Report from Holland: Cable-bound interceptions and ‘dragnets’

Wet op de Inlichtingen- en VeiligheidsdienstenFor the past year, the Netherlands has had a new law governing its two secret services, the AIVD and the MIVD. The new Intelligence and Security Services Act (Wet op de inlichtingen- en veiligheidsdiensten or Wiv) was and still is heavily criticized, especially because it allows untargeted access to cable-bound telephone and internet traffic. Under the previous law, which dates from 2002, the intelligence services were only allowed to conduct bulk interception of wireless transmissions, like satellite and radio communications —besides of course the traditional targeted telephone and internet taps aimed at individual targets.

That prohibition of bulk cable tapping is not the only thing that makes Dutch intelligence services different from those of many other countries. Probably the biggest difference is the fact that the Wiv applies to both foreign and domestic operations, as if the two secret services were responsible for both domestic security and foreign intelligence.

The General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst, or AIVD) covers the civilian domain, and focuses at Jihadist terrorism, radicalization, rightwing and leftwing extremism, counter-intelligence and countering cyber threats. This is mostly domestic, but the AIVD also has a small branch that gathers foreign intelligence from and about a select range of countries. The Military Intelligence and Security Service (Militaire Inlichtingen- en Veiligheidsdienst, or MIVD) covers military issues, and is therefore more foreign-orientated than its civilian counterpart. The MIVD is responsible for the security of Dutch armed forces and for collecting foreign intelligence in military matters, while at the same time providing support of Dutch military missions abroad, like for example in Mali. When it comes to Signals Intelligence (SIGINT), the AIVD and MIVD combined their efforts in a joint unit called the Joint SIGINT Cyber Unit (JSCU), which became operational in 2014. The JSCU is responsible for most of the technical interception capabilities, from traditional wiretaps to cyber operations. The JSCU is not allowed to conduct offensive cyber operations. The latter are conducted by the Defence Cyber Command (DCC) of the Dutch armed forces. Read more of this post

Advertisements

Report from Holland: A heated debate over a new intelligence and security act

Wet op de Inlichtingen- en VeiligheidsdienstenOn March 21, the Dutch public cast their vote about the new Intelligence and Security Services Act, in Dutch Wet op de Inlichtingen- en Veiligheidsdiensten (or WIV). In this two-part post, we report about the debate currently taking place. In our first contribution, the discussion itself will be analyzed. In our second post, we will focus on the new special powers that the Act grants the Dutch intelligence community, more specifically the practice of cable-bound interception, which is central here.

First the discussion. Public unrest about the new intelligence act came rather late. In August, a group of concerned students from Amsterdam was able to collect more than ten thousand signatures for a consultative referendum on the Intelligence and Security Services Act, to which the House of Representatives agreed on 14 February, and the Senate on 11 July 2017. The students were supported by a variety of digital civil liberties organizations, including Amnesty International and Bits of Freedom, and successfully petitioned 300,000 signatures. By law (which has been abolished in the meantime) the Dutch government was required to hold a consultative referendum about the new Act.

What conclusions they will draw from a ‘yes’ or ‘no’ majority, based on whatever turn-out percentage, is unclear. Some leaders of the coalition parties, such as the Christian-Democratic parliamentary leader Sybrand Buma, have stated that they will ignore the referendum altogether. A bit late to the party (parliament has discussed and accepted the new Act throughout 2017), the concerned students and digital civil rights groups claim their goal is to start a discussion about the ‘tapping law’ or ‘vacuum cleaner capability’, most often referred to as the ‘dragnet law’ in popular metaphors. Although this complex and comprehensive law settles a variety of intelligence matters, the discussion has focused almost exclusively on the ‘dragnet’: the interception of communication traffic that runs through fiber optic cables, and the consequences of the application of this special power for the privacy of Dutch citizens. Read more of this post

Swiss trying to change image as Europe’s spy hub, say officials

Federal Intelligence Service SwitzerlandOfficials in Switzerland say new laws enacted in recent months will help them change their country’s image as one of Europe’s most active spy venues. For decades, the small alpine country has been a destination of choice for intelligence officers from all over the world, who use it as a place to meet assets from third countries. For example, a case officer from Britain’s Secret Intelligence Service (MI6) will travel to Switzerland to meet her Algerian agent. She will exchange money and documents with him before she returns to Britain and he to Algeria, presumably after depositing his earnings into a Swiss bank account.

There are multiple reasons that explain Switzerland’s preferred status as a meeting place for spies and their handlers. The country is suitably located in the center of Europe and is a member of the European Union’s Schengen Treaty, which means that a passport is not required to enter it when arriving there from European Union member-states. Additionally, the country features an efficient transportation and telecommunication infrastructure, and its stable political system offers predictability and security, despite the limited size and strength of its law enforcement and security agencies. Perhaps most important of all, the Swiss have learned not to ask questions of visitors, many of whom flock to the country to entrust their cash to its privacy-conscious banking sector.

