"A coalition of lawyers, journalists and internet freedom activists launched legal action against the Dutch government, in an attempt to get it to stop using information about Dutch people gleaned from NSA surveillance.

After it recently emerged that information about 1.8 million Dutch people's calls had been purloined by the National Security Agency, the country's home affairs minister, Ronald Plasterk, expressed annoyance that the U.S. agency hadn't asked first. However, he said, the monitoring "only concerns metadata, like who called who."

Dutch lawyers and journalists aren't so quite so sanguine about the matter, largely because their professions require confidentiality – something you can't guarantee clients and sources when you're potentially being monitored. On Wednesday, the Dutch Association of Defense Counsels and the Dutch Association of Journalists joined a broad coalition in suing Plasterk and the country's government, demanding that the state stop using data recorded in the Netherlands by the NSA.

The coalition also includes internet freedom activist Rop Gonggrijp, security expert Jeroen van Beek, advocate Bart Nooitgedagt, investigative journalist Brenno de Winter and tech law expert Mathieu Paapst, as well as the Internet Society Netherlands Chapter and Privacy First Foundation.

At the heart of the complaint is a potential legal sleight-of-hand that many (including me) have long suspected is in play – namely that intelligence agencies are bypassing their own countries' privacy laws by getting allies to spy on their citizens for them.
(...)
Daphne van der Kroft, public policy advisor at the coalition's law firm, Bureau Brandeis (yes, named after the legendary American jurist), suggested Plasterk and the Dutch state were "whitewashing" data.
(...)
This is not the first such case to arise in Europe following Edward Snowden's NSA revelations. The activist group Privacy International has attempted to sue the British government over data-sharing between the NSA and its UK counterpart, GCHQ. However, it had to approach a secret court to do this, and it got no response.

It is now trying a different angle, complaining to the OECD about the collaboration of telecommunications firms with the NSA. A separate group, Privacy not Prism, has skipped the secret court bit and gone straight to the European Court of Human Rights. (...)"

Source: http://gigaom.com/2013/11/06/dutch-lawyers-and-journalists-sue-government-over-nsa-links/, 6 November 2013.

"A coalition of Dutch citizens and organizations initiated legal proceedings against the Dutch State, represented by Minister of Interior Affairs Ronald Plasterk on Wednesday, demanding Dutch intelligent services to stop using NSA data.The subpoena was filed by a coalition of citizens and organizations, among which the Dutch Association of Defense Counsels, the Dutch Association of Journalists, the Internet Society Netherlands Chapter and Privacy First Foundation.

They question the legality of the exchange of data between the Dutch intelligence service (AIVD) and the United States National Security Agency (NSA), and demand that the Dutch State stops using data that has not been obtained in accordance with Dutch law.

Last week Minister Plasterk confirmed the monitoring of mail and phone traffic in the Netherlands by the NSA. He also acknowledged that the Dutch Intelligence Agency had supplied information to the NSA and vice versa, but condemned the interception of phone calls and mails without permission.

"Plasterk has indeed condemned the NSA eavesdropping and spying without permission, but at the same time he is exchanging data with the NSA," told lawyer Christiaan Alberdingk Thijm, who represents the coalition of citizens and organizations, to Xinhua. "So based on the exchange of information regime the AIVD will eventually get the illegally obtained data."

"By using data that has been illegally acquired through the NSA, these data are sort of laundered by Plasterk and his secret services," Alberdingk Thijm added. "This case should put an end to that unlawful conduct. Our goal is that the Netherlands will act according to Dutch law. We cannot do much on what the Americans are doing here, but we can ensure that the Netherlands complies with the law. Furthermore we want citizens to be informed when their data was illegally obtained and used."

Alberdingk Thijm thinks their case could be followed in other European countries. "We based our case on European jurisdiction, so the case could simply be copied in other countries. However, they should sue their own state," he said.

Minister Plasterk was informed by the subpoena on Wednesday and he will, according to the administrative rules, have to appear in court on November 27. After that he will have six weeks, until January 8, to file a response."

Source: http://www.shanghaidaily.com/article/article_xinhua.aspx?id=178503, 7 November 2013.

"A coalition of defense lawyers, privacy advocates, and journalists has sued the Dutch government over its collaboration and exchange of data with the U.S. National Security Agency and other foreign intelligence services.

The coalition is seeking a court order to stop Dutch intelligence services AIVD and MIVD from using data received from foreign agencies like the NSA that was not obtained in accordance with European and Dutch law. It also wants the government to inform Dutch citizens whose data was obtained in this manner.

