Security vs. Privacy, the state is watching you

(1)

University of Leiden, Crisis and Security Management Master thesis

Security vs. Privacy

The state is watching you

Name: Sylvia Derr Student Number: s1633295

Supervisor: dr. J. Reijling 2nd_{Reader: dr. W.J. van Noort}

(2)

PREFACE

This thesis is made as a completion of the Crisis and Security Management Program at the University of Leiden. The new Law on Intelligence and Security Services (Wet Inlichtingen en Veiligheidsdiensten) will be the focus of this research. This because the intelligence services have my interest and the criticism on this new law caught my attention. With the knowledge I have gained successfully during the Crisis and Security Management Program, I was able to conduct this research.

Several people have contributed in the writing of this Master’s thesis. First of all, I would like to thank my supervisor, J. Reijling, for the guidance and support during this process. I also wish to thank all interviewees, without whose cooperation I would not have been able to come to this analysis. Finally, I would like to thank my family for being supportive during my time studying Crisis and Security Management.

I hope you will enjoy reading this thesis. Sylvia Derr

(3)

ABSTRACT

The aim of this thesis is to investigate whether the new Law on Intelligence and Security Services (Wet Inlichtingen en Veiligheidsdiensten, Wiv) would strike a proper balance between privacy and security interests of Dutch citizens. There is a lot of criticism on this new law, because by the broadening of the interception powers the intelligence services will be allowed to intercept all communication channels of citizens. While examining the amendment and the criticism on it, four interesting aspects can be found.

The first aspect is the policy aspect. A concept which is concerned with policy- and decision-making is procedural justice. A key element to examine whether a procedure has been performed fairly, is by examining the laws, regulations and rules. Therefore, the Dutch and European laws were examined to see if they state something about the rights on privacy or security. From this analysis, it can be concluded that every citizen has the right to a private life. However, when national security is at stake, the intelligence services are allowed to interfere in the citizens’ private life. The concept of national security, however, does not have clear boundaries. Therefore a critical stance remains important. Secondly, there is a technological aspect. The aim of the amendment is to create a legal framework for the intelligence services by giving them, amongst others, special powers. The broadening of some of these powers have led to the debate about the balance between privacy and security. Demchak and Fenstermacher (2004) developed a framework which states that a proper balance can be found by separating information on behaviour and identity. However, during interviews the experts did not seem to believe that this separation would meet both interests of the privacy and security advocates. Nevertheless, the services do not have immediate access to both the identity and behaviour of suspects, according to the new Wiv. In addition, it is not true that the services will intercept people at random in the hope to find interesting information. In order to ensure that the services handle the data appropriately, some safeguards, such as supervision have been included into the Wiv.

This leads to the third organizational aspect. This part also received a lot of criticism based on the way how supervision is arranged in the new law. The minister needs to give his authorization before a special power, like interception, may be used. However, not everyone seems to believe that the minister is the right person to take this decision. Even though, there are also external actors who will oversee the minister and the services. This means that criteria like bias suppression and representation are not met and that people will judge the procedure as unfair.

Finally, ten years after the introduction of the existing Wiv 2002 an evaluation was conducted. In this evaluation it became clear that the services could not perform their tasks effectively anymore. In order to prevent this from happening again, an evaluation is included in the new law.

So, the intelligence services will be able to violate the right on privacy sometimes. However, not to the extent the critics state. Still, people do not seem to trust the responsible government officials and therefore it is recommended to give more insight into the way the special powers and supervision are arranged by being more transparent. Another recommendation is that the way supervision is regulated should be re-examined. Because the way supervision is organized in the amendment seems to strengthen the feeling of unfair procedures and will also relate to the idea of an unbalance between privacy and security. Re-examining and more transparency will then lead to more support of the new Wiv.

(4)

LIST OF ABBREVIATIONS

AIVD - General Intelligence and Security Service of the Netherlands CIVD - Commission Intelligence- and Security Services

Comit - Communication intelligence

CTIVD - Committee on the Intelligence and Security Services Cyberint - Cyber intelligence

ECHR - European Convention of Human Rights Elint - Electronic intelligence

EU - European Union

MIVD - Military Intelligence and Security Service Sigint - Signals intelligence

USA - United States of America Wbp - Personal Data Protection Act

(7)

1. INTRODUCTION

In 2012, the Law on Intelligence and Security Services 2002 (Wet Inlichtingen en Veiligheidsdiensten, Wiv) existed ten years. During these ten years the Wiv had never been evaluated. In 2012 the majority of the House of Representatives decided that an evaluation of the Wiv was preferable. An independent and external commission was appointed to evaluate this law, the commission Dessens. This commission had the task to examine if the law had been effective. Other points of examination were: if the law was feasible, if there were issues which should get more attention, if the powers of the intelligence services were sufficient and if the oversight on the services was well established (Commissie Dessens, 2013).

In July of 2015 Minister Plasterk introduced an amendment to Wiv, thereby conforming to the advice of the commission Dessens that changes were needed (Commissie Dessens, 2013). The intention of this amendment is to give the intelligence services, the AIVD and the MIVD, broader interception powers. Nowadays, with the Wiv 2002, the intelligence services are only allowed to tap on the ether, but with the rise of new technologies communication finds its way through the cable. Intercepting the cable is, however, not yet allowed by law. With the introduction of the amendment, the intelligence services will also be authorized to tap from the cable and by doing so be able to gather information about jihad fighters, espionage and cyberattacks (Joop.nl, 2015a).

