. The Importunus Foundation is currently developing such a system, supported by the Ministry of Education. The system is in fact developed to fight cyberbullying, but is now extended to address radicalization.

The DPA finds that such software is too infringing on pupils’ privacy. Pupil organization LAKS also does not approve of the plan.

Wilbert Tomesen, vice chairperson of the DPA: “If the eventual idea is a sort of massive tracking system for children — innocent pupils — then that is a massive privacy infringement (…). The first question should be: is this, in this relation and in this context, really necessary? Are alternative methods available?”

Dragnet

When asked about his primary objection, Tomesen says: “The eventual consequence is that a dragnet is thrown over the deepest depths of human communication.”

Tomeses emphasizes that he does take the risks of radicalization into account. “Every sane person believes that schools should keep their eyes and ears open, and must be alert for radicalization. The next question is: is this the right means?”

The Importunus Foundation states to have close contact with the DPA about the system. “Well, not about this”, Tomesen responds, “We have contact with Importunus about their anti-bullying program. (…) We have certainly not discussed this program.”

For further reading on radicalization, see this lengthy blogpost (in Dutch).

EOF

The FBI website has had an informative page on elicitation techniques. In the spirit of LOCKSS, I hereby keep a copy below.

Elicitation Techniques

Download print version (.pdf)

This brochure is an introduction to elicitation and elicitation techniques. Understanding the techniques and the threat may help you detect and deflect elicitation attempts.

Elicitation is a technique used to discreetly gather information. It is a conversation with a specific purpose: collect information that is not readily available and do so without raising suspicion that specific facts are being sought. It is usually non-threatening, easy to disguise, deniable, and effective. The conversation can be in person, over the phone, or in writing.

Conducted by a skilled collector, elicitation will appear to be normal social or professional conversation. A person may never realize she was the target of elicitation or that she provided meaningful information.

Many competitive business intelligence collectors and foreign intelligence officers are trained in elicitation tactics. Their job is to obtain non-public information. A business competitor may want information in order to out-compete your company, or a foreign intelligence officer may want insider information or details on US defense technologies.

Elicitation Defined

The strategic use of conversation to extract information from people without giving them the feeling they are being interrogated.

Elicitation attempts can be simple, and sometimes are obvious. If they are obvious, it is easier to detect and deflect. On the other hand, elicitation may be imaginative, persistent, involve extensive planning, and may employ a co-conspirator. Elicitors may use a cover story to account for the conversation topic and why they ask certain questions.

Elicitors may collect information about you or your colleagues that could facilitate future targeting attempts.

Elicitation can occur anywhere— at social gatherings, at conferences, over the phone, on the street, on the Internet, or in someone’s home.

Elicitation is Not Rare

It is not uncommon for people to discover information about a person without letting on the purpose. For example, have you ever planned a surprise party for someone and needed to know their schedule, wish list, food likes and dislikes or other information without that person finding out you were collecting the information or for what purpose? The problem comes when a skilled elicitor is able to obtain valuable information from you, which you did not intend to share, because you did not recognize and divert the elicitation.

Why Elicitation Works

A trained elicitor understands certain human or cultural predispositions and uses techniques to exploit those. Natural tendencies an elicitor may try to exploit include:

• A desire to be polite and helpful, even to strangers or new acquaintances
• A desire to appear well informed, especially about our profession
• A desire to feel appreciated and believe we are contributing to something important
• A tendency to expand on a topic when given praise or encouragement; to show off
• A tendency to gossip
• A tendency to correct others
• A tendency to underestimate the value of the information being sought or given, especially if we are unfamiliar with how else that information could be used
• A tendency to believe others are honest; a disinclination to be suspicious of others
• A tendency to answer truthfully when asked an “honest” question
• A desire to convert someone to our opinion

For example, you meet someone at a public function and the natural getting-to-know-you questions eventually turn to your work. You never mention the name of your organization. The new person asks questions about job satisfaction at your company, perhaps while complaining about his job. You may think, “He has no idea where I work or what I really do. He’s just making idle chat. There’s no harm in answering.” However, he may know exactly what you do but he relies on his anonymity, your desire to be honest and appear knowledgeable, and your disinclination to be suspicious to get the information he wants. He may be hunting for a disgruntled employee who he can entice to give him insider information.

Techniques

There are many elicitation techniques, and multiple techniques may be used in an elicitation attempt. The following are descriptions of some of those techniques.