The legal proceedings were initiated in the Hague district court by the Dutch Association of Defense Counsels, the Dutch Association of Journalists, the Internet Society Netherlands Chapter, the Privacy First Foundation and five private citizens.

The coalition wants to close a loophole through which the Dutch intelligence services can obtain data on Dutch citizens from foreign intelligence partners that it wouldn't have been able to acquire through legal means in the country.
(...)
The coalition's lawyers argue that mass data-collection programs like those of the NSA and the U.K. Government Communications Headquarters (GCHQ) violate human rights guaranteed by international and European treaties including the European Convention on Human Rights, the International Covenant on Civil and Political Rights and the Charter of Fundamental Rights of the European Union.

As such, it was illegal in many countries, particularly in the European Union, to obtain data through those programs.

Civil society organizations and citizens in other European countries can and should launch similar legal actions, said Christiaan Alberdingk Thijm, a founding partner of Bureau Brandeis, the law firm that represents the Dutch coalition in this case."

Source: http://www.pcworld.com/article/2061581/dutch-civil-society-groups-sue-government-over-nsa-data-sharing.html, 6 November 2013.

"In Nederland heeft een groep burgers en organisaties een rechtszaak ingespannen tegen minister van Binnenlandse Zaken Roland Plasterk. De groep 'Burgers tegen Plasterk' eist dat de Nederlandse overheid geen informatie gebruikt die het via de Amerikaanse NSA heeft verkregen.

Burgers tegen Plasterk wil dat minister Plasterk verantwoording aflegt over het beleid van de Nederlandse overheid inzake het gebruik van NSA-gegevens. De geteisterde Amerikaanse inlichtingendienst zou illegaal informatie verzamelen over Nederlandse burgers, en die vervolgens doorspelen aan zijn Nederlandse tegenhanger AIVD.

Het initiatief komt onder meer van hacker Rop Gonggrijp en ICT-journalist Brenno De Winter. Ook de Nederlandse Vereniging voor Strafrechtadvocaten en de Nederlandse Vereniging voor Journalisten hebben zich aangesloten bij de rechtszaak, net als de Internet Society Nederland en de Stichting Privacy First.
(...)
De advocaat van de groep, Christaan Alberdingk Thijm, [stelt] dat Plasterk en de inlichtingendienst (...) illegaal verkregen data witwassen. 'Deze zaak moet daar een einde aan maken', aldus Alberdingk Thijm.

Minister Plasterk, die eerder al de Nederlandse inlichtingendienst verdedigde, is er van overtuigd dat de AIVD niets verkeerds doen en zich aan het wettelijk kader houdt. (...)"

Source: http://www.standaard.be/cnt/dmf20131106_00826456, 6 November 2013.

By now basically everyone is aware of the far-reaching eavesdropping practices by the American National Security Agency (NSA). For years the NSA has been secretly eavesdropping on millions of people around the world, varying from ordinary citizens to journalists, politicians, attorneys, judges, scientists, CEOs, diplomats and even presidents and heads of State. In doing so, the NSA has completely ignored the territorial borders and laws of other countries, as we have learned from the revelations by Edward Snowden in the PRISM scandal. Instead of calling the Americans to order, secret services in other countries appear to be all too eager to make use of the intelligence that the NSA has unlawfully obtained. In this way national, European and international legislation that should safeguard citizens against such practices is being violated in two ways: on the one hand by foreign secret services such as the NSA that collect intelligence unlawfully, and on the other hand by secret services in other countries that subsequently use this intelligence. This constitutes an immediate threat to everyone’s privacy and to the proper functioning of every democratic constitutional State. This is also the case in the Netherlands, where neither the national Parliament nor the responsible minister (Mr. Ronald Plasterk, Home Affairs) has so far taken appropriate action. This situation cannot continue any longer. Therefore a national coalition of Dutch citizens and organizations (including the Privacy First Foundation) has today decided to take the Dutch government to court and demand that the inflow and use of illegal foreign intelligence on Dutch soil is instantly brought to a halt. Furthermore, the coalition demands that the Dutch government notifies all citizens whose personal data have been illegally obtained. These data must also be deleted.

These legal proceedings by the Privacy First Foundation primarily serve the general interest and aim to restore the right to privacy of every citizen in the Netherlands. The lawsuit is conducted by bureau Brandeis; this law firm also represents Privacy First and 19 co-plaintiffs (Dutch citizens) in our Passport Trial against the Dutch government. Privacy First is confident it will soon have positive outcomes in both of these cases.

