On 14 February 2017 the bill for the new Intelligence and Security Services Act was passed by the Dutch lower house. Despite being met with serious opposition from experts, regulators, civil society, political parties, and citizens, the revised bill passed virtually unchanged from the proposal submitted to the lower house. It’s beyond disappointing that a bill with such momentous consequences was rushed through the lower house with such relentless determination.

Political expediency, rather than sound legislation that would actually protect citizens, seems to have prevailed. After publishing the draft legislation online for consultation in July 2015, the cabinet took its time to revise the widely criticised draft legislation. However, when the revised bill was submitted to the lower house in late 2016, suddenly time was of the essence, and the legislative process needed to be hastily concluded before the elections in March 2017.

Despite being pressed for time, various opposition parties fought tooth and nail to amend the flawed bill. Unfortunately, most amendments failed, as coalition parties closed ranks around the Minister of the Interior.

So what are the bill’s biggest flaws? Most importantly, the controversial new law will allow intelligence services to systematically conduct mass surveillance of the internet. The current legal framework allows security agencies to collect data in a targeted fashion. The new law will significantly broaden the agencies’ powers to include bulk data collection. This development clears the way for the interception of the communication of innocent citizens.

This law seriously undermines a core value of our free society, namely that citizens who are not suspected of wrongdoing, ought not to be monitored. Whether it concerns a WhatsApp-message or Skype-call, anything you do online might very well end up in the dragnet cast by the security agencies, provided that your communication falls within the scope of a vaguely defined “research assignment”.

It is a matter of importance that intelligence agencies collaborate with their foreign counterparts. For the sake of this cooperation, the exchange of data is paramount. Yet, under the passed bill, Dutch security agencies may also share collected data without having analysed it first. When handing over data to foreign governments without performing some form of data analysis prior to the exchange, it is impossible to know what potentially sensitive information is being thrust into the hands of foreign governments, and the consequences it might have for citizens. This is unacceptable.

With this bill, agencies are granted direct and fully automated access to databases of cooperating organisations without human interference. The intelligence agencies may, for instance, be permitted access to the databases operated by governmental institutions, such as the tax authorities, but also to the data of schools, civic organisations and businesses, such as banks. Hardly any measures are taken to ensure that this is done in a responsible manner. Intelligence agencies are allowed access to these databases without seeking prior permission from the minister or review by the new Review Committee on the Intelligence and Security Services (CTIVD).

Other contentious elements of the bill are the numerous open standards and the lack of further specification. First of all, the limitations of the powers will become clear only as we go along. Citizens are offered little clarity in this matter. The CTIVD has already stated that the law offers too little guidance for proper assessment. Furthermore, the extent of the encroachment on our public liberties will largely be determined by ongoing technological developments.

Despite its obvious shortcomings, the revised bill is, at some points, an important improvement of the current law, and of the proposal that was issued for public consultation in 2015. For instance, many of the agency’s powers will now require a sign-off from the Minister of the Interior and a review committee. Another positive note is the construction of a framework for online research conducted by the agencies.

It’s now the Senate’s turn to review the bill. If the parliamentary groups in the upper house follow the same approach as those in the lower house, the bill will be cleared with a comfortable majority.

EDRi member Bits of Freedom will approach senators and insist they carefully examine the proposal in light of the extensive criticism it inspired, and not pass the bill without calling for changes. Should the Senate vote in favour of the bill as it is, the possibility of a litigation at the European level cannot be ruled out.

EDRi: Dutch Parliament: Safety net for democratic freedoms or sleepnet? (08.02.2017)

https://edri.org/dutch-parliament-safety-net-democratic-freedoms-sleepnet/

EDRi: Dutch dragnet surveillance bill leaked (04.05.2016)

https://edri.org/dutch-dragnet-surveillance-bill-leaked/

(Contribution by David Korteweg, EDRi member Bits of Freedom; translation by Linsey Groot)