NL Seeks Bulk Intercept for AIVD and MIVD

Donate for the Cryptome archive of files from June 1996 to the present

21 November 2014

NL Seeks Bulk Intercept for AIVD and MIVD

Date: Fri, 21 Nov 2014

In the Netherlands, interception powers of the intelligence & security services AIVD (general; historically focused on internal security) and MIVD (military) are regulated by the Dutch Intelligence & Security Act of 2002 ("Wiv2002").

The AIVD and MIVD both have the power of (targeted) interception of communications in any form (cable, wireless, spoken, etc.) of specific persons or organizations. Exercise of this power requires advance approval of either the Minister of the Interior (in case of the AIVD) or the Minister of Defense (in case of the MIVD).

The AIVD and MIVD both also have the power of (untargeted) bulk interception of communications, but only for non-cablebound (i.e., wireless) communications. Under the current law, the AIVD and MIVD can bulk intercept any wireless communications they want as long as that communication has at least a foreign source or foreign destination. (I.e., domestic bulk intercept is not permitted.)

In 2013, the a temporary committee named "Dessens Committee" reviewed that law, and concluded that in today's world, the distinction between cable and non-cable communications can/should no longer be made. That committee then recommended, among others, to change the law and make it 'technology-neutral', i.e., to also allow bulk interception of cable communications.

In October 2014, the Dutch senate adopted a motion requesting the Dutch government to abstain from "unconditional, indiscriminate and large-scale"
surveillance.

Today, November 21st 2014, the Dutch government published its response to the recommendations of the Dessens Committee, and it turns out the Dutch govt indeed seeks to grant the power of bulk interception of cable communications to the AIVD and MIVD. To my best knowledge, it remains to be seen whether the current requirement that either source or destination must be foreign will be upheld.

It must be noted that this is not a blunt expansion of powers: it is accompanied by noteworthy changes in the legal framework for interception and oversight. More on this later.

Please find attached the Dutch govt response

kabinetsstandpunt-herziening-interceptiestelsel-wiv-2002.pdf

and a diagram outlining the new interception framework

bijlage-diagram-interceptiebestel.pdf

I'll send translations of both asap.

Below this line a translation follows of a post by the AIVD itself about the Dutch govt response published at

https://www.aivd.nl/publicaties/@3169/modernisering-wiv/

The "legislation" mentioned at the end is still being developed.

=========================================

"Modernization of the Dutch Intelligence & Security Act of 2002, extra
safeguards for privacy"

The cabinet will modernize the Dutch Intelligence & Security Act of 2002.
Minister Plasterk of the Interior and Minister Hennis-Plasschaert of
Defense have explained the general ideas in a letter to Parliament.

The Intelligence & Security Act is nearly 15 years old and no longer suits
current technology. 90 percent of telecommunications is transferred over
cables. In the changed law, the AIVD and the MIVD are granted the power to
also recognize terrorist threats, counter espionage, protect against
digital attacks, support the Dutch security interests and military
missions via the cable.

Interception of raw telecommunications data will be divided in three
phases: collection, preprocessing and processing. Every phase requires
separate approval from the Minister. In every phase, data may only be
intercepted aimed at a specific purpose, after a review of
proportionality, subsidiarity and necessity. In every phase, explicit
retention and destruction periods apply. The intercepted raw data are only
accessible by specific employees and for specific tasks. The approval from
the Minister is subject of independent oversight by the Dutch Review
Committee on Intelligence and Security Services (CTIVD). This framework
ensures that the security services cannot search the collected raw data
without restrictions.

The Wiv2002, that was established in the late 90s and applies since 2002,
still distincts between ether and cable. The Dessens Committee reviewed
the law and concluded at the end of last year that this distinction is
outdated as result of ongoing technological developments. Nearly all
telephony, internet, email, social media, apps and chat programs
communicate over cables. Terrorist and combat groups also use this a lot,
for instance for recruiting and command and control.

The cabinet therefore want to permit the intelligence and security
services to intercept raw cable telecommunications under conditions. This
concerns larger amounts of data, from which the services can select data
of adversaries. An example is telephone communications to conflict areas.
The safeguards in every phase of interception and processing of the data
ensure that the government cannot spy on random email conversations of
citizens, or eavesdrop on phone conversations. The privacy will thus be
better protected.

The oversight will also be strengthened. If the CTIVD concludes, after
review, that approval was given illegally, the Minister is required to
reconsider that approval. When the Minister upholds his/her decision, it
must be reported to the CTIVD and to the Commission for Intelligence &
Security Services (CIVD) of the Parliament, which can hold the Minister
accountable.

These general ideas are developed in legislation.