Click HEREpdf to read the subpoena as it was presented to minister Plasterk today. (Dutch only)

Apart from Privacy First, the coalition of plaintiff parties consists of the following organizations and citizens:

- The Dutch Association of Defence Counsel (Nederlandse Vereniging van Strafrechtadvocaten, NVSA)
- The Dutch Association of Journalists (Nederlandse Vereniging van Journalisten, NVJ)
- The Dutch chapter of the Internet Society (ISOC.nl)
- Jeroen van Beek
- Rop Gonggrijp
- Bart Nooitgedagt (represented by the NVSA)
- Matthieu Paapst (represented by ISOC.nl)
- Brenno de Winter (represented by the NVJ).
 
Update 5 February 2014: today the Dutch government (Ministries of Home Affairs and Defence) has responded to the subpoena in a comprehensive statement of defence; click HEREpdf for the entire document (pdf; MIRROR) and HERE for the press release by our attorneys of bureau Brandeis (in Dutch). It is remarkable that the State Attorney only deems the Privacy First Foundation admissible (see p. 31). This means that Privacy First is only one step away from standing before the judges of the district court of The Hague. This development is also of great importance for our Passport Trial, in which that same court at an earlier stage deemed Privacy First et al. inadmissible. The Hague Court of Appeal is currently looking into this legal issue once more. In the point of view of Privacy First, the court should declare all plaintiffs (citizens and organizations) admissible in both the court case concerning the NSA as well as our lawsuit regarding the Dutch biometric passport.

Published in Litigation
Friday, 14 June 2013 16:59

Big Brother as a new form of society?

Shocking news reached us last week from the United States regarding the eavesdropping scandal that involves the US government. The digital state terrorism under Obama Bin Laden (the difference is really just a mere letter) has only been further institutionalized in his terms of office and undermines the basis of the democratic constitutional state inside and outside of America. Everyone’s a suspect, massive data storage and then continuous, real-time profiling of every citizen, in particular the citizens and organizations the governments dislikes. ‘’Just trust us, we don’t actually trust you.’’ One-sided transparency, citizens without any form of privacy, the government shielded by so-called state security protocols and always at war with an unknown enemy, so ‘’everything is permissible‘’.

  • A democracy is characterized by administrative transparency and respect for the private life of citizens. Within a dictatorship things are exactly the other way around: transparency of private life and administrative secrecy are the norm. To what extent is America still democratic? Over there whistleblowers that represent fundamental rights and real patriots in the true sense of the word are portrayed as terrorists.
  • 29-year old Edward Snowden is committed to his own principles and is now forced to seek asylum far away from the United States.
  • After having revealed abuses by that same government, Julian Assange felt the need to flee to the Ecuadorian embassy in London where, by now, he’s been holed up for over a year.
  • Where are the days when such people got the credit they deserved? Not that long ago, during the Watergate Scandal, the American president had to resign. It also brings to mind George Orwell’s newspeak: simply turning everything around, denying, lying, deceiving. So here we have it: the government that sold "change" and "hope" to its own people and the world.

A few hopeful changes à la Obama:

  • Guantanamo Bay is still open and its prisoners have been held there for years without any form of fair trial and with no way out; secret courts are the norm.
  • Everywhere in the world, unwanted citizens and innocent citizens are pre-emptively eliminated without any form of trial, judicial process or evidence through the use of drones, which additionally violates the sovereign airspace of foreign states. In case a drone crashes, instead of apologizing for violating international law, the drone is ordered back in no uncertain terms.
  • By now hundreds of pilots are trained to fly drones and to kill "suspects" in a computer game-like way.
  • Echelon, Carnivore and other data-collection programs are now complemented by PRISM, in order to be able to create a "digital life file" of every citizen, used to analyze the past, the present and possibly future behavior and ways of thinking. In case these ways of thinking are not to the government’s liking, the words "terrorist" and "part of a criminal organization" are immediately proclaimed and a profiling program commenced. This shameless infringement of the right to a private life takes place under the guise of terrorism prevention.
  • Whereas in the past citizens under reasonable suspicion of a crime could be tracked on the basis of a judicial decision and whereas control was specifically aimed at foreigners in the home country, nowadays it’s every citizen’s turn without judicial interference and in the US, already 5 million officials of the State have access to such classified information. And the target within PRISM very clearly is the entire world and all (forms of) communication. Welcome to the new world! Data macht frei!
  • Now the Obama administration is in the possession of these data, they are directly abused as well, for example by not handing out permits or by carrying out extra tax controls on dissenting groups. For years Privacy First has warned of function creep when it comes to this kind of legislation and the execution thereof. In this respect the Patriot Act is the least patriotic law (newspeak) since the coming into existence of the US and is applied all the time to be infinitely abused by the government, also outside of the US.

