The House of Representatives will vote on an amendment to the intelligence law on Tuesday. This should give the intelligence services more room to intercept internet traffic. “We are not interested in the Netflix behavior of your neighbor,” says outgoing minister Hugo de Jonge. Yet there is criticism.
Will the intelligence services soon be able to store your WhatsApp messages? And see which websites you visit? This type of data runs via cables that the services will soon be able to tap much more easily. According to the current law, data collection is only allowed “as targeted as possible”.
The Intelligence and Security Services Act (Wiv) has been in force since 2018. According to that law, services must request prior permission from a supervisory committee (TIB) if they want to intercept information via a cable.
But the services have been complaining ever since. The supervision is far too strict, they think. This would make the Netherlands less able to protect itself against cyber attacks from, for example, China, North Korea, Russia and Iran.
Four years after the law came into effect, there had still been no interception of the cables. “That has not yet happened because the supervisory authority always rejects a request from the MIVD or AIVD,” said then Minister of Defense Henk Kamp upon his resignation in early 2022. NRC.
Outgoing Minister Hugo de Jonge (Home Affairs) also said this week that the full potential of the law is not being used enough.
What will change with the extension of the law?
There is less prior assessment by supervisors of the work of the AIVD and MIVD. That supervision shifts to during work and afterwards. Services are allowed to tap internet cables and later investigate whether there is anything interesting there. The data may be kept for six months, although they may not be used for the intelligence process. Artificial intelligence will play a greater role in analyzing large amounts of sensitive information.
Questions about citizens’ privacy
The discussion in the House of Representatives last week showed that most parties are largely positive about the bill. The SP and FVD do not support the law. They fear that the risk is too great that the privacy of citizens and, for example, journalists and lawyers will be violated.
Bert Hubert is also critical. He worked for the AIVD and later became a supervisor at the TIB. Until he left there in 2022 because he did not agree with the plans for expansion of the law. “The services are allowed to store large amounts of material and search them with algorithms,” he says. “Then I feel bugged, yes.”
But strict supervision remains, emphasizes Bart Jacobs, professor of Security at Radboud University. “Services do not know in advance exactly which traffic will travel over which cables,” he says. “That is why they will soon be allowed to obtain more information in the exploratory phase. But they are not allowed to use everything for the intelligence process.”
Services must explain why they want to intercept data from a cable. “To keep an eye on Russians, for example,” says Jacobs. “But the regulator will test this. And if it turns out that the services want to search the apps of Dutch people for this purpose, then this will not be allowed.”
‘What the TIB loses, the CTIVD gains’
It is also not the case that there is no prior testing at all. The TIB continues to monitor in advance, but is now receiving more guidance on legal standards.
“That is what went wrong when drawing up the Wiv in 2017,” says Rowin Jansen, PhD candidate and lecturer in privacy law at Radboud University. “A number of standards have never been explained by the legislature, which has caused conflicts between the services and the supervisors.”
According to Jansen, there is now more supervision. “Everything the TIB loses, the CTIVD gains. In that sense, there is compensation from supervision. This is a drastic change, but for the better.”
Major doubts about assessment by CTIVD
Supervisor CTIVD will receive more manpower for that work. But it is difficult to say whether that is enough, Jacobs also thinks.
“The CTIVD is very powerful and can halt work in a binding manner,” he says. But how this works in practice is still unclear. It doesn’t have to be boarded up now, says Jacobs. “Let’s also give those people the space to do their work.”
Moreover, there will be binding supervision by the CTIVD on specific articles. The binding supervision concerns scanning for hacks, technical risks of hacking, adding taps (this concerns the so-called crediting of servers when attackers move to another) and supervision of automated data analysis or data tapped in bulk.
Hubert says most supervision is not binding. He also calls it important to determine now how the CTIVD should monitor the activities of the services. “The regulator currently does not have sufficient secure office space and there is a risk that they will not be able to accommodate the growing number of researchers.”
Even the AIVD is not watertight
The intercepted information is stored on secure servers of the services. “We assume it is safe there,” says Hubert. “And that the AIVD itself is not hacked.”
But things can go wrong anywhere, he says. “More than a year ago, an employee stole 102 computers from the AIVD. There were no state secrets on them, but it does indicate that things could go wrong. In addition, we do not know what future laws will entail. Perhaps more data will suddenly be allowed to be stored It’s just a nicer idea if a lot of data isn’t stored unnecessarily.”
2023-10-22 10:32:18
#Chamber #votes #cyber #law #interest #Netflix #behavior #neighbor #Tech