DIRECT NEWS INPUT SEARCH
Dutch dragnet surveillance bill leaked |
04 May 2016: posted by the editor - Human Rights, European Union, Holland | |
By Ton Siedsma and Evelyn Austin, EDRi member Bits of Freedom, The Netherlands How did we get here? Ever since the law was announced in 2013, one of the main concerns of the debate have been how the dragnet will function, and how extensive it will actually be. Based on the draft that was released for public consultation in September 2015, dragnet surveillance could definitely be in our future. The explanatory memorandum didn’t do much towards clearing things up. The Dutch EDRi member Bits of Freedom wasn’t alone in voicing harsh criticism about what was being proposed. The dragnet rears its head... After months of silence, on 20 April, the Netherlands Broadcasting Foundation NOS disclosed a number of examples of how the dragnet will be implemented. The examples taken from a confidential document presented to providers for consideration demonstrate that Plasterk plans to interpret the law in a far broader manner than he said he would. The number of citizens whose communication will be intercepted is overwhelming. ...and escapes through the meshes of the law On 29 April, the Dutch newspaper Volkskrant leaked the bill for the new Intelligence and Security Services Act. Conclusion: the dragnet is still in place. So what was done with the tidal wave of criticism? As the Dutch government reminds us: “The main points of criticism concerned the following three issues: large dragnet, collaboration with foreign secret services, and proper oversight.” These issues needed addressing. But apparently not that much. The dragnet Although no definition of this word is given, the memorandum clearly shows that “investigation-assignment-oriented” can be interpreted just as creatively as “bulk” or “purpose-oriented”. The memorandum hardly, if at all, goes into the type of situations that might be envisaged. It’s not ruled out that the power could for instance be used to identify âprison escapees’, but that’s about as concrete as it gets. It’s deplorable that concrete cases are presented to providers for cost analysis purposes, but are not offered to the Council of State for a proper assessment of the compatibility of such a law–and the manner in which it will be implemented–with European law and the Dutch constitution. What the explanatory memorandum does make very clear, however, is that any limits imposed on the dragnet will have to come from an oversight body after applying the law, not from the government when creating it. Third party hacking This, obviously, is totally unforeseeable for the citizen, and creates major security risks for them. Neither the loud criticism nor the results of the Privacy Impact Assessment (PIA), which was commissioned by the government, have led to the proposed power to be reconsidered. Third party hacking is âessential for an effective implementation of the hacking powers’. Yes, clauses have been added to the draft offered for consultation about the assessment and limitation of the damages to a third party, but this doesn’t resolve the main issue: the damages to a third party resulting from being hacked by the government’s services. The government acknowledges the fact that, by hacking, vulnerabilities in software will be exploited that can affect a large number of people (for example a vulnerability in an Android-phone will not only affect a suspect, but everyone with the same phone), but concludes that national security outweighs personal security. Of course there is room, but not an obligation, to report the vulnerabilities to “those responsible”. Not an obligation; a possibility. Oversight As regards oversight, the minister has to request permission from an independent committee consisting of (former) judges. The committee’s decision will be binding. However: if in a hurry, permission can be requested afterwards, or while an investigation is in progress. If permission is denied, the hitherto gathered information will have to be destroyed. What’s striking is that a number of authorities will not have to be sanctioned by the oversight committee, most remarkably the seizing of traffic data. Whereas the Dutch government and European and Dutch courts have said that the seizure of such records constitutes an infringement substantial enough for a judge to have to rule on it, in the case of this bill the power does not require approval by the independent oversight committee. Especially in light of previous European rulings, this is an untenable situation. For protected professions, there will be judicial review. Exercising interception powers in cases concerning journalistic sources will be subject to more scrutiny: in these cases the period for which a power is allowed to be exercised is limited. Exchange with foreign services Dutch dragnet surveillance bill leaked: our analysis (04.05.2016) https://bof.nl/2016/05/04/dutch-dragnet-surveillance-bill-leaked/ Tags: mass surveillance |
|
|
Name: | Remember me |
E-mail: | (optional) |
Smile: | |
Captcha | |