But, according to the Swiss Federal Intelligence Service (FIS), foreign spies and their handlers should find another venue to meet in secret. Speaking to the Sunday edition of Switzerland’s NZZ newspaper, FIS spokeswoman Isabelle Graber said she and her colleagues were aware that their country is a venue for meetings between intelligence operatives from third countries. Such meetings have “continued to rise in the last few years” and include “everyone from security agency employees to freelancers”, as “the market in trading secrets has exploded”, she said. That trend, added Graber, has led to a corresponding rise in meetings aimed at exchanging information for money. Many such meetings take place throughout Switzerland, she noted, and are “in violation of Swiss sovereignty and can lead to operations against the interests of the nation”.

In the past, said Graber, FIS was unable to prevent such activities on Swiss soil, due to pro-privacy legislation, which meant that the agency’s ability to combat foreign espionage in Switzerland was “far more limited than in other countries”. However, said the intelligence agency spokeswoman, the law recently changed to permit FIS to break into homes and hotels, hack into computers, wiretap phones, and implement surveillance on individuals believed to be spies or intelligence officers of foreign countries. Armed with the new legislation, the FIS is now “working hard to clear up third-country meetings [and] to prevent these from happening or at least disrupt them”, said Graber. Several times this year alone, FIS had forward information about “third-country meetings” to judicial authorities in Switzerland, she said.

Author: Ian Allen | Date: 06 February 2018 | Permalink

Espionage threat is greater now than in Cold War, Australian agency warns

ASIO AustraliaForeign intelligence collection and espionage threats against Australia are greater today than at any time during the Cold War, according to a senior Australian intelligence official. The claim was made on Wednesday by Peter Vickery, deputy director general of the Australian Security Intelligence Organisation (ASIO), the country’s primary counterintelligence agency. He was speaking before a parliamentary committee that is considering aspects of a proposed bill, which aims to combat foreign influence on Australian political and economic life. If enacted, the bill would require anyone who is professionally advocating or campaigning in favor of “foreign entities” to register with the government. Several opposition parties and groups, including the Catholic Church, have expressed concern, saying that the bill is too broad and could curtail the political and religious freedoms of Australians.

But ASIO has come out strongly in favor of the proposed bill. Speaking in parliament on Wednesday, Vickery warned that Australia is today facing more threats from espionage than during the Cold War. “Whilst [the Cold War] was obviously a very busy time” for ASIO, said Vickery, his agency’s assessment is that Cold War espionage was “not on the scale we are experiencing today” in Australia. During the Cold War, ASIO was cognizant and aware of the major adversaries, he added. But today, the espionage landscape features “a raft of unknown players”, many of whom operate on behalf of non-state actors, said Vickery. The phenomenon of globalization further-complicates counterintelligence efforts, he added, because foreign espionage can be conducted from afar with little effort. Vickery noted that espionage and foreign influence in Australia “is not something that we think might happen, or possibly could happen. It is happening now against Australian interests in Australia and Australian interests abroad”. He also warned that the public knows little about the extent of espionage and foreign-influence operations taking place “at a local, state and federal level” throughout the country.

Earlier this week, the Catholic Church of Australia came out in opposition to the proposed legislation, which it sees as too broad. The religious denomination, which represents approximately 20 percent of the country’s population, said that the bill was too broad and could force Australian Catholics to register as agents of a foreign power. Technically, the Catholic Church is headquartered at the Vatican, which would make the organization a foreign entity under the proposed bill, the Church said in a statement.

Author: Joseph Fitsanakis | Date: 01 February 2018 | Permalink

Britain to set up intelligence unit to combat ‘fake news’ by foreign states

Theresa MayThe British government has announced that it will form a new intelligence unit tasked with preventing the spread of so-called “fake news” by foreign states, including Russia. The decision was revealed earlier this week in London by a government spokesman, who said that the new unit will be named “National Security Communications Unit”. The spokesman added that the unit will be responsible for “combating disinformation by state actors and others”. When asked by reporters whether the effort was meant as a response to the phenomenon often described as “fake news”, the spokesman said that it was.

According to The Times newspaper, the proposal for a National Security Communications Unit was presented during a scheduled meeting of the country’s National Security Council earlier this week. It was put forward by its strongest proponent, Sir Mark Sedwill, Britain’s former ambassador to Afghanistan and current national security adviser to the government. The unit will be directly accountable to the Cabinet Office, the government department that is responsible for providing support to the Prime Minister and her Cabinet. It will be staffed with professionals from Britain’s intelligence and security agencies, but will also rely on contributions from external experts in cybersecurity, communications and public relations. The unit will also include a “rapid response unit” that will be tasked with countering “fake news” in real time, according to The Times.

