Report from Holland: Cable-bound interceptions and ‘dragnets’

For the past year, the Netherlands has had a new law governing its two secret services, the AIVD and the MIVD. The new Intelligence and Security Services Act (Wet op de inlichtingen- en veiligheidsdiensten or Wiv) was and still is heavily criticized, especially because it allows untargeted access to cable-bound telephone and internet traffic. Under the previous law, which dates from 2002, the intelligence services were only allowed to conduct bulk interception of wireless transmissions, like satellite and radio communications —besides of course the traditional targeted telephone and internet taps aimed at individual targets.

That prohibition of bulk cable tapping is not the only thing that makes Dutch intelligence services different from those of many other countries. Probably the biggest difference is the fact that the Wiv applies to both foreign and domestic operations, as if the two secret services were responsible for both domestic security and foreign intelligence.

The General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst, or AIVD) covers the civilian domain, and focuses at Jihadist terrorism, radicalization, rightwing and leftwing extremism, counter-intelligence and countering cyber threats. This is mostly domestic, but the AIVD also has a small branch that gathers foreign intelligence from and about a select range of countries. The Military Intelligence and Security Service (Militaire Inlichtingen- en Veiligheidsdienst, or MIVD) covers military issues, and is therefore more foreign-orientated than its civilian counterpart. The MIVD is responsible for the security of Dutch armed forces and for collecting foreign intelligence in military matters, while at the same time providing support of Dutch military missions abroad, like for example in Mali. When it comes to Signals Intelligence (SIGINT), the AIVD and MIVD combined their efforts in a joint unit called the Joint SIGINT Cyber Unit (JSCU), which became operational in 2014. The JSCU is responsible for most of the technical interception capabilities, from traditional wiretaps to cyber operations. The JSCU is not allowed to conduct offensive cyber operations. The latter are conducted by the Defence Cyber Command (DCC) of the Dutch armed forces.

From its predecessor, the Nationale Sigint Organisatie (NSO), the JSCU took over two large listening posts: one satellite intercept station near Burum in the northern province of Friesland, and a relatively large HF radio intercept post near Eibergen, just across the German border in the east of the country. These posts are used for the bulk interception of wireless communications, mainly for military purposes, as most (but not all) civilian communications have shifted to fiber-optic cables.

For the new power of untargeted interception of cable-bound traffic, four new access locations will be established in the next four years. The big question is of course where these access locations will be: people often fear that there will be a tap into the large Amsterdam internet exchange AMS-IX so the Dutch services will be able to ‘read everyone’s email’.

What many fail to realize is that the law provides a range of safeguards against indiscriminate surveillance. First, the interception power may only be used when it is necessary for one of the legal tasks of AIVD or MIVD. It then has to be decided whether the method is proportionate to the desired goal, and also whether there are no other, less intrusive means, to achieve that goal. If all that is the case, then the JSCU will look into which cables have the best chance to provide the information that is needed for a specific investigation or operation. The memorandum that accompanies the new law gives an example: one fiber optic cable can contain 24 fibers, over which there may run up to 480 virtual channels. Then maybe only 3 channels will be relevant for an investigation and then only the data from those 3 channels will actually be intercepted.

After it is decided which cables and channels have to be tapped, a motivated request for approval is sent to the responsible minister, which is the Interior minister for the AIVD, and the defense minister for the MIVD. After the minister approves the request, it is sent to an independent commission (Toetsingscommissie Inzet Bevoegdheden or TIB), which was newly established in the new law and which has to verify that the ministerial approval is lawful. If the request is also approved by the TIB, the JSCU can start the interception. There are various stages, the first being a filter that removes irrelevant datastreams, like from popular streaming and download services like Netflix, Spotify and YouTube. It is expected that this will remove up to 98% of the data volume. What remains will then be separated in content data and metadata. The metadata may be stored for up to 3 years, but must be destroyed earlier, when it turns out that they are not relevant. One of the most important purposes for these metadata is contact-chaining in order to map the networks of, for example, terrorists or pirates.

The content data that will be gathered from untargeted interception will be subjected to another filtering stage, which is aimed at further narrowing down on those communications that are considered most useful. Content that will eventually be seen and examined by analysts has to be selected from the database by using specific selectors, like telephone numbers or e-mail addresses. This means that even for data that has been collected through untargeted or bulk interception, the content will be picked out just as targeted as traditional individual wiretaps.

Finally, it should be noted that, for preliminary searches of the bulk data sets, as well as for the final stage of selecting the content, there has to be prior approval by the minister and the TIB. Therefore, the new law requires a total of three stages of approval for the power of untargeted interception.

This is the second of a two-part report from Holland, by Dr. Constant Hijzen and Peter Koop. Part one is available here.

Dr. Constant (C.W.) Hijzen is an Assistant Professor in Intelligence Studies at the Institute of Security and Global Affairs and the Institute for History at Leiden University in the Netherlands. His research focuses on the formative years of intelligence and security services, analyzing their early institutionalization years from a comparative and intelligence culture perspective.

Peter (P.J.F.) Koop writes about signals intelligence, communications security and top level telecommunications on his weblog www.Electrospaces.net and is associated with the Institute of Security and Global Affairs of Leiden University.