This was just a brief overview of cases that have come to the surface. Privacy First is especially bothered by the lack of self-reflection and self-control that governments display. "Is it technically possible? Then let’s do it!"

Instead of having a democratic discussion and offering a content-related reaction including apologies, or instead of the people responsible resigning, an immediate attack is launched and a sideway discussion started, exactly similar to the Wikileaks Affair:  

  • Everything is inverted, the whistleblowers are terrorists and privacy fetishists who are actually weak and sensitive, characteristics that need to be eliminated immediately.
  • Immediately diverting the question away from the topic and focussing on the mistakes made within the organization with the aim to eliminate whistleblowers; how can it be these whistleblowers have not been detected earlier?
  • The subsequent phase is the stigmatization of the whistleblower, saying that more resolute action is needed to discourage other intelligent people with common sense and a democratic vision to undertake any such actions.
  • After that comes the stigmatization of those holding different views and the press; the disgraceful free press that dares to publish such information: there has already been a call to prosecute any press that collaborates with whistleblowers. An immediate counter attack and you don’t need to talk about the content, a very easy option!
  • It is allowed by law through the Patriot Act! Instead of calling this law into question when true patriots that are committed to principles reveal abuses.
  • Shamelessly asserting that nothing’s going on when information is shared without the permission of citizens from other countries, with the argument that it’s convenient and that the government knows what is good for citizens. And all of this from a line of thinking dominated by fear, without a privacy-friendly alternative.

Time and again the government evades the real debate about reinforcing the fundamental principles of the democratic society on the basis of faith, about stimulating individual responsibility of citizens and, where necessary, about modifying the system with technology in order to improve the democratic process. The US government, like many other governments, has totally gone out of its mind and has forgotten it serves the interests of its citizens and the democratic fundamental principles instead of the other way around.

Privacy First makes a call to all pressure groups and government institutions to have a broad debate in society about this; in this digital age we are in need of a concrete alternative for the organization of a democratic society in order to stop the explosive growth of government terror that targets innocent and defenceless citizens. In this way Western democracies rapidly become totalitarian dictatorships while our society turns into an "electronic concentration camp".

→ What difference is there still between a dictatorship or a single-party state like China and the big leader of the free Western world, the US? That they are capitalistic societies?

→ What meaning does the message of progress, faith and love still have on a model of society that offers a hopeful future to the fully participating citizen?

At the end of the day scaling up, distancing of citizens, negative messages on the basis of fear, suspicion and black and white thinking will not lead to a more pleasant society. Nevertheless these are everyday occurrences since 9/11. A few years ago Privacy First already decided to choose for a free and inspiring society that had been fought for for 2000 years and to draw a line in the sand for citizens. We pay tribute to the whistleblowers! Who’s next?

Bas Filippini,
Chairman of the Privacy First Foundation

Published in Columns

The Privacy First Foundation regularly organises networking drinks combined with informational sessions for our volunteers, donors and experts from our network of journalists, scientists, jurists and people working in ICT. Since July 2011, these events are organised about every three months and take place at the Privacy First office in the former building of de Volkskrant newspaper in Amsterdam. Themes discussed so far have been privacy in the Netherlands (speaker: Bart de Koning), biometrics (Max Snijder) and profiling by the government (Quirine Eijkman and André Hoogstrate). There were also book presentations by Dimitri Tokmetzis (De digitale schaduw – The digital shadow) and Adriaan Bos (Advocaat van de waarheid – Advocate of the truth). On Thursday night 13 September this year, we had a real scoop: a lecture about the Dutch General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst, AIVD) and the right to privacy by no one other than the Head of the AIVD himself, Mr. Rob Bertholee. (Click HEREpdf for the invitations to our network (in Dutch). Would you also like to receive our invitations from now on? Email us!) The following morning, the essence of Bertholee’s lecture appeared on the AIVD website: click HERE (in Dutch). An article in Dutch newspaper Telegraaf about the event was published today. Below is a translated summary of Bertholee's speech and the discussion with the audience that followed (taking over two hours in total).