Although this amendment will give the intelligence services more possibilities to gather information which can be used to assure the security of the citizens, there is a lot of criticism on this amendment, which is commonly called the Eavesdropping Act. Headlines of articles state:

‘’Eavesdropping Act Plasterk; They know more about you than your partner’’ (PrivacyNieuws.nl, 2015) and ‘’More taps on phone- and e-mail traffic’’ (Haas, 2015).

Citizens, institutions and companies were also asked to give their opinion on the amendment until the first of September 2015. According to the Netherlands Institute of Human Rights, the amendment is just a legal basis which allows the intelligence services to use special powers which violate the right on privacy extremely (Loof, 2015). So, if this amendment will be approved the intelligence services are able to tap on more telecommunication services, which raises the question if security has become more important than privacy.

According to Rob Bertholee, the director of the AIVD, there is little violation of the right of privacy because the intelligence services will only tap the telecommunication of an individual when there is enough evidence that there is a threat. In addition, there will be a supervisor, the minister and a government official, who will have to give their consent before the intelligence services are allowed to intercept telecommunication. The fact that the minister himself is the supervisor, is not a problem according to Bertholee; he and the minister are very mindful and will keep in mind that there are tensions with privacy. Therefore, they will always question what is more important, the privacy of that specific person, or the threat to security (Joop, 2015b).

The tapping of civilians is not only a national issue, intelligence services from outside the Netherlands also tap ordinary Dutch citizens. In 2013 the NSA (the American secret service) tapped 1,3 million Dutch phones in one month (Wokke, 2013). In 2015 there were claims that the NSA, but also the German secret service had intercepted communication (RTL Nieuws, 2015). Apparently espionage on civilians

(8)

is necessary for intelligence services in order to obtain information, even if these citizens are your own citizens. This raises the question, to what extent does security outweigh privacy?

Privacy is a fundamental right (ECHR, 1950). Nevertheless, the government also has the obligation to ensure security (AIVD, 2015). This leads to academic and social debates between privacy and security advocates. Often the argument: ‘’If you have nothing to hide, you have nothing to fear’’, is used. Yet, privacy is not only about keeping information secret, it is also about the right to be let alone or personhood (Van Lieshout, Friedewal, & Wright & Gutwirth, 2013; Solove, 2007). A lot of authors (Demchak & Fenstermacher, 2004; Van Lieshout et al., 2013; Solove, 2008) have written about the balance between security and privacy. Some of them, like Demchak and Fenstermacher (2004), developed a framework in which knowledge of behaviour and knowledge of identity should be collected separately in order to find a balance between security and privacy. Governments, however, would prefer a society in which they can gather both knowledge of behaviour and identity in order to act against threats. Privacy advocates will then claim that the government, and thereby the intelligence services, should not have access to both of these factors, because people have a right on privacy (Demchak & Fenstermacher, 2004; Demchak & Fenstermacher, 2009).

While by this new law, the discussion about the right on privacy and the right on security has raised again, this paper will address the following research question:

To what extend will the amendment strike the balance between the security and privacy interests of Dutch citizens?

When reading the new law, four separate aspects come to mind. First, there is the policy aspect about finding the right balance. Then there is the technical aspect which is about intelligence gathering and, the organizational aspect which entails how the Wiv is organized. Finally, there is an evaluation aspect. While examining these aspects we will be able to comment on the criticism that started the discussion. This paper will examine the impact of the amendment on the balance between privacy and security interests of Dutch citizens. First, the already existing literature describing the balance, as well as the concepts of privacy and security will be discussed. Next, the research design will be explained, followed by the analysis. Finally, this research will end with a conclusion and recommendations.

(9)

2. THEORY

As mentioned in the introduction, there is a lot of criticism on the amendment, especially about the fact that the amendment would violate the right of privacy and that the supervision on the services is not arranged properly. These criticisms are based on the third and seventh chapter of the Wiv. The third chapter discusses the assimilation of data which is gathered by the intelligence services. In addition, it describes the special powers, as for example interception. The seventh chapter discusses the supervision, complaint treatment and the reporting of possible abuses (Wiv, 2015). While examining these chapters and the critiques, four interesting aspects can be found. The first is the policy aspect, which will focus on the right of privacy and security. The Wiv does not explain what privacy and security is, so what does literature state about these concepts? The second aspect, the technological one, will focus on the balance of security and privacy. How do scholars think about this balance? But it will also explain more in depth how, for example, wiretapping is performed. This technological aspect is related to the organizational aspect. The organizational aspect will look deeper into how certain issues, such as supervision, are being organized. The last aspect will be about the future of the balance and about policy evaluation.

Before the four aspects are examined, a general introduction on intelligence gathering will be given. This, to give insight in the work of intelligence services which is necessary background knowledge in order to understand the issues at stake more thoroughly.

