Head of AIVD: 'I am not in favour of Big Brother'
Privacy First Foundation organises regular get-togethers cum theme nights for our volunteers, donors and experts from our network of journalists, scientists, ICT professionals and lawyers. Since June 2011, these evenings have taken place on average once a quarter at Privacy First's offices in the former Volkskrant building in Amsterdam. Themes so far have included privacy in the Netherlands (speaker: Bart de Koning), biometrics (Max Snijder) and profiling by the government (Quirine Eijkman and André Hoogstrate). There were also book presentations by Dimitri Tokmetzis (The digital shadow) and Adriaan Bos (Lawyer of truth). On Thursday evening, 13 September, there was a real first: a lecture on the General Intelligence and Security Service (AIVD) and the right to privacy by none other than the Head of the AIVD himself, Mr. Rob Bertholee. (Click HERE for our earlier invitation to relations. Would you also like to receive an invitation from now on? Mail us!) The essence of Mr Bertholee's lecture appeared on the AIVD website the next morning; click HERE. Following the lecture, a article in the Telegraph. Below is our condensed account of the (more than two hours long) lecture and discussion by Bertholee with the audience.
Common goal: freedom in an open democratic society
The evening begins with a brief introduction by Privacy First chairman Bas Filippini. In Filippini's view, Privacy First and the AIVD are actually fighting for the same goal, namely freedom in an open democratic society, albeit from different perspectives. Rob Bertholee agrees and says that, contrary to what some people may think, he is not in the lion's den here tonight. After a long career in the land forces, Bertholee has now spent nine months as head of the AIVD. The image he quickly got of the AIVD was that of a professional organisation with people driven by ideals, he says. Both the AIVD and the MIVD deal daily with risks and threats to national security and the democratic rule of law, or in other words, threats to the way we are used to living with all the safeguards for our freedoms that this entails. As a result of internationalisation and technologisation, those threats and risks are increasing in number, impact and reach. One example is the internet, which has both a positive side and a dark side.
Safety is not a fundamental right
The AIVD has two main tasks: intelligence and security. However, security is not formally a fundamental right, Bertholee rightly points out. However, the European Court of Human Rights has indicated in its case law that States are obliged to take all reasonable measures against life-threatening situations, according to Bertholee. The Council of Europe subsequently confirmed this with the so-called Guidelines on human rights and the fight against terrorism. Whereas Privacy First's focus is on protecting the individual, so the AIVD's focus is on protecting the community of individuals. In between is a trade-off: to protect the community, an individual's rights must sometimes be infringed. Bertholee goes on to mention some AIVD tasks that do not involve a breach of privacy, namely (1) in personal security investigations and (2) in promoting protective measures in individuals, organisations and companies, for example in connection with espionage. After all, when conducting personal security investigations and in the task under (2), the AIVD is not allowed to deploy special intelligence resources (by law). And it is precisely in such deployment that privacy is infringed.
A relevant part of the AIVD is the National Communications Security Agency (NBV), which supports the central government in securing special information. The NBV evaluates security products and also plays a role in their development. This is where, for example, government USB sticks are tested against data breaches. Then there is the AIVD's political intelligence task abroad, "which may affect people's privacy, but not here in the country". And finally, there is the task of making threat assessments for individuals (e.g. politicians), organisations or events. One AIVD task in which privacy does come into play in the Netherlands concerns investigations into "threats to national security, the continued existence of the democratic legal order and other important interests of the State". This investigation takes place first of all through open sources (media, internet, etc.), but can (subsequently) also take place by following, observing or eavesdropping on people or by penetrating virtual or physical spaces. In this context, Bertholee emphasises the high degree to which every AIVD employee is imbued with "the essence" of the Intelligence and Security Services Act (Wiv2002). "As a citizen, I felt reasonably reassured from the moment I gained insight into what the service actually did and could and should do, and how the government could continue to exercise control over a service like the AIVD," Bertholee says. "You don't have to believe me, but I wanted to share this with you anyway," he jokes. Then sternly: "our tasks and powers are all tightly defined in the law."
Legal framework
In terms of counterterrorism, the AIVD's current focus is on (potential) jihadists and radical loners such as Breivik. Bertholee is concerned that such loners are difficult to track down, although relevant information is sometimes available, for instance from healthcare institutions or the police. A difficult dilemma then is whether cases could have been prevented by "correlating" information nationally and internationally, and what risks you want to accept as a society while maintaining privacy, Bertholee said. However, he can also imagine that correlation (linking) and international exchange of data is perceived by citizens as "Big Brother" and that people are concerned about this. As a citizen himself, Bertholee worries about this. Where is the balance between protecting the individual and protecting the community? Every special power of the AIVD is anchored in the Wiv2002. And every special power infringes on privacy. The simplest special power is talking to people (art. 17 Wiv2002). Every special power in the Wiv2002 is subject to the requirements of 1) necessity, 2) proportionality and 3) subsidiarity. Special powers can therefore only be used if open sources (internet etc.) are insufficient. The AIVD must ask itself each time: is it necessarily necessary? And are we quite sure that there is no lighter means? The exercise of these powers is verifiable in retrospect. However, apart from opening letters (which falls under the Postal Act), no supervisory judge is involved. The deployment of any special intelligence tool does require permission. This is granted by the Minister of the Interior and Kingdom Relations (BZK) or on behalf of the Minister by the Head of the AIVD. Every new AIVD employee also receives basic training, during which they are introduced to the Wiv2002. In this context, Bertholee tells an interesting anecdote: once in a while, the AIVD invites a number of journalists, parliamentarians or lawyers to discuss a case together. In doing so, the non-AIVD personnel usually turn out to be more inclined to use special powers than the AIVD employees themselves. When asked, Bertholee incidentally replied that he personally explained the Wiv2002 to Minister Spies (BZK) as early as an hour and a half after she had been sworn in by Queen Beatrix. "No ground rules of our own, just what is in the law," Bertholee said. He goes on to explain the process by which a special power is deployed: it starts with the employee who wants to use a special power for an AIVD investigation. That employee has to justify this in writing. An operational AIVD lawyer looks at this. Then it goes to the superior. Then it comes to Bertholee. And then it goes to the minister. So it goes case by case, each time respecting the requirements of the Wiv2002. Incidentally, when the AIVD asks citizens for information, there should be no pressure of any kind. The same applies to requesting information from journalists: journalists are completely free to cooperate or not. "If a journalist doesn't want to cooperate, that's unfortunate for the AIVD, but that's where it ends," Bertholee argues. However, this will be recorded in an interview note, as everything must be verifiable for the AIVD.