Assumed Knowledge: Pretend to have knowledge or associations in common with a person. “According to the computer network guys I used to work with…”

Bracketing: Provide a high and low estimate in order to entice a more specific number. “I assume rates will have to go up soon. I’d guess between five and 15 dollars.” Response: “Probably around seven dollars.”

Can you top this? Tell an extreme story in hopes the person will want to top it. “I heard Company M is developing an amazing new product that is capable of …”

Confidential Bait: Pretend to divulge confidential information in hopes of receiving confidential information in return. “Just between you and me…” “Off the record…”

Criticism: Criticize an individual or organization in which the person has an interest in hopes the person will disclose information during a defense. “How did your company get that contract? Everybody knows Company B has better engineers for that type of work.”

Deliberate False Statements / Denial of the Obvious: Say something wrong in the hopes that the person will correct your statement with true information. “Everybody knows that process won’t work—it’s just a DARPA dream project that will never get off the ground.”

Feigned Ignorance: Pretend to be ignorant of a topic in order to exploit the person’s tendency to educate. “I’m new to this field and could use all the help I can get.” “How does this thing work?”

Flattery: Use praise to coax a person into providing information. “I bet you were the key person in designing this new product.”

Good Listener: Exploit the instinct to complain or brag, by listening patiently and validating the person’s feelings (whether positive or negative). If a person feels they have someone to confide in, he/she may share more information.

The Leading Question: Ask a question to which the answer is “yes” or “no,” but which contains at least one presumption. “Did you work with integrated systems testing before you left that company?” (As opposed to: “What were your responsibilities at your prior job?”)

Macro to Micro: Start a conversation on the macro level, and then gradually guide the person toward the topic of actual interest. Start talking about the economy, then government spending, then potential defense budget cuts, then “what will happen to your X program if there are budget cuts?” A good elicitor will then reverse the process taking the conversation back to macro topics.

Mutual Interest: Suggest you are similar to a person based on shared interests, hobbies, or experiences, as a way to obtain information or build a rapport before soliciting information. “Your brother served in the Iraq war? So did mine. Which unit was your brother with?”

Oblique Reference: Discuss one topic that may provide insight into a different topic. A question about the catering of a work party may actually be an attempt to understand the type of access outside vendors have to the facility.

Opposition/Feigned Incredulity: Indicate disbelief or opposition in order to prompt a person to offer information in defense of their position. “There’s no way you could design and produce this that fast!” “That’s good in theory, but…”

Provocative Statement: Entice the person to direct a question toward you, in order to set up the rest of the conversation. “I could kick myself for not taking that job offer.” Response: “Why didn’t you?” Since the other person is asking the question, it makes your part in the subsequent conversation more innocuous.

Questionnaires and Surveys: State a benign purpose for the survey. Surround a few questions you want answered with other logical questions. Or use a survey merely to get people to agree to talk with you.

Quote Reported Facts: Reference real or false information so the person believes that bit of information is in the public domain. “Will you comment on reports that your company is laying off employees?” “Did you read how analysts predict…”

Ruse Interviews: Someone pretending to be a headhunter calls and asks about your experience, qualifications, and recent projects.

Target the Outsider: Ask about an organization that the person does not belong to. Often friends, family, vendors, subsidiaries, or competitors know information but may not be sensitized about what not to share.

Volunteering Information / Quid Pro Quo: Give information in hopes that the person will reciprocate. “Our company’s infrared sensors are only accurate 80% of the time at that distance. Are yours any better?”

Word Repetition: Repeat core words or concepts to encourage a person to expand on what he/she already said. “3,000 meter range, huh? Interesting.”

Deflecting Elicitation Attempts

Know what information should not be shared, and be suspicious of people who seek such information. Do not tell people any information they are not authorized to know, to include personal information about you, your family, or your colleagues.

You can politely discourage conversation topics and deflect possible elicitations by:

• Referring them to public sources (websites, press releases)
• Ignoring any question or statement you think is improper and changing the topic
• Deflecting a question with one of your own
• Responding with “Why do you ask?”
• Giving a nondescript answer
• Stating that you do not know
• Stating that you would have to clear such discussions with your security office
• Stating that you cannot discuss the matter

If you believe someone has tried to elicit information from you, especially about your work, report it to your security officer.

EOF