A common goal: freedom in an open democratic society

The night starts with a short introduction by Privacy First chairman Bas Filippini. In Filippini’s view, Privacy First and the AIVD actually pursue the same objective, namely freedom in an open democratic society, albeit from different perspectives. Rob Bertholee affirms this and says that tonight, contrary to what some may think, he doesn't really consider himself to be in the lion’s den. After a long career in the army, Bertholee has been the Head of the AIVD for nine months now. One of his first impressions of the AIVD was one of a professional organisation with people who are driven by their ideals, he says. Both the AIVD and the MIVD (military intelligence) have to deal with risks and threats to national security and the democratic legal order, in other words, with threats to our way of life and the guarantees for our freedoms thereof. As a result of internationalisation and new technologies, threats and risks increase in number and have a greater impact and reach. An example is the internet that, apart from its positive aspects, has a downside to it as well. 
Rob Bertholee


Security is not a fundamental right

The AIVD has two main tasks: intelligence and security. Formally however, security is not a fundamental right, Bertholee rightly remarks. In its case-law, the European Court of Human Rights has indicated that States are obliged to take all reasonable measures against life-threatening situations, he says. Subsequently, the Council of Europe has endorsed this in its Guidelines on human rights and the fight against terrorism. Whereas Privacy First focuses on the protection of the individual, the AIVD concentrates on the protection of the community of individuals. In between there’s a trade-off: in order to protect the community, sometimes it is necessary to infringe the rights of the individual. Bertholee then mentions a couple of tasks of the AIVD which do not infringe the right to privacy. This is the case for 1) personal security assessment and 2) protective measures for individuals, organisations and companies, for example in relation to espionage. In these two cases the law dictates that the AIVD is, by law, not allowed to deploy special intelligence powers. It is exactly the deployment of such powers that infringes people's privacy.

An important part of the AIVD is the National Communications Security Agency (Nationaal Bureau voor Verbindingsbeveiliging, NBV) which supports the Dutch central government in securing special information. The NBV evaluates security products and plays a role in their development. It is this agency where, for example, USB flash drives for the government are tested on data leakages. Then there’s the political intelligence task of the AIVD abroad, "which, admittedly, intrudes upon people's privacy, but not here in this country". Finally, there’s the task of making threat analyses for certain individuals (for example politicians), organisations or events. One task of the AIVD through which privacy in the Netherlands is put at stake concerns the assessment of ‘threats to our national security, the continuation of democratic rule of law and other, important State interests". This assessment is carried out, first of all, through open sources (media, internet, etc.), but can (subsequently) proceed by shadowing, monitoring or eavesdropping of persons or by penetrating virtual or physical spaces. In this respect Bertholee emphasizes the high degree to which employees of the AIVD are aware of 'the spirit' of the Dutch Intelligence and Security Services Act 2002 (Wet op de inlichtingen- en veiligheidsdiensten, Wiv2002). "As a citizen I felt reasonably reassured from the moment I had an understanding of what the AIVD was actually doing and what it could and was allowed to do, and also by the way the government can continue to exercise control over a service like the AIVD," says Bertholee. "You don't have to believe me, but I just wanted to share this with you," he jokes. Then he’s resolute again in saying "our tasks and powers are all clearly defined by law."

