This Monday, the investigation report of the Commission Dessens was presented; the commission was tasked by the Dutch House of Representatives last year with evaluating the ‘Wet op de inlichtingen- en veiligheidsdiensten’ (Law on the Intelligence and Security Services, abbreviated ‘Wiv’). That commission is now suggesting an ‘expansion of the jurisdiction’ of the Dutch AIVD (General Intelligence and Security Service) and MIVD (Military Intelligence and Security Service): that they should be permitted to monitor and inspect the entire Dutch internet. In that case, the services would turn their digital eyes and ears not just to suspects, but to every (innocent) Dutch citizen, as well as any foreign citizen whose data passes through the Dutch network — which it often does, since the Netherlands are home to the AMS-IX, the second largest web traffic hub in the world.
The current ‘Wiv’ is from 2002, and grants the security services the authority to gather wireless communication without a specific purpose and to seek out threats; in practice, this is mostly about limited amounts of radio traffic and telephone conversations. The cabled internet, which only a small proportion of the Dutch people used regularly back then, could only be tapped in special cases. Limited time and funding forced the services to prioritise, creating natural checks and balances: mass surveillance and analysis of private conversations between innocent citizens was not an option with the technological and legal limitations of that time.
Ten years and half a billion websites later, almost every Dutch citizen is constantly connected to the internet, which grows in magnitude by 50 to 100 percent every year. Its usage has changed too: we’re communicating and interacting all the time. Sometimes with random strangers, and then the next moment with our physician. Romantic relationships form and break up and Facebook is the first to know about it, just like it knows about our vacation spots, our social network, when we meet our contacts and what we talk about with them. We exchange political views, talk about religion and atheism, and after the national elections we talk in private messages about what political party we voted for. We google dozens of things a week, based on our most earnest and private thoughts, and order all sorts of products and services online. Never before have our lives, our thoughts and our intimacy been this digitalised.
And now the Commission Dessens is advocating ‘expansion’ of the ‘existing jurisdiction’ of the security services by giving them permission to keep tabs on the entire Dutch internet. Not just the communication and internet connections of suspects, criminals or potential terrorists; everyone’s. Not just in areas of high risk, or when there’s a known threat, but everywhere, all the time. No longer limited by natural checks and balances, but using supercomputers and special software that have no natural limitations, with data storage space that could be infinite if wanted.
Never before have these services had that much power. Contrary to what the Commission is implying, this suggestion is not an ‘expansion’ of ‘existing jurisdiction’; it’s the introduction of new, unprecedented jurisdiction that’s more massive, unchecked and large-scale than ever before.