2.1. General introduction in the field of intelligence tasks and organization

In the Netherlands, the AIVD and MIVD stand for the task of protecting national security and detecting risks and threats (Wiv, 2002). How they should do this is stated in the Wiv. The tasks of the AIVD for the protection of national security consist of, first, doing research into organizations and persons who according to their aims or activities can be a threat to the democracy, security or other aims of the state. Secondly, they conduct safety investigations. A third task is the promotion of measures which are necessary in order to protect the democracy and national security. Fourthly, the AIVD does research in other countries. These issues are assigned by the Prime Minister in accordance with the other ministers involved. Finally, the AIVD prepares threat and risk assessments, but only if the minister of Interior and Kingdom relations and the minister of Security and Justice request that (Wiv, 2015). The task of the MIVD regarding the protection of national security consists of, first, doing research on the armed forces of other powers in order to effectively use their own armed forces and to investigate factors which can influence the promotion of the international rule of law. Secondly, like the AIVD, they conduct safety investigations. The third task consists of doing research into the necessary measures to firstly, prevent events that could harm the security or preparation of the armed forces. Secondly, the promotion of a proper course of mobilization and finally, the concentration of the armed forces and an undisturbed preparation of the armed forces. The fourth task consists of promoting necessary measures in order to fulfil the third task. Fifthly, doing research into other countries, like the AIVD, on request of the Prime Minister. Finally, the MIVD also prepares threat and risk assessments when the minister of Interior and Kingdom relations, the minister of Defence and the minister of Security and Justice request this (Wiv, 2015).

So, some of the tasks are similar, but the MIVD has the focuses on peace missions and international terrorism, whereas the AIVD focuses more on national security (MIVD, 2015). Nowadays, both

(10)

international and national security have become more interwoven and therefore the AIVD also received international tasks in the Wiv 2002. This means that the AIVD is allowed to also use their competences abroad. But, if there are subjects relating to the military then the MIVD will investigate this. This will often involve the gathering of intelligence for possible military missions abroad (Muller, 2010).

The intelligence services protect the national security. But, what is national security? Aquilina (2010), describes national security as the well-being of the state and describes national security as a category of the term public security. The author mentions four categories of the term public security: national security, public safety, the economic well-being of the country and protection from other criminal offences which are directed at the public. These categories were formulated in response to Article 8, paragraph 2 from the European Convention on the Protection of Human Rights and Fundamental freedoms (ECHR), an European article which is also valid in the Netherlands. This article is based on the right of privacy and states that if one of the four categories mentioned above is threatened, interference by a public authority is allowed (Aquilina, 2010; ECHR, 1950). According to Aquilina (2010) the services only protect national security and this does not include economic development and the protection of criminal acts.

In order to show how intelligence services gather information, the intelligence cycle (figure 1) can be used to give insight into this process. This cycle consists of interactive steps which will finally lead to an intelligence-output (De Graaf, 2010).

Figure 1: Intelligence cycle (De Graaf, 2010; p.350)

The first step in this process is the phase of planning. In this phase policy officials need to plan what kind of information is necessary for a perceived threat. If it is known what kind of information is required and how this can be obtained, this information will be collected by intelligence managers. The collected information will then be processed, which means that the information is made understandable. For example, when an intelligence service tapped a phone of someone who speaks another language, then this conversation will be translated before it can be analysed. During the analysis it will become clear whether the information is useful, and if it is, it will be handed on to higher officials who decide what to do next (De Graaf, 2010; Johnson, 2007).

(11)

Through a more in depth examination of these phases, failures can be detected, as for example the so-called Ultra-syndrome, which means that one relies too much on one source (De Graaf, 2010). It is important that the services do not rely too much on one type of source, because if they do and the source is no longer of use, there is no information at all. This can have consequences for the intelligence cycle because there would be no incoming information to process.

2.2. Policy aspect

The Wiv has been established for the intelligence services and it describes the tasks and rights of these services; the services and the government are not allowed to do everything they would like to do. Procedural justice is a concept that is especially applicable within the public sector. This concept will therefore, be discussed first, followed by the concepts of privacy and security. These concepts are important while the services want to guarantee security, but as became clear in the introduction, people are afraid that their privacy is violated.

2.2.1. Procedural justice

Within the public sector it is always necessary to hold someone accountable for certain decisions or policies. A concept which is concerned with policy- and decision-making is procedural justice. This entails the decision-making processes, the outcomes of these processes, the acceptance and the legitimacy. If the actors who are affected by the decisions judge the procedures as fair, they will be more likely to accept the outcomes of these decisions, even if these are not in their own advantage. However, if the actors judge the procedures as unfair, there will be less/no acceptance of the outcome. Procedural justice will both create stability of the decisions which are made as well as for the institutions which made the decisions (Joss & Brownlea, 1999).

One important factor which influences the way how actors judge the procedure is their own involvement during this procedure. This involvement can be divided into two elements, namely: the process control and the decision control. This entails that one can attempt to influence the progress of the process (process control) or to influence the outcome of the procedure (decision control) (Thibaut & Walker, 1978).

