On November 21, 2014, the Dutch Ministry of the Interior and Relations within the Realm (Ministerie van Binnenlandse Zaken en Koninkrijksrelaties), sent a message to Parliament about the — in their view — necessary changes that need to be made to the Wet op de inlichtingen- en veiligheidsdiensten (Wiv) 2002 (Intelligence and Security Act 2002). The old law (Wiv 2002), differentiates between cable-bound and non-cable-bound (as in: satellite or radio) communications, and gives the intelligence agencies different powers for each of these two cases. In general, under the old law, according to Article 27, it’s legal for the AIVD and MIVD to bulk-intercept non-cable-bound communications. It isn’t legal for them to do so for cable-bound communications (as in: internet fibre optic cables, etc.) In this latter case, of cable-bound communications, it’s only legal for them to intercept the communications of specific intelligence targets (as put forward in Articles 25 and 26). In the case of targeted surveillance, the intercepted information can come from any source.
The Dessens Committee concluded (PDF, on pages 10 and 11) that this distinction between the various sources of the communication (cable vs non-cable) is no longer appropriate in the modern day and age, where the largest chunk of the communications in the world travel via cables. The way the cabinet wants to solve this problem is by changing the law such that the AIVD and its military sister MIVD can lawfully intercept cable-bound communications in bulk, expanding their powers significantly. So, in other words, the Dutch government is planning to go full TEMPORA (original source PDF courtesy of Edward Snowden), and basically implement what GCHQ has done in the case of Britain: bulk intercept everything that goes across the internet.
Why does this matter?
This matters because by bulk-intercepting everything that goes across the internet, the communications of people who aren’t legitimate intelligence targets get intercepted and analysed as well. By intercepting everything, no-one can have any expectation of privacy on the internet anymore, except when we all pro-actively take measures (like using strong encryption, Tor, OTR chat, VPNs, using free/open source software, etc.) to make sure that our privacy is not being surreptitiously invaded by the spooks. It is especially important to do this when there isn’t any proper democratic oversight in place, which could stop the AIVD or MIVD from breaking the law, and provide meaningful oversight and corrections to corrupting tendencies (after all, as we all know, power corrupts).
Also, the Netherlands is home to the second-largest internet exchange in the world, the Amsterdam Internet Exchange (Ams-IX), second only to the German exchange DE-CIX in Frankfurt. So a very large amount of data goes across Ams-IX’s cables, and this makes it interesting from an intelligence point of view to bulk-intercept everything that goes across it. This was previously not allowed in the Netherlands. Now, of course, if the AIVD wanted access to these bulk-intercepts, it could simply ask its sister organisation GCHQ in Britain. There is a lively market for sharing intelligence in the world. For instance, in many jurisdictions where it would be illegal for a domestic intelligence agency to spy on their own citizens, a foreign intelligence agency has no such limitations, and can then subsequently share the gained intel with the domestic intelligence agency. But now, they are building their own capacity to do this in Amsterdam on a massive scale.
In terms of intelligence targets, the AIVD currently focuses on jihadists, Islamic extremists, and due to their historical tendencies still left over from the BVD-era, left-wing activists. The BVD’s surveillance on the left-leaning portion of the Dutch population was legendary.
Legalising certain practices of intelligence agencies is something that we see more and more, which is what happens here.
Lawyer-client confidentiality routinely broken
A few weeks ago, I read on RT that MI5, MI6 and GHCQ routinely snoop on lawyers’ client communications. In the Netherlands, lawyer-client communications are routinely intercepted by police, prison administrations, and intelligence agencies. In a normal criminal case with the police or prisons doing the intercepting, this is illegal, and any intel gained isn’t supposed to end up in court documents. But in the case of intelligence agencies doing the intercepting, this is currently legal since there are no legal provisions prohibiting the Dutch intelligence community from not recording and analysing lawyer-client communications. But in a few occasions, these communications did end up in court documents. This strongly indicates that these communications are routinely intercepted and analysed. There is in fact a whole IT infrastructure in place to “exclude” these communications from the phone tap records, for instance. On this page, the Dutch Bar Association is explaining to their members how to submit their phone numbers into this system so that their conversations with their clients are (ostensibly) excluded from the taps (only the taps by Police though, the intelligence community is, as I’ve explained above, not affected by this.)
This trend is incredibly dangerous to the right to a fair trial. If one cannot honestly speak to one’s lawyer any more, where every word spoken to one’s lawyer is intercepted and analysed, suddenly the government holds all the cards, and will always be one step ahead. How can one build a defence based on that?
The Netherlands is by the way still the country with the dubious distinction of having the largest absolute number of wire-taps in the world, and that’s just gleaned from (partial) police records. We don’t even know how much the AIVD and MIVD tap, since that information is classified, and “threatens national security if released,” which in my opinion is spy-speak for: “We tap so much that you’d fall off your chair in outrage if we told you, so it’s better that we don’t.”
Instead of holding the intelligence community accountable for their actions for once, and make these practices stop at once, the government has always taken the position of legalising current practices instead, which, if you are the government minister responsible for the oversight on the intelligence community, sure is a lot easier than confronting a powerful intelligence agency, which maybe holds some dirt on you.
All of these developments are so dangerous to our way of living and any sane definition of a free and open, democratic society where government is accountable to the people that they claim to represent, that it makes me want to proclaim, as Cicero exasperatedly proclaimed in his first oration against Senator Catilina:
“O tempora! O mores!”
In the Roman case, Catilina conspired to overthrow the Republic & Senate, and Cicero was frustrated that, in spite of all the evidence presented, Catilina was still not sentenced for the coup, whereas in previous times in Roman history, Cicero noted, people have been executed based on far less evidence.
Now we have the situation, that in spite of all the mountains of evidence we now have, thanks to Snowden, governments around the world still won’t take the prudent and necessary steps to hold the intelligence community to account. We need to take action, and start to encrypt. As soon as the vast majority of the world’s communications are encrypted using strong encryption (not the ones where the NSA “helpfully” gives NIST the special factor to use for calculations in their standardisation of a crypto algorithm, all for free), soon, blatantly collecting everything will be of no use.