Ronald Plasterk, the Dutch Minister of the Interior, wants to make sure that the Dutch secret services have the powers to spy on the behaviour of all citizens and gain insight in all of their communications: phone calls, emails, chat messages and website visits. This much is clear after he published an update of the 2002 secret services bill and put it into online consultation last week.
Dutch digital rights organisation Bits of Freedom will scrutinize the bill in the next few weeks and provide input for the consultation. Three things immediately jump out as very worrying on a first inspection:
The secret services will gain the power to use a dragnet form of surveillance. The Minister has given assurances that the dragnet will only be used for specific purposes, but has not provided adequate safeguards limiting the mass surveillance of unsuspected citizens. There is no guarantee that these powers will only be used to target a specific group of people instead of a much broader and ill-defined group like all persons in the Netherlands who are in contact with Syria. What if the services want to do the same for Marocco, or France, or the United States? And do this all at the same time?
If there is a suspicion that someone wants to do harm, then it is already possible to put them under surveillance if necessary and proportionate. The Dutch services currently have the option to wiretap all communications of their targets. Using this dragnet to identify or monitor possible threats for the Dutch national security will inevitably ensnare many innocent people, breaching their rights in the process. There has not been any discussion in the Netherlands about the necessity of these powers.
A second issue in the proposed bill is access to this bulk data by foreign services. Data which has been intercepted in bulk by the Dutch secret services can be shared in bulk with foreign services, even before the data has been evaluated. And anybody can be put under surveillance as soon as the Dutch secret service learns that they have been followed before by a foreign service, regardless of whether this person would be considered dangerous under Dutch law.
A final issue is the expansion of the hacking powers of the secret services. Since 2002, they have been allowed to hack into the devices of a subject (which could also mean the servers of a forum). In this proposal, this power will be expanded to include subjects that are in some way (even if only technically) connected to the real subject, in order to get to the real subject. This could mean that an unsuspecting user of a server might be hacked to gain access to another user of that same server.
The proposed bill obviously also affects non-Dutch citizens and does not provide any answers to the global problem of state surveillance. Rather, it could be seen as an attempt to bring the Netherlands into the surveillance game. Instead of making an effort to end mass surveillance this bill only increases the number of mass surveilling states.