On Tuesday February 14, 2017 the bill for the new Intelligence and Security Services Act was passed by the Dutch lower house. Despite being met with serious opposition from experts, regulators, civil society, political parties and citizens, the revised bill passed virtually unchanged from the proposal submitted to the lower house. It’s beyond disappointing that a bill with such momentous consequences is rushed through the lower house with such relentless determination.
Political expediency trumps sound legislation
Political expediency, rather than sound legislation that would actually protect citizens, seems to have persevered. After publishing the draft legislation online for consultation in July 2015, cabinet took their time to revise the poorly received draft legislation. However, when the revised bill was submitted to the lower house late last year, suddenly time was of the essence, and the legislative process needed to be hastily concluded before the elections in March.
Despite being pressed for time, various opposition parties fought tooth and nail to amend the flawed bill. Unfortunately, most amendments failed as coalition parties closed ranks around the Dutch Minister of the Interior. So what are the bill’s biggest flaws?
From targeted to bulk data collection
Most importantly, the controversial new law will allow intelligence services to systematically conduct mass surveillance of the internet. The current legal framework allows security agencies to collect data in a targeted fashion. The new law will significantly broaden the agencies’ powers to include bulk data collection. This development clears the way for the interception of the communication of innocent citizens.
This law seriously undermines a core value of our free society, namely that citizens who are not suspected of wrongdoing, ought not to be monitored. Whether it concerns a WhatsApp-message or Skype-call, anything you do online might very well end up in the dragnet cast by the security agencies, provided that your communication falls within the scope of a vaguely defined ‘research assignment’.
Unknown data in hands of foreign agencies
It is a matter of importance that intelligence agencies collaborate with their foreign counterparts. For the sake of this cooperation the exchange of data is paramount. Yet, under the passed bill, Dutch security agencies may also share collected data without having analyzed it first. But when we hand over data to foreign governments without performing some form of data analysis prior to the exchange, we run the risk of not knowing what potentially sensitive information falls into foreign hands, and the consequences that might have for citizens. This is unacceptable.
Real-time access to databases without proper safeguards
With this bill, agencies are granted direct and fully automated access to databases of cooperating organizations without human interference. The intelligence agencies may, for instance, be permitted access to the databases operated by governmental institutions such as the tax authorities, but also to the data of schools, civic organizations and businesses like banks.
Hardly any measures are taken to ensure that this is done in a responsible manner. Intelligence agencies are allowed access to these databases without seeking prior permission from the minister or prior review by the new review committee.
Wanting and unspecified standards
Another contentious element of the bill are the numerous open standards and the lack of further specification. First of all, the limitations of the powers will become clear only as we go along. Citizens are offered little clarity in this matter. The oversight committee (CTIVD) has already put forth that the law offers too little guidance for proper assessment. Furthermore, the extent of the encroachment on our public liberties will largely be determined by ongoing technological developments. During the debate in parliament, Van Raak of the Socialist Party rightly stated that although the powers are technology-independent, the intrusions aren’t.
On a positive note…
We’re not all dark skies and thunderclouds. On several points the revised bill is an important improvement on the current law, and on the proposal that was put up for public consultation in 2015. For instance, many of the agency’s powers now will require a sign-off from the Minister of the Interior and a review committee. We’re also pleased to see the construction of a framework for online research conducted by the agencies. And finally: whatever qualms we might have with this particular bill… at least there is one. There are plenty of countries whose agencies operate entirely in the shadows.
So what are the next steps?
It’s now the Senate’s turn to review the bill. A bill that, in all likelihood, will not meet the minimum safeguards dictated by European law. If the parliamentary groups in the upper house abide by those in the lower house, the bill will be cleared with a comfortable majority.
We’re not giving up.
We’ll approach our senators and insist they carefully examine the proposal in light of the fervent criticism it brought forth, and not pass the bill without calling for changes. Should the Senate vote in favor of the bill as is? Then we cannot rule out the possibility of going to (European) court. The very least we can do is consider every opportunity available to us in the fight for our rights and liberties.