Nevertheless, these elements of controlling the decision-making are difficult to measure and therefore it would be hard to state whether or not a procedure is fair. Leventhal (1980), created six criteria which, according to him, are important when it comes to procedural justice. These six criteria are: 1) consistency, 2) bias suppression, 3) accuracy of information, 4) correctability, 5) representation and 6) ethically. The first criterion: consistency, entails that the procedure is performed in the same way even though other people perform the procedure. Secondly, bias suppression, entails the neutrality of the institution or person who needs to take the decision. Thirdly, information which is used for the decision-making needs to be accurate to prevent mistakes from happening. Fourthly, if a mistake occurred there should be a possibility to restore this mistake. Fifthly, the interests of all stakeholders should be taken into account. Finally, ethically: the decision-making process should be in correspondence to the moral and ethical values of everyone involved in the process (Leventhal, 1980). If the six criteria are examined more in depth, a distinction can be made between organizational criteria, technological criteria and evaluation criteria. Bias suppression, representation, ethicality and consistency are criteria which can be seen as organizational criteria. Accuracy of information can be seen as a technological aspect because this entails the element of information gathering. Nevertheless, there is also an organizational element because dealing with the information to come to a decision is

(12)

more organizational than technical. The thought may rise that this technical aspect is only present after the decision is made because the intelligence services need authorization before they are allowed to gather information. Nevertheless, the intelligence cycle showed that intelligence gathering happens according to a cycle. This also means that earlier gathered information is used for another or further investigation. Correctability is an evaluation criterion while this is about the possibility to restore mistakes which occurred during the decision-making process.

Accountability is an important factor in decisions that are made in the public sector. This also means that there are certain requirements to the decision-making for all the technological, organizational and evaluation aspects. The assumption is that, if the criteria are met, the stakeholders will accept the outcome of the procedure, even though the outcome is not the outcome they hoped for (Joss & Brownlea, 1999).

Besides these six criteria there is, according to Joss & Brownlea (1999), another key element which gives insight into procedural justice namely the ‘authoritative’ standards, which are for example: laws, charters and guidelines. These authoritative standards therefore should be taken into account when considering the quality of the procedural justice-process.

2.2.2. The concepts of privacy and security

Privacy

Intelligence services, both national and international, use intelligence gathering to obtain information which is necessary to prevent threats. While obtaining this information the services sometimes need to violate someone’s right on privacy. Even though the term privacy is often mentioned, a clear definition is missing, even in literature. Attempts are made to describe what privacy is, for example by Aquilina (2010) who defines privacy as:

‘’The area of a man’s life which, in any given circumstances, a reasonable man with a understanding of the legitimate needs of the community would think it wrong to invade.’’

(p. 133)

Other authors, like Van Lieshout, Friedewald, Wright, and Gutwirth (2013) refer in their article to six dimensions of privacy, namely:

‘’(1) the right to be let alone; (2) limited access to the self; (3) secrecy; (4) control of personal information; (5) personhood; and (6) intimacy.’’ (p. 120)

These dimensions view privacy as an individual right, something a lot of authors who have written about privacy have done. Nowadays, other thoughts about the right on privacy have risen. These new perspectives state that privacy is not a value anymore that trumps all other rights, these authors believe that the common good, like national security, has become more important. This means that when it comes to a decision between individual rights or the common good, society will be the one chosen for (Solove, 2007). According to Solove, the value of privacy is undervalued by governmental officials and this would be the reason that the common good is the one the officials choose for (Solove, 2009). That officials are more likely to choose for the common good is seen as the result from the 9/11 attacks and the following bombings in Madrid and London (Van Lieshout et al, 2013).

It is often forgotten that privacy is more than just keeping things secret from others. Solove (2009) states that it is also about confidentiality. This is similar to the framework of contextual integrity which has been developed by Nissenbaum (2004). She states that there are two types of informational

(13)

norms. The two norms are: appropriateness and distribution. Appropriateness consists of questioning what kind of information of a person is appropriate to reveal. For example, it is logical that a patient shares his medical conditions with his doctor, but the doctor will not tell his patient about his own conditions. The distribution concept does not focus on what is appropriate to share, but on the question what is done with this information. For example, it is appropriate to have a very open relationship with friends, but people expect their friends not to be very open about this information to others. Even though people choose to tell this information to friends, they expect that it will remain confidential.

Another point which is, according to Solove (2009), part of privacy is having control over what is done with personal data. Those who possess personal information should give notice of what kind of information they possess and what they are planning to do with it (Solove, 2009). People forget that these subjects also fall under privacy. Does this than mean that officials should not choose for the common good? The protection of the individual rights can be seen as a societal responsibility. If there would be no protection of privacy in society this could lead to intrusions and nosiness. Therefore it is sometimes better to choose for the common good and hence protect society. People should keep in mind about what kind of privacy they are talking: individual or societal, while there are many different forms of intrusions to privacy. Even though, privacy has a societal dimension and because there are norms and values within a society people have a voice together when they believe something is not right. So in any case a balance between the individual right of privacy and the societal interests/common good should be kept in mind (Solove, 2009).

This balance between individual privacy and the common good makes the concept of privacy difficult to explain. The lack of a clear definition of what privacy exactly is, causes the focus of the government to change towards whether privacy is expected or not. If privacy is not expected, then the consequences of certain measures on privacy are often ignored (Solove, 2009). According to Solove (2009), people should not only receive protection of their privacy when they expect it, it should be there, no matter what. Solove (2009) admits that it is hard to explain clearly which intrusions on privacy took place and why these intrusions were harmful.

Even though privacy has a certain value which needs to be respected, it also has costs. The more privacy people want, the more difficult it becomes to gain information and to catch possible perpetrators of attacks (Reiman, 1995). An argument which is often used in the privacy-security debate is the ‘’I’ve got nothing to hide’’ argument. This argument is one of the reasons why the security advocates often win the debates about security versus privacy. When it is the government who is gathering intelligence, the overall belief is that only information will be gathered which is supposed to be helpful. Besides, most of the data analysing will be done by computers, which means that if there is no interesting information probably no person will ever see this personal information. More about data analysing can be found in paragraph 2.3.1.