Rob Bertholee

Legal framework

In the field of counter-terrorism, at the moment most of the AIVD’s attention goes out to (potential) Jihadists and radical 'lone wolves' like Anders Breivik. Bertholee finds it worrisome that such lone wolves are hard to track down, even though relevant information is sometimes available, for example at healthcare institutions or the police. A difficult dilemma is, on the one hand, the question whether or not certain events could have been prevented by correlating information on national and international levels and, on the other, which risks society is willing to take in order to preserve people's privacy, Bertholee explains. However, he can well imagine that citizens worry about the correlation and international exchange of data and that this is bringing about a 'Big Brother' experience. As a citizen, Bertholee himself is worried about this too. Where is the right balance between protecting the individual and protecting the community? Every special power of the AIVD is anchored in the Wiv2002. The most simple special power is talking to people (Article 17 Wiv2002). For every single special power in the Wiv2002 the following requirements apply: 1) necessity, 2), proportionality and 3) subsidiarity. Therefore, special powers may only be deployed in case open sources (internet etc.) prove to be insufficient. The AIVD is to continually ask itself: is it strictly necessary? And are we very certain that there are no lighter measures at our disposal? The enforcement of those very powers is verifiable afterwards. Apart from opening letters (this falls under the Dutch Postal Act) there is no investigative magistrate involved. However, for the use of every special intelligence power the approval by the Minister of the Interior and Kingdom Relations or by the Head of the AIVD on behalf of the Minister is required. Moreover, every new employee of the AIVD gets a basic education through which he or she is being taught, among other things, about the Wiv2002. In this context, Bertholee relates an interesting anecdote: once in a while the AIVD invites a number of journalists, members of Parliament or jurists to discuss a case. It turns out that those not working for the AIVD are more inclined to allow the use of special powers than the AIVD employees themselves. As an answer to a question from the audience, Bertholee says that he himself gave an explanation about the Wiv2002 to Interior Minister Liesbeth Spies, just one and a half hours after she was sworn in by Queen Beatrix. "We have no rules of our own, we abide to what is written in the law," Bertholee says. He goes on telling about the process that sees the deployment of a special power: it starts with an employee who wants to use a special power for an AIVD investigation. The employee is to account for his request in writing and an AIVD operational lawyer looks into it. The request is then sent to a supervisor, after which it is forwarded to Bertholee. Finally, the request ends up at the desk of the Interior Minister. This happens case by case, always taking the prerequisites of the Wiv2002 into consideration. No form of pressure is allowed in the event the AIVD makes a request for information to citizens. The same goes for requesting information to journalists: it is entirely up to them to cooperate or not. "If a journalist is not willing to cooperate, then that’s a pity for the AIVD and that’s where things end", Bertholee explains. However, some (parts of) conversations are being registered in a memo since everything needs to be verifiable for the AIVD.

Supervisory mechanisms

Bertholee tells about the way the AIVD is monitored by various bodies that each play their own role. First of all there’s the Dutch Parliamentary Commission for Intelligence and Security Services ('Commissie Stiekem') which consists of all the leaders of Parliamentary parties. Then there’s the (public) Parliamentary Commission for the Interior. The legality of the execution of tasks by the AIVD is scrutinised by the Dutch Review Committee on the Intelligence and Security Services (Commissie van Toezicht betreffende de Inlichtingen- en Veiligheidsdiensten, CTIVD); this is an independent supervisory body which consists mainly of legal experts. According to Bertholee, in recent years the CTIVD assessments on the AIVD have largely been positive. Furthermore, the Netherlands Court of Audit (Algemene Rekenkamer) examines the (secret) budget of the AIVD. Both the CTIVD as well as the Court of Audit have access to everything within the AIVD.

Revision of the Wiv2002

With regard to a possible revision of the Wiv2002, Bertholee remarks that the legal space currently offered is sufficient for the AIVD and that he doesn’t need more powers. However, he does think it is "particular" that the Wiv2002 is in some aspects related to the Dutch Postal Act and to the Telecom Act, which makes it necessary for the AIVD to get the permission of an investigative judge to open a letter, while that same permission is not required for intercepting or opening an email. Hence the legislation is technology-dependent and "something needs to be done about that", Bertholee states. Besides, the CTIVD has proposed to change the legislation with regard to SIGINT (Signals Intelligence). Furthermore, Parliament may evaluate the Wiv2002 in the near future. It seems there are two thorny issues at the moment: a possible ban on using journalists as informants and more control over the effectiveness of the AIVD. The difficult thing is that the effectiveness of an organisation like the AIVD is hard to measure; this is related to the nature of the work and the type of threats that are being averted. Bertholee: "I accept that life has certain risks. The question, however, is what society wants. How many casualties per year do you find acceptable?"

No Big Brother

Confronted with a question from the audience about new, predictive technologies and the effect that these can have on social behaviour, Bertholee makes clear "not to be in favour of Big Brother. There are limits to what you can and what you cannot do. This is also related to the risks that you are willing to take as a society." Bertholee responds to another question from the audience saying that a special power may only be used as long as it's necessary. When the necessity (i.e. the reason or threat) ceases to exist, the authority to use a special power ceases to exist as well. The CTIVD keeps an eye on that. Five years after a special power has been used, a duty of notification towards the citizen involved applies, unless this could reveal relevant sources or a current operational method. However, this duty to notify has so far never been used. In fact, Bertholee wonders whether such a notification could actually be experienced as an assault on one’s private life in case there was nothing going on with the person concerned.

