Intelligence services to start large-scale data mining despite negative referendum
Despite a majority of Netherlands residents voting against a law to allow large-scale data mining in a referendum in 2018, the large-scale tapping of communication via internet cables is technically possible and will soon be used by the Dutch intelligence services. That breaks previous promises made by former responsible Minister Ronald Plasterk, the Volkskrant reports based on information from regulators TIB and CTIVD, and discussions with those involved.
A small majority voted against the Intelligence and Security Law in a referendum in March 2018, prompting the Cabinet to make a few changes to the law that allows intelligence service AIVD and MIVD to tap telephone and internet traffic on a large scale. One of the promises was that the tapping would be "as targeted as possible." Ronald Plasterk, the then Minister of Home Affairs and responsible for the AIVD, explicitly promised that the law would not be used to tap the communications of entire neighborhoods.
"Intercepting all communications in a certain Dutch district or neighborhood for a certain period (...) will under no circumstances pass the test against legal requirements such as proportionality and subsidiarity. I rule it out for such reasons," Plasterk stated. The use of the law to mine the data of entire neighborhoods was often called fear-mongering because the technology wouldn't allow it. Rob Bertholee, then the head of the AIVD, told the media in 2018 that he could not imagine the service tapping the communications of an entire neighborhood. "We're not going to do that."
But now, data mining on this scale is possible, the Volkskrant reports. People involved told the newspaper that the AIVD and MIVD plan to intercept data at large cable parties, such as Eurofiber and Relined - companies with extensive fiber-optic networks in the Netherlands that are also connected to transatlantic internet cables. That makes it technically possible to tap a lot more communication than a single cable from one provider, the newspaper wrote. "You are, in fact, talking about the whole of the Netherlands," one person involved said.
Two applications for cable data tapping made by the AIVD and MIVD last year show that the services actually want to go further than promised. The Minister granted the applications. But regulator TIB then rejected them as unlawful because they were "not proportional, not subsidiary, and not as targeted as possible." In an explanation, the TIB said that one interception related to the communications of "millions of citizens.' The services wanted to continuously store those communications and keep it for at least a year, possibly extending to three years.
The TIB said that the services did not specify what they expected to get from the data tap, and some of the data would have been shared unseen with a foreign service. "It was likely that a significant amount of internet traffic from, among others, Dutch citizens would be stored," the TIB said.
According to the Volkskrant, a new legislative proposal to map digital threats will turn this type of large-scale data mining into standard practice. The bill makes the criterion of "as targeted as possible" less important and reduces the testing by the TIB. This will make it easier to get permission for large-scale data mining. The TIB will no longer have to give permission for the services to analyze the data. And Plasterk's previous promise to filter streaming services like Netflix and YouTube out of the data stream will also be scrapped.