Currently, Dutch parliament is doing everything they can to get a dragnet surveillance bill approved before the elections on 15 March 2017. If they succeed, soon the online communications of Dutch citizens can, on a massive scale, get caught up in the secret services’ dragnet. So what’s happened since the last time we reported to you on this subject?
In September 2016, Rob Bertholee, head of the General Intelligence and Security Service of the Netherlands (AIVD) gave a notorious interview, in which he stated that he was fed up with discussions about privacy. A month later, and despite a serious backlash, Minister Ronald Plasterk decided to advance his plans to carry out bulk interception of innocent citizens’ communications: he sent the definitive dragnet bill for the new Intelligence and Security Services Act to the House of Representatives.
Oversight Committee finds proposal insufficient
The Review Committee on the Intelligence and Security Services (CTIVD) assessed the bill in an extensive report published in November 2016. In this report, the CTIVD painstakingly shows that essential safeguards like data limitation and duty of care regarding the quality of data analyses are missing in the current proposal. In addition, the CTIVD ruled that the oversight of the secret services needs to be significantly improved in order to be effective.
The House of Representatives discussed the proposal shortly before the Christmas recess. A discussion between the oversight committee, a private meeting with the services themselves, and a hearing with several experts and private parties took place. There was a lot of criticism towards the bill.
Hearing with experts and companies
During the hearing with experts and public parties, a broad spectrum of organisations sharply criticised the proposal. In an impassioned plea, the vice-chairman of the Dutch Data Protection Authority (DPA) criticised parliament’s plans for instating a dragnet, the hacking of third parties, and the exchange of intelligence with foreign agencies. He called the term “investigation assignment-focused interception”, meant to describe the dragnet, which must be a candidate for the prize of euphemism of the year.
In an extensive written response, the DPA further elaborates on why the necessity for the proposed expansion of powers has been insufficiently argued. In addition, the DPA states that the powers are insufficiently well known and predictable for citizens, that they lack safeguards, and that truly independent and effective oversight of the services is still lacking. In other words, it is patently illegal under basic international legal principles.
On behalf of a large group of researchers, Professor of Media and Telecommunications Law Nico van Eijk elaborated an analysis of the flaws in the proposed surveillance bill and its lack of transparency. In addition, the Scientific Council for Government Policy (WRR) raised concerns regarding the danger of chilling effects as a consequence of the proposed expansion of powers.
The companies present were also very critical – not only concerning the impact that the dragnet might have on their businesses, but also on their users. For example, Microsoft clearly opposed the creation of a dragnet by stating: “[N]on-directional collection of data is disproportionate and harms the privacy of users and their trust in our technology”.
Criticism from the House of Representatives
As a result of all the meetings, the lower house presented the cabinet with over 52 pages of questions concerning the proposal. Many of those questions concern the untargeted nature of the dragnet, the relevance and retention period of the collected data, the quality of data analyses, and oversight of the agencies. The 52 pages of questions have now been met with 110 pages of answers. These prove mainly to be reiterations of previous assertions and in no way succeed to assuage the concerns that have been expressed. The Dutch government is doing its best to cover up the fact that the implementation of the dragnet means implementation of mass surveillance, and continues to call the new power “investigation assignment-focused interception”. Minister Ronald Plasterk has even proceeded to abbreviate the term to the apposite and deeply ironic Orwellian “OOG” (“eye” in Dutch).
What will happen in the coming weeks?
During a procedural hearing on Thursday 19 January 2017, it was decided that the bill would be discussed next in a lower house plenary, meaning that it will most probably only be discussed one more time before proceeding to a vote. The plenary will take place on 8 February and the voting will take place one week later.
Dutch dragnet surveillance bill leaked (04.05.2016)
‘Threat hasn’t been this high in years’ – Interview Rob Bertholee, chief of the domestic security services (only in Dutch, 17.09.2016)
Head of Dutch security service is fed up with privacy concerns (19.09.2016)
Critique and questions about bill for for a new Intelligence and Security Services Act: what will the cabinet do? (only in Dutch, 05.01/2017)
Reaction Autoriteit Persoonsgegevens to the bill for a new Intelligence and Security Services Act (only in Dutch, 15.12.2016)
Text contribution prof. dr. Nico van Eijk (Director of the Institute for Information Law, University of Amsterdam) during the hearing of the commission for the Ministry of the Interior (only in Dutch, 15.12.2016)
Scientific Council for Government Policy (only in Dutch, 15.12.2016)
Position paper Microsoft: Hearing Intelligence and Security Services Act (only in Dutch, 15.12.2016)
(Contribution by David Korteweg, EDRi member Bits of Freedom, the Netherlands; translation by Maren Vos)