Security

Besides privacy, security also does not have a clear definition. As has already been discussed, if there is a threat to national security the state is allowed to interfere in someone’s personal life (ECHR, 1950). But, at what point is national security at stake? In the Netherlands, this is the case if vital interests of the state or society are threatened in a way which could lead to social disruption. There are five vital interests namely: territorial security, economical security, ecological security, physical security of the citizens and social and political stability. Threats to these interests include both actions which are done

(14)

on purpose by humans, defined as ‘security-threats’, and non-intentional actions like human failure, natural disasters and process-errors, known as ‘safety-hazards’. National security can be at stake by both security-threats and safety-hazards. The intelligence services only deal with the security-threats (Frinking & Rademaker, 2010). Thus, the definition by Aquilina (2010) differs with the ideas in the Netherlands.

When talking about security, it implies the freedom from human-inflicted risks and dangers. The meaning of security will differ between countries, academics and politicians. For example, Germany only uses one word, Sicherheit, which refers to both security and safety. They do not make a distinction between these two concepts, something that is done in the Netherlands and France. For individuals, security will often refer to a life without dangers from the outside, but also having, for example, financial certainties. Looking at security from a political perspective, it relates more to the integrity of the state and the protection of its borders (Van Lieshout et al., 2013).

2.2.3. Sub conclusion

The concepts of privacy and security remain unclear, even after examining the literature. This makes procedural justice even more important because there are two parties who both stand for their own perspectives. In the Wiv criteria like bias suppression, consistency and representation should be applied in the law to make sure there is a fair procedure. Whether this is done will be discussed in chapter 4.

2.3. Technological aspect

In paragraph 2.2.1. the criteria of procedural justice have been discussed. Accuracy of information can be seen as a technological criterion because it entails the way how information is gathered to ensure that this information is accurate. This paragraph will start by explaining in what ways the intelligence services can interfere in someone’s personal life in order to gather information. If the services have obtained information, they need to analyse this information to define the relevance of it. The storage of personal data also gives other opportunities. Datamining and profiling are methods which can be used in order to obtain more information and will therefore be discussed more in depth. Finally, when it is known how information is gathered and what can be done with it, a framework will be introduced that will describe how the balance between privacy and security can be kept.

2.3.1. Intelligence gathering

In order to perform the tasks as stated in paragraph 2.1. the intelligence services are authorized to interfere in someone’s personal life. The article which describes the usage of non-specific communication research, is article 33 and states the following:

‘’1. The services are authorized to use technical tools for wiretapping, bugging, recording and listening to any form of telecommunication or data transmission through an automated work regardless of the location in other cases than those referred to in article 32, if it is satisfied by this article. Within the jurisdiction referred to in the first sentence, is also the power to undo encryption of telecommunication or data as well as the technical analysis of the data insofar this is aimed at optimizing the use of power as referred to in the first sentence.’’ (Wiv, 2015; article 33)

One way of interfering in someone’s life in order to gather information is through wiretapping, which is a synonym for eavesdropping (Sherr, 2011).

(15)

‘’Eavesdropping is the surreptitious monitoring of communication.’’ (Sherr, 2011; p. 378)

Eavesdropping is a classic way of espionage and can be conducted in different forms. Phone calls can be intercepted, but also microphones can be placed. With all the new technologies a new type of eavesdropping has developed, namely the interception of online information. This entails obtaining personal information from individuals, but also from companies and governments by intercepting telecommunications (AIVD, 2015).

As is stated in article 33 of the Wiv, the services are allowed to use automated works to gather information. The Wiv, however, does not offer any clear definition of the term automated works. A definition of an automated work can be found in the penal code which states:

‘’With an automated work is meant a device which is intended to electronically store, process and transfer data.’’ (Wetboek van Strafrecht, 1881; article 80sexies)

This description of an automated work shows what kind of intelligence gathering is performed by the intelligence services. The interception of telecommunication can be placed under a wide term, namely communication intelligence (Comit). Comit is mainly the interception of telecommunication and does not include the interception of telecommunication. The intelligence services also intercept non-telecommunication like navigation systems. This type of interception falls under the term electronic intelligence (Elint). The overall term of these intelligence gathering manners is Signals intelligence (Sigint) (Wiebes, 2010). Another way of intelligence gathering is human intelligence (Humint). By this kind of intelligence gathering the intelligence services use people to gather information. This can be done by infiltrating in an organization, institution or group. So in a formal sense Humint is not part of eavesdropping (Hijzen & Meijer, 2010).

With the rise of the Internet in recent years, cyber espionage has also increased. This has led to a new way of intelligence gathering, namely through cyber intelligence (Cyberint). Cyberint is used to gather digital communication, which can create an overlap with Sigint, because both of the specializations can create, for example, the same e-mails (Prins, 2010). Still there are differences between the two, these differences are shown in table 1.

Table 1: Cyberint versus Sigint (Prins, 2010).

Cyberint Sigint

An active way of intelligence gathering: The equipment of the target(s) will be manipulated in order to obtain information

A passive way of intelligence gathering: It is only intercepting the equipment without manipulating it.