Rob Bertholee

International exchange

The Wiv2002 remains applicable to the international exchange of intelligence between the AIVD and foreign secret services, Bertholee explains. Furthermore, an international code of conduct applies. The exchange of intelligence is examined from case to case and from country to country. In the event of exchange, what is allowed to happen with the intelligence in question is being indicated. Internationally this is being adhered to pretty well, according to Bertholee. However, in some cases, or rather, with some countries the exchange of intelligence could become a dilemma...

Drawing the line where violence starts

One question relates to the degree to which activists figure in AIVD files. Bertholee explains that, in principle, the AIVD conducts no investigations into activists. "We don’t care what someone thinks. We do not represent the moral high ground of the Netherlands. It is only when violence comes into play - or calls for violence, clear intentions towards violence, radicalisation - that we feel involved."

Current risks

During the discussion with the audience Bertholee emphasizes that it’s not the aim of the AIVD to collect as much data as possible. The aim is rather to collect the right information in order to be able to fend off threats. It is not the AIVD, but the industry that is the driving force behind the development of information technology that, unfortunately, is also used in less democratic countries. In response to a question Bertholee admits that there is a risk that a service like the AIVD could 'drown' in an abundance of data. Biometrics are one such development of new technology. This makes it more difficult to assume a new identity, both for people with bad intentions as well as for officers of the AIVD itself. Furthermore, the privatisation of intelligence is risky, especially due to the lack of legislative checks and balances.

Finally

Bertholee finishes his speech by emphasizing once more that the AIVD 1) doesn’t keep records of everyone, 2) doesn’t wiretap everyone, 3) shoots nobody, 4) doesn’t arrest anyone, 5) doesn’t force cars into the kerb, 6) doesn’t torture anyone, 7) doesn’t hack into every computer, 8) has no enforcement powers, 9) doesn’t put pressure on people and 10) doesn’t recruit journalists. Then Privacy First chairman Filippini rounds off the night and invites everyone present for drinks with music.

Handover of the book 'The digital shadow' and a bottle of wine by Bas Filippini to Rob Bertholee

 

Postscript Privacy First: as international peace and security often benefit from dialogue between 'opponents', the same goes in our country for a good relationship between the government and civil rights organisations like Privacy First. In that sense we consider this night to have been very valuable and we hope that the AIVD deems this event to be worth repeating in the future!

Screenshot AIVD website 14 September 2012

Update 27 September 2012: as a result of Bertholee's speech, a second article appeared in Dutch newspaper Telegraaf.

Published in Meta-Privacy

In the context of a public consultation, the Dutch Ministry of the Interior recently requested Privacy First to react to the current government proposal to revise Article 13 of the Dutch Constitution (right to confidentiality of postal mail, telephone and telegraph). Below are our comments on the current draft of the legislative proposal (click HERE for the original Dutch version in pdf):

Ministry of the Interior and Kingdom Relations
Deputy Director for Constitutional Affairs and Legislation
Mr. W.J. Pedroli, LL.M.
PO Box 20011
2500 EA The Hague
The Netherlands

Amsterdam, 29 December 2012

Re: Comments by Privacy First on the revision of Article 13 of the Constitution

Dear Mr. Pedroli,

On October 16th 2012 you requested the Privacy First Foundation to react to the draft legislative proposal to revise Article 13 of our Constitution. Privacy First is grateful for your request and is happy to hereby provide you with critical comments. In the first place, Privacy First fully endorses the desire of this government to modernise the current, archaic Article 13 of the Constitution. However, Privacy First regrets the fact that the government has not seized the opportunity to also renew and reinforce other ‘fundamental rights in the digital age’.

Positive aspects
In the view of Privacy First, the first and third paragraphs of the current draft legislative proposal to revise Article 13 of the Constitution form powerful anchors for a future-proof right to confidential communication. The first paragraph rightly upgrades the old confidentiality of postal mail, telephone and telegraph to a technology-independent (or technology-neutral) confidentiality of mail and telecommunication. The third paragraph forms a correct guarantee for the horizontal effect thereof. Moreover, Privacy First endorses the broad interpretation that is being given by the draft Explanatory Memorandum (EM) to various relevant concepts. However, the second paragraph of the draft proposal contains a systematic imbalance which, in times less democratic, could endanger the rule of law in our society. It is precisely this paragraph which most of Privacy First’s criticism is focused upon. Other points of criticism concern compulsory notification towards citizens in the event that special powers have been used by the intelligence and security services, traffic data as well as the lack of a comparative legal section in the EM.      

