Report shows flaws in new Dutch Surveillance Act

Amidst fierce debates about the upcoming referendum on the new Dutch national security law, a first international report, entitled ‘Dutch National Security Reform Under Review: Sufficient Checks and Balances in the Intelligence and Security Services Act 2017?’ has been published on the new surveillance powers and its implications. The authors, both experienced and recognized authorities in the field, recognize the need to update the outdated intelligence law from 2002.

The new Surveillance Act introduces a more technology neutral approach and therefore extends the powers of the responsible ministers and the intelligence agencies working on their behalf. Powers have been extended and now include the bulk collection of data independently of the underlying network or service providers. The new law also further clarifies the use of general powers (using informants to get access to data, use information from the dark net) and special powers such as hacking into devices, service providers and hosting organizations to get access to so-called ‘over the top services’ (OTT).

While this extension of (special) powers needs to be assessed critically, the new national security law doesn’t provide sufficient checks and balances. Again, for example, only orally in discussions with Parliament, the government agreed to discuss – in exceptional cases – new surveillance methods with the oversight committee of the Dutch Parliament but didn’t making them part of a larger public debate.

The law does provide high level guarantees for protecting human rights, but this will largely depend on the implementation of the law and the development of ‘best practices’ to enforce them. A new system of checks and balances had been introduced with a special committee deciding beforehand on the legitimacy of privacy interferences authorized by the responsible minister. It’s unclear how this committee (the TIB), the Review Board for the Use of Powers, will operate, while not being a formal part of the independent court system. For example, it has no explicit legal basis to consult with experts and is funded directly by the ministry involved. Nor is it clear how it will interact with other supervisory bodies such as the external oversight body, the Review Committee on the Intelligence and Security Services (the CTIVD). For example, courts can independently decide on interventions regarding lawyers and journalists without consulting with this committee. In all, the law represents an opaque and confusing system of oversight.

On the transparency side, the report shows the limitations of the new surveillance act. Basically, the law is blocking any form of transparency, no guidance is given to companies/stakeholders who want to report on their involvement (the law already seems outdated by a recent court decision on publishing records on phone tapping). Under pressure by courts, the Dutch government decided to publish metadata on wiretapping). On the other hand, it introduces a new authority, the complaints department of the existing oversight committee (the CTIVD). This committee has strong enforcement powers. It can decide to terminate existing operations of the services and can order destruction of data gathered. Furthermore, the new law introduces a whistleblower arrangement. To some extent this is a benefit, however it should not be excluded that the procedural requirements might result in less protection.

The authors of the study are very clear on the impact of the new law. Quirine Eijkman says ‘our study is only a first step: this new surveillance law has a considerable effect on human rights protection. Unfortunately, the checks and balances are not strong enough to challenge bulk interception of communications’. Nico van Eijk: ‘we try to make clear that these kinds of laws are not like fashion. They impact society on an ongoing basis. We have to continue protecting the real underlying values: the rule of law and fundamental rights.’

8 March 2018.