Only data from the target(s) will be received A lot of data will be gathered, which means that before the information can be used it needs to be filtered.

The target(s) can become aware of the fact that someone got access to their information. However, this does not immediately lead to an intelligence service because other actors can also have the needs to hack into systems.

(16)

The Dutch intelligence services have, according to the Wiv (2002), the right to use both Sigint and Cyberint (De Graaf, 2010).

2.3.2. Profiling and Datamining

With the amendment the intelligence services would get more possibilities to gather data from the cable in order to detect terrorist threats, act against cyber espionage and cyber-attacks and to support military missions (Rijksoverheid, 2015b). Terrorists use the Internet for: communication, propaganda, planning and research. Especially communication has changed by the rise of the Internet. Nowadays, terrorists are able to work globally because they can contact each other by using for example e-mail or forums. Not only communication has become easier, these new developments can also be used in the advantage of terrorists, or others who want to. Intelligence gathering, for example, is not something only the intelligence services do. People who want to can hack the systems they are interested in to obtain intelligence. New technologies also bring new threats to, for example, the data which are stored by the government (Brown & Korff, 2009). With the new amendment the intelligence services should be able to act against these new threats (Rijksoverheid, 2015b). Nevertheless, Brown and Korff (2009) warn for some disadvantages, because what will be done with all the gathered information? It can for example, be used for profiling or datamining.

Profiling entails finding an offender by attempting to identify different kind of traits which relate to a similar threat/crime. The characteristics of the threat will set a profile of the offender. This profile can help the services in the process of finding suspects.

There are different types of profiling, amongst others: offender profiling, victim profiling, psychological profiling and geographical profiling (Hickey, 2003). The first type is probably most interesting for the intelligence services. This because getting insight in offenders gives the possibility to act before they perform their actions. In order to create profiles interviews are held with experts, but also previous offenders who committed similar crimes are examined. Nevertheless, not everyone believes that profiling is a good method for identifying (possible) offenders. It is not guaranteed that a profile is always right, so investigators should not rely too much on just a profile (Hickey, 2003).

Datamining is a tool that is designed to look for certain patterns in the collected data. If then the patterns fit in a profile someone can be labelled as possible suspect. So, here information is first gathered before a computer will search for patterns. The use of this tool raises questions about the balance between security and privacy. Security advocates state that this method is needed nowadays and that this method is there to protect the security of the citizens. According to them, not every action of the government should be questioned while they will take these measures to protect national security. Nevertheless, privacy advocates state that it is a violation of the right of privacy. As a reaction to this statement, security advocates argue that datamining is done by computers (the automated works), so the right of privacy is not harmed since most data will not be seen by intelligence officers (Solove, 2008).

Security advocates do, according to Solove (2008), admit that there can be some problems regarding the privacy issue, but this does not relate to the interception of phones and e-mails. The biggest problem with datamining would be the level of transparency or openness. Openness can create accountability and gives more insight in how the government deals with the information. However, datamining programs are often kept secret because governments do not want to give potential information to for example, terrorists. This lack of transparency is one of the arguments of the privacy

(17)

advocates. Another argument is that profiling is inaccurate because not every terrorist has the same patterns. Besides, if some of the patterns are similar with expected patterns of terrorists it does not have to mean that that person is indeed a terrorist. Still, governments are willing to use datamining because it could help with identifying possible terrorists (Solove, 2008; Solove, 2011).

2.3.3. Security-privacy debate line

In order to give insight in the balance between security and privacy Demchak and Fenstermacher (2004) defined a so called security-privacy debate line (figure 2). If the government officials who will choose security over privacy should be placed in this figure, they can be found in the upper right hand region of figure 2. These officials find it necessary to have a lot of information about the behaviour of individuals as well as about the identity of these individuals (Demchak & Fenstermacher, 2004).

Figure 2: Behaviour-identity knowledge framework (Demchak & Fenstermacher, 2004)

Demchak and Fenstermacher have chosen to distinguish identity and behaviour as the two variables which define the security-privacy debate line. Identity is about knowing who an individual is, without knowing the actions of this individual. Nowadays, identity is often used as a value to create security, for example the use of the ‘’no-fly lists’’. Airports use these lists and they only have identity-based information. The only aspect of behaviour that is involved is trying to get on board of a plane. As Demchak and Fenstermacher (2009) describe, governmental systems use lists which are only based on names. The problem with these lists is that there is not one specific owner of these lists who is able to make changes to it. This means that if you are on a list it will be hard to get off. Moreover, while using only identity based information, security services have no indication about possible actions which may occur in the future because the value of identity is static (Demchak & Fenstermacher, 2009).

Having an identity makes it possible to track someone. Still, the term identity does not always have the same meaning. According to Fearon (1999) the term identity can be distinguished into two elements. There are social categories, which can be defined by memberships or expected behaviour. Secondly, there is a personal identity which contains social distinguishing features. Personal identity is unique to everyone, without these predicates a person would not be the same person anymore. The taste of music, for example, does not fall under personal identity, but is seen as a social category. Social categories can be divided into two features. First the rules of memberships and second the content of a social category. The content of a social category can be seen as a set of characteristics which meet the rules of memberships. Characteristics are, for example, desires, believes or moral commitments.