Judicial authorisation and national security
The EM rightly states that "in light of Article 13 (...) the protection of citizens against violations by the government is paramount, especially in light of the actions by the police and intelligence services. Demanding a judicial authorisation under the Constitution provides a strong and clear constitutional guarantee."[1] It is therefore incomprehensible that in the second paragraph of the draft legislative proposal the domain of national security is being excluded from judicial supervision. After all, where the concentration of power is supreme, judicial checks and balances should be the most potent to prevent any (future) abuses of power. In light of European history, the exception in paragraph 2 is in fact entirely irresponsible: unfortunately, even in our part of the world a democratic constitutional State is not a static matter of fact. Apart from that, the current draft proposal sends out a dangerous signal to foreign governments. Furthermore, Privacy First deems the exception in paragraph 2 unwise in view of possible technological developments in the (far) future.[2] The same holds true in relation to the (further) expansion of the notion of ‘national security’. Also in the future, the Dutch population needs to be protected against arbitrary violations of confidentiality of communication; in this regard the current wording of paragraph 2 offers no guarantee whatsoever.

Adding an extra ‘judicial layer’ would strengthen the current system of internal and external supervision on the intelligence and security services (and hence reinforce our democratic constitutional State). In this regard, the system of judicial supervision in a country like Canada could be a source of inspiration. Such judicial control would also be in line with the case-law of the European Court of Human Rights:

“The Court has indicated, when reviewing legislation governing secret surveillance in the light of Article 8 [ECHR], that in a field where abuse is potentially so easy in individual cases and could have such harmful consequences for democratic society as a whole, it is in principle desirable to entrust supervisory control to a judge.”[3]

In light hereof, the current wording of paragraph 2 is not expedient. Privacy First thus advises a revision of this paragraph as follows:

“This right can be restricted in cases defined by law with the authorisation of a judge or, in the interest of national security, with authorisation from one or more ministers appointed by law.’’ [lining through by Privacy First]


As a possible alternative to the introduction of judicial supervision in the security domain, Privacy First advises to upgrade the existing Dutch Review Committee on the Intelligence and Security Services (CTIVD) into a more powerful, independent supervisory body, similar to the Belgian or German model with overall compulsory inspections beforehand instead of random supervisory inspections afterwards.

Compulsory notification
A second point of criticism concerns the lack of an explicit constitutional notion of compulsory notification in the event of any infringement of the confidentiality of mail and telecommunication. Compulsory notification provides legal protection to citizens and contributes to the correct enforcement of law by the government, also in the security domain. Like judicial authorisation, this offers the best guarantuees against short-term as well as long-term violations.

Traffic data
From Privacy First's point of view, traffic data too need to fall within the scope of Article 13 of the Constitution. These data are often related to the content of communication; this even follows from the text of the EM itself, where text messages ('SMS') and the email subject line are rightly mentioned as examples. The same goes for instance for search terms in search engines. Apart from that, it is possible to deduce the content of communication between individuals and/or companies from traffic data in conjunction with other data (possibly collected in real-time). So here too, a vigorous regime of Article 13 of the Constitution in conjunction with judicial supervision is essential.

Comparative law
Finally, in the current EM Privacy First misses a comparative legal paragraph in which current Article 13 of the Constitution is compared with constitutional best practices from countries with either a civil law or a common law tradition. Additionally, with a new Article 13 of the Constitution that is state-of-the-art internationally, the Netherlands could positively distinguish itself and to some degree regain its former position as a leader in human rights.

Privacy First hopes that this advice will be of use to you. We are willing to give clarifications on the above points upon request.

Yours sincerely,

Privacy First Foundation

Vincent Böhre
Director of Operations

[1] EM, at 18, 20.

[2] Compare EM at 11, 1st paragraph.

[3] ECHR 22 November 2012, Telegraaf vs. Netherlands (Appl.no. 39315/06), para. 98. Compare also ibid., paras. 98-102.

[4] EM, at 18.

Update 8 February 2013: see also the critical comments by the Netherlands Committee of Jurists for Human Rights (NJCM), Bits of Freedom and the newly established Netherlands Institute for Human Rights (in Dutch).

Published in Law & Politics
Page 2 of 2

Our Partners

logo Voys Privacyfirst
logo greenhost
logo platfrm
logo AKBA
logo boekx
logo brandeis
 
 
 
banner ned 1024px1
logo demomedia
 
 
 
 
 
Pro Bono Connect logo
Procis

Follow us on Twitter

twitter icon

Follow our RSS-feed

rss icon

Follow us on LinkedIn

linked in icon

Follow us on Facebook

facebook icon