Dutch Government Details How It Will Allow Bulk Cable Interception For Intelligence Services
from the that's-the-way-to-do-it dept
Earlier this year, Techdirt reported on details that have emerged about how GCHQ and the NSA tap underwater cables carrying large quantities of the world’s Internet traffic. Now, in a long and detailed post from Matthijs R. Koot, we learn that the Dutch government is planning to give similar powers to its own intelligence and security services. Dutch intelligence services can already carry out bulk collection of wireless communications, provided those have at least a foreign source or foreign destination — that is, domestic bulk intercept is not permitted. A committee reviewed the law governing interception, and recommended that it should become “technology-neutral” so as to allow bulk collection of cable signals too. Most of Koot’s post is taken up with a translation of the Dutch government’s response to that recommendation. The new framework for interception consists of three phases:
Goal-oriented collection [in Dutch: “doelgerichte verzameling”] of telecommunications,
preprocessing of intercepted telecommunications, and
(further) processing of the telecommunications.
In the first phase — collection — goal-oriented relevant data are intercepted and made accessible (for instance by decryption), after advance approval from the Minister based on an investigation goal defined as accurately as possible. Preparatory technical activities aimed at goal-oriented collection of data and making the data accessible, can be part of this phase. Individuals or organizations are not yet being investigated in this phase, meaning that the infringement on privacy is limited. The second phase — preprocessing — is aimed at optimizing, in broad sense, the interception process, in the context of ongoing, approved investigatory assignments using the collected data. As this optimization can require metadata analysis or briefly taking a look at the contents of telecommunication, the infringement on privacy is greater than in the first phase. In the third phase — processing — selection of relevant telecommunications takes place, and selected data are used to gain insight into the intentions, capabilities and behavior of individuals and organizations that are subject of investigation. In this phase, target-oriented investigation takes place, in which the contents of telecommunications and metadata are analyzed to identify individuals or organizations, and to recognize patterns.
An increasing insight into the personal life is thus obtained from phase to phase. The safeguards that will be laid down in legislation, must be stronger as the infringement on privacy is greater.
The response then goes on to spell out those safeguards, as well as describing other key areas, such as co-operation with network providers and data exchange with foreign security services. All-in-all, the document demonstrates nicely how a government can be transparent about the way that it is approaching bulk interception, but without jeopardizing any aspect of its operations. It’s a pity other governments are unable to do the same.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: cable interception, netherlands, surveillance, tapping
Comments on “Dutch Government Details How It Will Allow Bulk Cable Interception For Intelligence Services”
Hey Glynn, I think you’ve come to the wrong conclusion. Instead of supporting transparent bulk collection of domestic comms your conclusion should be condemning bulk collection period!
Re: Re:
That may be true, but, in this particular case, this is arguably the most sensible way to go about it, having read the documentation (via Google Translate).
Note that at no point here have I said that the bulk data collection is a good thing.
Re: Re: Re:
As usual, they’re falling behind their targets. GCHQ (British) are inhaling hundreds of Gb/sec. tapping undersea cables, when in reality (eg.) ISIS isn’t even using the net to communicate (except for PR purposes).
So what do Dutch taxpayers get for all the money spent on security services’ eavesdropping, considering none of this eavesdropping has lead to a single arrest anywhere? The politicians should be questioning why they’re going this way when it doesn’t get them anywhere. What a lot of waste and nothing to show for it.
Re: Re:
Agreed.
Way to go Glyn, this article really showcases your keen ability to accentuate the tiny piece of undigested nut in a big steaming pile of pooh.
It’s no more complicated than this – If all communications are collected and stored, there is a 100% probability that that information will be abused to the advantage of those who control that information.
No other factors than the human nature of those who lust for power, money, and prestige need be entertained to come to this conclusion.
I hope you’ll reconsider any future attempts to polish this turd.
Re: Re: Re:
Agreed.
There is this one problem: no real safeguards, other than a secret group (Commissie Stiekem), and government preferring to ignore EU legal issues, such as data retention.
Dutch intelligence services can already carry out bulk collection of wireless communications, provided those have at least a foreign source or foreign destination — that is, domestic bulk intercept is not permitted.
If I understand this correctly…if I send an email from my home in the Netherlands to, say, my neighbor through his gmail-account, because the google servers are placed outside of the Netherlands that communication can be intercepted?
The usual loophole……
Re: Re:
Loopholes so big you can run an undersea cable through them.
Re: Response to: Anonymous Coward on Dec 1st, 2014 @ 4:21am
Governments love their loopholes. It lets them give the impression that they care without all the tireless giving a crap.
Re: Re:
And don’t forget if you’re not 100% Dutch everything you do Is from a foreign source.
translation
Haven’t read the whole thing yet, but wanted to recommend changing the translation of doelgerichte verzameling to “targeted collection”.
Back to reading… 🙂
Preparatory technical activities aimed at goal-oriented collection of data and making the data accessible, can be part of this phase. Individuals or organizations are not yet being investigated in this phase, meaning that the infringement on privacy is limited.
Ah yes. In this phase, we will collect all information about everyone and store it in a convenient format for us to look at later. Since we will never have any employees that abuse power and will never have a data breach, the collection of this information is perfectly private. Oh, and we can catalog the contents of your closets and drawers, but until we actually decide we need to use this information against you, we have not violated your privacy.
Nice.
Flood them with one time pad encryptions of work that is out of copyright or otherwise in the public domain. Easily generated in massive amounts.
Re: Re:
Otherwise known as random bits.
Re: Re: Re:
To work with random bits they would need a hardware random number generator. There is always at least one determinant key for a pseudo random number generator.
Re: Re: Re: Re:
I suspect that his point is that since a properly done OTP encryption is indistinguishable from random bits, just generating and sending random (or every psuedorandom) bits is plenty good enough for this purpose.
‘It’s a pity other governments are unable to do the same.’
it’s not that they are unable, they just dont want to. all this people surveillance to find terrorists is complete bullshit! they have no desire to find terrorists as they cant stop them from doing whatever it is they want to do. this is just an excuse being used to hide the real reason. that reason is that all the governments only want to be able to spy on their own citizens! they know they wont be able to find out where the terrorists are or what they’re up to. they are in the main too clever to give themselves, their comrades or the intentions away. much easier to spy on us ordinary people. we’ve got nothing to hide, so dont have to let alone try to! the only time we are going to do so is when we get so pissed off at our governments, at home and abroad, spying on our every move, our every message, phone call and journey. that is going to force us to take the very measures the governments are scared we will take, but they will be to blame!! and we are within a smidgeon of that time now, but they are so stupid, wont take the hint and back off!!
The “rules” look undefined and meaningless. What is the point of this article?
In the first phase — collection — goal-oriented relevant data are intercepted and made accessible (for instance by decryption)…
How does decryption and scanning for relevance to a given “goal” happen before even reaching the “preprocessing” phase?
Individuals or organizations are not yet being investigated in this phase, meaning that the infringement on privacy is limited.
Looking at everything casually is much less invasive than looking at some things a little more closely?
The second phase — preprocessing — is aimed at optimizing, in broad sense, the interception process…
Collect everything possible (and decrypt it — how?) in Phase One, then worry about the interception in Phase Two?
Is this just weirdness caused by translation? Awkwardness due to bureaucratic government terminology? Or are we looking at another case of nebulous “selectors” and capture & storage not counting as “collection”?
TOR
As I recall, the FBI said that it was just collecting TOR’s data to “have it.” A month later they announced they had taken down Silken Road 2.0 by breaking TOR’s encryption.