The Intelligence and Security Services Act, also known as the 'drag law', has been stirring up strong emotions among both supporters and opponents for more than a year. On March 21, we can go to the polls to give our opinion on the Intelligence and Security Services Act, but even that referendum is controversial. What about the WIV and what should you vote for later? In short: what is the sleep law?
The towage law is not a stand-alone law, but an amendment to the existing Intelligence and Security Services Act, which dates from 2002. According to the government (and the intelligence services themselves), that law needs an update, so that it is more in line with the way we communicate today. Even opponents broadly agree. Nevertheless, the Wiv is extremely controversial, in particular because of a few specific parts of the law. Opponents would like to discuss this, but the discussion is now dominated by the question of whether the towage law should be introduced at all. Under the current law, the intelligence and security services are only allowed to tap non-cable-bound communications (such as satellite connections) in an undirected manner. Wiretapping is only allowed if they have an idea who they are tapping: a tap must be aimed specifically at a person. But nowadays almost all data runs via cable networks (such as fiber optic or copper cables), so the law must be stretched so that it can also be tapped untargeted. All digital communication will then be treated equally.
trawling net
The new law has met with a lot of resistance because of the difference between directional and undirected taps. Under the current law, suspects may only be intercepted in a targeted manner, i.e. if there is a clear suspicion. With the new powers, intelligence services are also allowed to conduct untargeted searches. That is why the terms dragnet and towage law come up so often: opponents are afraid that the AIVD or MIVD will soon throw out such a dragnet and only then look for whether someone has done something illegal. This is also the intention: the intelligence services, for example, want to do big data analyzes to find patterns, such as repeated calls to Syrian numbers. Or by eavesdropping on an entire neighborhood where it is known, for example, that Syrian goers live. They will also be given the opportunity to collect data from various third-party databases and to combine them to engage in data mining.
guarantees
Fortunately, there are a number of safeguards in the law that should prevent abuse of such powers – at least in theory. For example, data that is not relevant must be deleted and destroyed as soon as possible. A maximum retention period has also been imposed for data that may be retained: this is three years. Opponents think that is very long. The most important safeguard is a new review committee that will be set up. This 'Testing Committee Deployment of Powers' (TIB) consists of three persons who must determine whether the use of a new tap is lawful. It is striking that Ronald Prins, among others, has been appointed as a technical expert for this. Prins is the former owner of government security officer Fox-IT and a former AIVD officer – not the most impartial person. The TIB must also consist of two judges or ex-judges and a technical expert. In addition to the TIB, the Commission of Oversight of the Intelligence and Security Services (CTIVD), as the name implies, supervises the law. This means that citizens can submit complaints, and that there is periodic evaluation of how the Wiv is going and what may need to be adjusted.
Details
There is much to be said about that 'towing' and supervision, but there is also a lot of criticism of controversial parts of the law. For example, the Council of State and the Dutch Data Protection Authority point out that the supervision and assessment criteria of the CTIVD and the TIB are not transparent enough and are unclearly defined. Moreover, no judiciary is involved, and the Minister of the Interior bears ultimate responsibility and can disregard the advice of the CTIVD. This makes the law in theory amenable to a political agenda. The Council of State says it is smarter to expand the supervisory powers of the CTIVD. The retention period of three years would also be too long, without this being necessary. Under the Wiv, intelligence services are also given a 'hacking power', the same that was previously removed from the Computer Crime Act III for the police and the judiciary because of 'too much privacy infringement'. With the hacking powers, the AIVD and MIVD will soon be able to hack computers and install malware to eavesdrop on suspects.
Pros and cons
Major parties from the House of Representatives have been arguing for years for an extension of the powers and under the previous VVD-PvdA cabinet, the law passed the House(s). Former Minister of the Interior Ronald Plasterk in particular often said that the law was necessary. But there is also a growing group of politicians who do not agree with this extension. In particular, the SP and the Party for the Animals, and Kees Verhoeven of D66 were vocal opponents.
There are many more opponents from outside politics, all of whom have expressed their objections to the new powers. Of course, these include prominent privacy advocates such as Bits Of Freedom and Privacy First, who call the law "no place in an open democracy" and "extremely totalitarian" respectively. In addition, a group of 29 prominent scientists signed an open letter to the House of Representatives not to agree with the law. It is more striking that the authoritative Council for the Judiciary, the Council of State and the Dutch Data Protection Authority also expressed strong criticism, which was not heeded.
Referendum
The controversy surrounding the towage law was accelerated by the referendum that a number of students set up, allowing us to go to the polls on 21 March. Last year a group of students started a petition against the towage law, which (with a little help from current affairs program Zondag Met Lubach) raised enough votes. This immediately caused a stir because the government already indicated that it would ignore a possible 'no' in any case.
Lawsuits
It therefore already looks as if the amendments to the Intelligence and Security Services Act will eventually be introduced, despite all the criticism. Many opponents have already announced that they will start lawsuits against at least certain parts of the law – if it becomes definitive. For example, the Dutch Association of Journalists, the Legal Committee of Human Rights and Privacy First want to go to court, although no official cases have yet been filed.
The big question is, of course, what it is best to vote in the referendum. In any case, a 'no' vote does not seem very effective: Buma of the ruling party CDA is most vocal in his statement to ignore that result. Yet a dissenting voice is not lost. Privacy groups can use such a result as ammunition for elections and the many future lawsuits against specific controversial elements such as long-term retention, hacking powers or database mining. In addition, the governing parties seem to be using a campaign tactic to take the sting out of substantive discussions on the subject. A vote is therefore not necessarily lost.
Amendments
Since the first bill for the Wiv, there has been a lot of criticism of the law from various parties. From providers to human rights organizations and even the Council of State. Even the CTIVD, which supervises the AIVD and MIVD. It is striking that many critics agree that the AIVD should be given more clout, but that the law is overreaching in this regard. Some critical political parties had tabled amendments to water down the law, some examples:
* Delete/limit dragnet
* Shorter retention period
* No/limited exchange with foreign services
* Strict access rules for dragnet data
* Not allowed to hack into physical equipment (e.g. insulin meter or pacemaker)
* Limit third-party hacking capabilities
* Transparency reporting on data requests by providers
The only amendment that passed the House of Representatives was about encryption. Communication service providers do not have to restrict the security (encryption) of the service in order to grant access to security services.
Timeline
Dec 2, 2013
July 2, 2015
First draft on the bill published, followed by two months of consultation.
September 2, 2015
Apr 1, 2016
Bill amended, whereby interception costs are no longer borne by providers.
September 21, 2016
October 28, 2016
December 15, 2016:
Strong criticism from Amnesty International and the Dutch Data Protection Authority, among others.
February 7, 2017
February 14, 2017
July 11, 2017
Nov 1, 2017
March 21, 2018
May 1, 2018
To inform?
Bits of Freedom has made a (quite inaccessible) electoral guide: www.waartrekjijdegrens.nl. You can find out more about the law itself on the AIVD site, while www.geensleep.net maps out the critical points.