The move follows a similar development in the United States. In December of 2016, the then President Barack Obama signed a new law that designated $160 million to set up a government center for “countering foreign propaganda and disinformation”. The law, entitled “Countering Foreign Propaganda and Disinformation Act”, authorized the departments of State and Defense to work with other federal agencies in establishing the new body. According to a statement by the White House, the goal of the Center would be to collect and analyze “foreign government information warfare efforts” and to “expose and counter foreign information operations” directed against “US national security interests”.

On Wednesday it was announced in London that the British Secretary of Defense, Gavin Williamson, will be providing further details about the National Security Communications Unit in a speech to the House of Commons “within the next few days”.

Author: Joseph Fitsanakis | Date: 25 January 2018 | Permalink

US government to set up ‘anti-propaganda center’ after Obama signs new law

Barack ObamaUnited States President Barack Obama has signed a new law that designates $160 million to set up a government center for “countering foreign propaganda and disinformation”. The law authorizes the US departments of State and Defense to work with other federal agencies in establishing the new body. Its precise tasks are not yet known, nor is the role in it —if any— of intelligence agencies, though the Director of National Intelligence is mentioned in the body of the legislation.

The legislation is entitled “Countering Foreign Propaganda and Disinformation Act”, and it was introduced in both chambers of the US Congress last spring by Republican and Democrat legislators. It was initially entitled “Countering Information Warfare Act”, but was subsequently revised and included in the National Defense Authorization Act for fiscal year 2017. It was approved by the House of Representatives on December 2, and by the Senate on December 8. President Obama signed it into law on December 23. Under the new law, the Department of Justice has to take initiative within 180 days, and collaborate with the Department of Defense, before reaching out to “other relevant departments and agencies”. Resulting from this process will be the establishment of a “Center for Information Analysis and Response”. The goal of the Center will be to collect and analyze “foreign government information warfare efforts”, and to “expose and counter foreign information operations” directed against “US national security interests”. The plan will be funded in the amount of $160 million over two years.

Rob Portman, a Republican US Senator from Ohio, who co-sponsored the bill, hailed it as “a critical step towards confronting the extensive, and destabilizing, foreign propaganda and disinformation operations being waged against us by our enemies overseas”. But the Russian government-owned broadcaster RT called the new law “ominous” and “controversial”, and said the US government was “itself pushing propaganda on its own domestic population”. In an article published on Tuesday, the Hong Kong-based newspaper South China Morning Post said the new legislation was aimed at China, as well as at Russia. The newspaper cited Chinese experts who warned that Washington and Beijing “could head down the slippery slope toward ideological confrontation” as a result of the new law.

Author: Joseph Fitsanakis | Date: 28 December 2016 | Permalink

Analysis: New Dutch spy bill proposes changes in approval, oversight

AIVD HollandOn July 2, 2015, the Dutch government released for public consultation a long-awaited bill that overhauls the Dutch Intelligence and Security Act of 2002. Known also as Wiv2002, the Act is the legal framework for the operations of the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD). The bill is a complete rewrite of the present law, and includes expansions of power, as well as changes to the approval regime and oversight. The below provides a brief overview focused on the interception and hacking powers.

The services’ special powers, such as interception and hacking, can only be used for a subset of their legal tasks. That subset includes national security,
foreign intelligence and military intelligence. The government annually determines the intelligence needs of itself and other intelligence consumers; the outcome is used to focus and prioritize strategic and operational plans and activities.

The services have and hold a specific interception power, i.e., interception of communication of a specified person, organization and/or technical characteristic (e.g. IMEI, phone number, IP address, email address). This requires approval from the minister in charge. The services also have and hold a non-specific interception power —i.e., ‘bulk’ interception— but the bill expands that power from ether-only to “any form of telecommunications or data transfer”, thus including cable networks. Furthermore, the bill no longer limits the non-specific power to communication that has a foreign source and/or foreign destination, meaning that domestic communication is in scope. Like the specific power, the non-specific power requires approval from the minister in charge. The services can retain raw bulk intercepts not just for one year, as is presently the case, but for three years. Encrypted raw intercepts can be stored indefinitely, as is presently the case; the three year retention period is triggered when bulk-intercepted encrypted data is decrypted.

Certain categories of “providers of communication services” will be required, in consultation with the services, to provide access to their networks, if so requested by the services on the basis of approval from the minister. Those categories will be determined by governmental decree. The term “provider of a communication service” is derived from the term “service provider” in the Budapest Convention on Cybercrime of 2001, and is defined so as to include public telecommunication networks, non-public telecommunications networks, hosting providers and website operators. The services have and hold the right to, under certain conditions and after approval from the Minister, compel “anyone” to decrypt data or hand over keys. The approval request for that must include an indication of the conversations, telecommunications or data transfers that are targeted.

Read more of this post