Ronald Plasterk, the Dutch Minister of the Interior, wants to make sure that the Dutch secret services have the powers to spy on the behaviour of all citizens and gain insight in all of their communications: phone calls, emails, chat messages and website visits. This much is clear after he published an update of the 2002 secret services bill and put it into online consultation on 2 July.

Dutch digital rights organisation, EDRi member Bits of Freedom will scrutinise the bill and provide input for the consultation. Three things immediately jump out as very worrying on a first inspection:

The secret services will gain the power to use a dragnet form of surveillance. The Minister has given assurances that the dragnet will only be used for specific purposes, but has not provided adequate safeguards limiting the mass surveillance of unsuspected citizens. There is no guarantee that these powers will only be used to target a specific group of people instead of a much broader and ill-defined group, like all persons in the Netherlands who are in contact with, for example, Syria. What if the services want to do the same for Morocco, France, or the United States? And do this all at the same time?

If there is a suspicion that someone wants to do harm, then it’s already possible to put them under surveillance, if necessary and proportionate. The Dutch services currently have the option to wiretap all communications of their targets. Using this dragnet to identify or monitor possible threats for the Dutch national security will inevitably ensnare many innocent people, breaching their rights in the process. There hasn’t been any discussion in the Netherlands about the necessity of these powers.

A second issue in the proposed bill is access to this bulk data by foreign services. Data which has been intercepted in bulk by the Dutch secret services can be shared in bulk with foreign services, even before the data has been evaluated. Anybody can be put under surveillance as soon as the Dutch secret service learns that they have previously been under surveillance by a foreign service, regardless of whether this person would be considered dangerous under Dutch law.

A final issue is the expansion of the hacking powers of the secret services. Since 2002, they have been allowed to hack into devices of a subject (which could also mean the servers of a forum). In this proposal, this power will be expanded to include subjects that are in some way, even if only technically, connected to the actual subject, in order to get to the actual subject. This could mean that an unsuspecting user of a server might be hacked to gain access to another user of that same server.

The proposed bill obviously also affects non-Dutch citizens and does not provide any answers to the global problem of state surveillance. Rather, it could be seen as an attempt to bring the Netherlands into the surveillance game. Instead of making an effort to end mass surveillance this bill only increases the number of mass surveilling states.

The online consultation will be open till 1 September 2015.

The online consultation for the law (only in Dutch)

https://www.internetconsultatie.nl/wiv/reageren/

Dutch intel bill proposes non-specific (“bulk”) interception powers for “any form of telecom or data transfer”, incl. domestic, plus required cooperation from “providers of communication services” (02.07.2015)

https://blog.cyberwar.nl/2015/07/dutch-intelligence-bill-proposes-non-specific-bulk-interception-powers-for-any-form-of-telecom-or-data-transfer-incl-domestic/

(Contribution by Ton Siedsma, EDRi member Bits of Freedom, Netherlands)