Monitoring mechanisms
Bertholee talks about the system of control of the AIVD in which a number of bodies each play their own role. First, there is the parliamentary committee on intelligence and security services ("Stiekem Committee"), consisting of all group chairmen. In addition, there is the (public) Parliamentary Committee on Home Affairs. To check the legality of the AIVD's performance of its duties, there is also the Intelligence and Security Services Regulatory Commission (CTIVD); this independent supervisory body consists mainly of lawyers. According to Bertholee, the CTIVD's assessment of the AIVD has been predominantly positive in recent years. There is also a role for the Court of Audit to audit the AIVD's (secret) budget. Both the CTIVD and the Court of Audit are given access to everything.
Revision Wiv2002
Regarding possible revision of the Wiv2002, Bertholee notes that the current legal scope for the AIVD is sufficient and that it does not need more powers. However, he does find it "peculiar" that the Wiv2002 is related in some aspects to the Postal Act and the Telecom Act, so that opening a letter by the AIVD requires permission from the examining magistrate while the same permission is not needed to intercept and open an email. The legislation is thus technology-dependent and "you have to do something about that," Bertholee believes. In the field of SIGINT (Signals Intelligence), the CTIVD has incidentally proposed to amend the legislation. Furthermore, parliament could soon start evaluating the Wiv2002. Hot topics currently seem to be a possible ban on using journalists as informants and more control over the efficiency (effectiveness) of the AIVD. A tricky aspect of the latter, however, is that the effectiveness of an organisation like the AIVD is sometimes difficult to measure; this is related to the nature of the work and the type of threats that are averted. Bertholee: "I accept that life has certain risks. However, the question is whether society wants it. How many deaths a year do you find acceptable?"
No Big Brother
Confronted with a question from the audience about new, predictive techniques and the effect this could have on societal behaviour, Bertholee stated "not to be a supporter of Big Brother. There are limits to what you can and cannot do. That also has to do with the risks you are willing to run as a society." To another question from the audience, Bertholee replied that a special power may only be applied as long as there is a need for it. If the need (i.e. the reason or threat) lapses, so does the power. The CTIVD also pays attention to this. Subsequently, there is an obligation to notify the citizen concerned 5 years after the date, unless this is relevant sources or a current modus operandi could reveal. To date, however, this notification requirement has not been used. Moreover, Bertholee wonders whether such notification might not actually constitute an attack on someone's private life if nothing at all was going on with the person in question.
International exchange
International intelligence sharing between the AIVD and foreign services remains subject to the Wiv2002, Bertholee replied when asked. In addition, an international code of conduct. Exchanges are assessed on a case-by-case and country-by-country basis. Exchanges also specify what may be done with the information concerned. In international traffic, this is adhered to reasonably well, according to Bertholee. In some cases (read: countries), however, exchange can be a dilemma...
Limit lies with violence
When asked to what extent activists appear in AIVD files, Bertholee replied that in principle the AIVD does not investigate activists. Bertholee: "What someone thinks doesn't matter to us. We are not the moralists of the Netherlands. Only the moment there are violence involved, calls for violence, clear intentions of violence, radicalisation, then we feel involved."
Current risks
Bertholee also emphasised during the discussion with the audience that the AIVD's goal is not to gather as much information as possible. The goal is to gather the right information to avert a threat. In this respect, it is not the AIVD but industry that is a driving force behind the development of new information technology, which unfortunately is also used in less democratic countries. When asked, Bertholee also acknowledged the risk of an abundance of data into which a service like the AIVD could 'drown'. Biometrics is one such development of new technology. This makes it more difficult to establish a false identity, both for people who want to do harm and for AIVD agents themselves. Furthermore, privatisation of intelligence work is risky, particularly due to the lack of legal checks and balances.
Finally
Bertholee ended his lecture by reiterating that the AIVD 1) does not keep files on everyone, 2) does not keep everyone under the tap, 3) does not shoot anyone, 4) does not arrest anyone, 5) does not clamp down on anyone, 6) does not torture anyone, 7) does not hack every computer, 8) does not have enforcement powers, 9) does not put pressure on people and 10) does not recruit journalists. After this, Privacy First president Filippini closed the evening and invited all present to drinks with music.
Postscript Privacy First: just as international peace and security often benefit from dialogue between "opponents", so too does domestic understanding between the government and civil rights organisations like Privacy First. In this sense, we considered this evening to be very valuable and hope that the AIVD also considers it worth repeating!
Update 27 September 2012: Following the above lecture, a second article in the Telegraph.