(18)

These characteristics will fit within the rules of memberships. For example, police officers share moral commitments and believes, but these are not specific to just one police officer. (Fearon, 1999). According to Demchak and Fenstermacher (2009) a proper balance between privacy and security can be kept by the separation of identity and behaviour. This entails that either the security advocates have all the knowledge of identity and the privacy advocates then have the knowledge of behaviour, or the security advocates will have the knowledge of behaviour and the privacy advocates of identity. By separating the knowledge it guarantees that not all information is known by the intelligence services. If this separation of knowledge would be the case, the intelligence services would prefer the knowledge of behaviour. Since knowing behaviour gives more insight into the actions of a person and can give insight into future actions. To create an analysis of behaviour apart from identity, requires a lot of information gathering. It can also be difficult to link different elements which are necessary to create relevant patterns.

Demchak and Fenstermacher (2009) state that the perspectives about which system should be used in order to prevent threats, are changing. Even though, both the identity-based system and the behaviour-based system have disadvantages, the behaviour-based system is the system that is preferred. Privacy advocates can support the idea of using a behaviour-based system, because then the identity and the behaviour are separated. In order to separate the two elements, privacy advocates would like to see that the available data of a person’s identity would be anonymized (Demchak & Fenstermacher, 2009).

‘’Anonymous data implies that the data cannot be manipulated or linked to confidently identify the entity that is the subject of the data.’’ (Sweeney, 2000; p. 6)

Anonymizing data does not fully meet the idea of the security advocates. If there will be full anonymity about the identity, this can have consequences if a quick response is necessary because tracing the suspect is then impossible (Demchak & Fenstermacher, 2009). Even though, the security advocates prefer the behaviour-based approach over the identity-based approach, they would like to see a combination of both (Demchak & Fenstermacher, 2004). A combination would be more likely to be effective in catching possible perpetrators, because than there is information about what a person does and who he/she is. Security advocates therefore would prefer ‘pseudonymity’, which implies using de-identified data.

‘’De-identified data result when all explicit identifiers, such as name, address, or phone number are removed, generalized or replaced with a made-up alternative.’’ (Sweeney,

2000; p. 7)

Using pseudonymity makes it possible to trace a suspect, and to meet the privacy advocates there is still no information about the real identity. When using de-identified data, information of the personal identity is made-up, while this information is unique for every person (Demchak & Fenstermacher, 2009). The identity which is created will not lead to a specific person, so it is more a social category; only explicit identifiers as name, phone number and address would be replaced, that has nothing to do with the behaviour of that person. This de-identifying would create a level of anonymity, which the privacy advocates would like to see, but also gives the possibility for security advocates to have a certain transparency in behaviour (Demchak & Fenstermacher, 2009; Fearon, 1999).

(19)

2.3.4. Sub conclusion

There are different forms of intelligence gathering that can be used by the intelligence services. If the services want to use the powers mentioned in article 33 of the Wiv they will gather information by Sigint. After the services obtained the data they analyse it. There are different methods which can be used by the services in order to get insight into possible threats. Profiling is one way, but some experts warn to carefully deal with the profiles, while there is no guarantee that they are correct. There are no clear guidelines with specific criteria which indicate that someone is a terrorist. Besides, information is often kept secret because giving away this information could be in the advantage of the ones who are a threat. Nevertheless, it becomes more difficult to hold someone accountable for the procedure if there is no transparency of how it was performed. So, in order to guarantee this, safeguards should be implemented in the law as is discussed in paragraph 2.2.1.

As has been mentioned before, people are afraid that they are losing their privacy. To keep the balance between privacy and security behaviour and identity should be separated. Intelligence services need information of both in order to work successfully. Behaviour has more value because it can give insight into threats, but in order to track someone an identity is needed. Therefore, de-identified data can be used, which states nothing about the real identity of the suspect, it only gives the services the possibility to trace the person who has suspicious behaviour (of whom they have real information).

2.4. Organizational aspect

As has been discussed, there is little/no transparency in datamining or profiling. This makes it difficult to hold someone accountable for following the agreed procedures. To make sure that the process is fair and that collected information is handled correctly, supervision is necessary. Therefore, in this paragraph the literature about supervision will be discussed. This paragraph will start with a discussion of decision-making, because decision-making is related to the concept of procedural justice.

2.4.1. Decision-making

The next article shows what requirements the AIVD should adhere to when they process personal data.

‘’ […] It can only relate to persons: a) who are seriously suspected of posing a danger to the democratic legal order, or the security, or other important interests of the State, b) who gave permission for a safety investigation, c) of whom it is necessary in the investigations concerning other countries, d) when other intelligence services have sought information about that person, e) whose data are necessary to support a good task performance by the service, f) who are/have worked for the service, g) about who it is necessary for the preparation of threat and risk assessments, mentioned in article 8 part 2, h) if it is necessary to do a communication, as mentioned in article 8 part f.’’ (Wiv, 2015; article 18).

The AIVD are allowed to process personal data only if they meet these criteria. Before they are allowed to process data and to gather it, someone should authorize this. This is often the minister, or someone who is authorized by the minister to take this decision (Wiv, 2015).

