Earlier this year, Techdirt reported on details that have emerged about how GCHQ and the NSA tap underwater cables carrying large quantities of the world’s Internet traffic. Now, in a long and detailed post from Matthijs R. Koot, we learn that the Dutch government is planning to give similar powers to its own intelligence and security services. Dutch intelligence services can already carry out bulk collection of wireless communications, provided those have at least a foreign source or foreign destination — that is, domestic bulk intercept is not permitted. A committee reviewed the law governing interception, and recommended that it should become “technology-neutral” so as to allow bulk collection of cable signals too. Most of Koot’s post is taken up with a translation of the Dutch government’s response to that recommendation. The new framework for interception consists of three phases:
Goal-oriented collection [in Dutch: “doelgerichte verzameling”] of telecommunications,
preprocessing of intercepted telecommunications, and
(further) processing of the telecommunications.
In the first phase — collection — goal-oriented relevant data are intercepted and made accessible (for instance by decryption), after advance approval from the Minister based on an investigation goal defined as accurately as possible. Preparatory technical activities aimed at goal-oriented collection of data and making the data accessible, can be part of this phase. Individuals or organizations are not yet being investigated in this phase, meaning that the infringement on privacy is limited. The second phase — preprocessing — is aimed at optimizing, in broad sense, the interception process, in the context of ongoing, approved investigatory assignments using the collected data. As this optimization can require metadata analysis or briefly taking a look at the contents of telecommunication, the infringement on privacy is greater than in the first phase. In the third phase — processing — selection of relevant telecommunications takes place, and selected data are used to gain insight into the intentions, capabilities and behavior of individuals and organizations that are subject of investigation. In this phase, target-oriented investigation takes place, in which the contents of telecommunications and metadata are analyzed to identify individuals or organizations, and to recognize patterns.
An increasing insight into the personal life is thus obtained from phase to phase. The safeguards that will be laid down in legislation, must be stronger as the infringement on privacy is greater.
The response then goes on to spell out those safeguards, as well as describing other key areas, such as co-operation with network providers and data exchange with foreign security services. All-in-all, the document demonstrates nicely how a government can be transparent about the way that it is approaching bulk interception, but without jeopardizing any aspect of its operations. It’s a pity other governments are unable to do the same.