As has already been discussed in paragraph 2.2.1, criteria for procedural justice are bias suppression, correctability and representation. Bias suppression entails that the person who takes the decision is neutral (Leventhal, 1980). This is an important criterion while this shapes the way how people feel about the procedure. Judges for example are often viewed as neutral. In contrast, decision-makers in businesses are seen as managers with their own interests. So, a bias in the decision-maker influences

(20)

the public opinion of a procedure, even though the procedure is fairly performed (Tyler & Bies, 2015). If a government official takes the decisions, this also influences the way how people feel about the fairness of the procedure. Public policy- and decision-makers have to face different challenges. First they have to deal with risks and uncertainties of, for example, new technologies as discussed in the technological aspect. Secondly, the government can be criticised by their citizens (Joss & Brownlea, 1999). With the new Wiv there is also criticism about the fact that the minister should give his authorization before an intelligence service may use some of their powers. As critics questioned, is the minister the right person to take this decision?

As has been discussed in the paragraph about the concepts of privacy and security (paragraph 2.2.2.), privacy is not only about keeping information secret from others (Solove, 2007). While looking to the six dimensions given by Van Lieshout et al. (2013) it can also be about the right to be let alone or about intimacy. Therefore the earlier mentioned ‘nothing to hide’ argument is, according to authors such as Solove (2007) and Crossman (2008) not solid. Crossman (2008) states in his article that society used to be a society in which information was shared only if it was really necessary. A change in this perspective has started to develop, more and more it becomes the other way around, information is shared unless there are reasons not to (Crossman, 2008).

One way of increasing the trust of citizens is by allowing broader reflections. Scientific or technological decision-making is often focused on specific individual cases. This causes conflicts if other actors would like to see these decisions reconsidered within a wider social context. Therefore, reflections of decisions should not be limited to individual cases but should entail the bigger picture. Hereby the government would gain more social acceptance and for the longer period trust will be gained (Joss & Brownlea, 1999).

The accuracy of information has been discussed in the context of technology and procedural justice. This accuracy entailed that information which is necessary for the decision-making is correct in order to prevent mistakes (Van Velthoven, 2011). The intelligence cycle showed that there are different phases before a decision is made based on the gathered information. Even though these intelligence services work according to the intelligence cycle this remains theoretical. Practice shows that the intelligence cycle does not always work in the way it should. Hulnick (2006) states that the first step of the process is different in reality. According to the intelligence cycle policy officials need to take the first step in order to start the process. In reality, not the policy officials, but the intelligence managers often start the process. The intelligence managers are aware of gaps existing in the intelligence data. Filling these gaps is what the managers would like to achieve, so they often decide what kind of information they would like.

It is not always necessary to collect data before proceeding to the next step. Sometimes it is possible to examine already existing data in order to get more insight. All the findings from the collection phase will be reported as raw material, the officials in the analysis and production phase will transform this information into a report and will screen it to make sure only interesting and correct information will get to the policy officials. It may happen that a policy official receives raw material, while sometimes the processes of the data collection and data analysis are operating in parallel. Then the raw material from the collection process can be sent to both the analysts as well as the policy officials. An example of taking decisions on the basis of using raw material can be found in the United States of America (USA). The government of the USA thought that Iraq had weapons of mass destruction, raw material of this information got to the policy officials who acted on this information. Now, it is known that there

(21)

were no weapons of mass destruction found in Iraq (Hulnick, 2006). The policy officials should not have based their actions on these reports. According to Hulnick (2006), this shows that the intelligence cycle does not always work in the way it should be.

2.4.2. Supervision

Since intelligence services might violate/challenge fundamental human rights in order to perform their tasks, it is necessary that there is oversight on these services to ensure that they perform their actions on reasonable grounds. Another point why supervision is important is because of the way the intelligence services work. They used to be passive information gatherers, but after 9/11 and the other attacks, like Madrid and London, the services became more active in finding people who pose a threat. Therefore, it is necessary to have supervision on the services (Gill & Phythian, 2006).

Figure 3: Oversight (Gill & Phythian, 2006)

Figure 3 above shows different forms of oversight and control. Control is not the same as oversight because control is performed by the head of an intelligence service. This head of a service has adequate powers which he/she can use to manage and directs its operations. So, this entails the day-to-day management of the services (Gill & Phythian, 2006).

According to Gill and Phythian (2006):

‘’Oversight [...] refers to a process of superintendence of the agencies that is concerned not with day-to-day management but with ensuring that the overall policies of the agency are consistent with its legal mandate.’’ (Gill & Phythian, 2006, p. 151)

There are, different forms of oversights. Oversight can be internal, which means that the intelligence services and the executive branch oversee their actions themselves (point 1 and 2 in figure 3). Or it could be external, which means that the oversight is done by a parliamentary committee, judges or the media and citizens (point 3 and 4 in figure 3) (Gill & Phythian, 2006).

Oversight as such also leads to challenges. There is the possibility that the role of the supervisors is more ceremonial than substantive. On the other hand, there is a possibility that the supervisors

(22)

become too strict which can lead to a culture of fear because the supervisors know what the modus

operandi of the services are. This is also an advantage because they are able to find the inefficient

processes (Gill & Phytian, 2006).

Eskens, Van Daalen and Van Eijk (2015) claim that there should be a complete oversight. Actors which should play a role in the oversight should be: the government, parliament, the judiciary and a specialised (non-parliamentary, independent) commission. If these actors are involved in the oversight it is guaranteed that abuse of information by the services is prevented. Besides oversight, there are other elements which are necessary to create complete oversight. Oversight should also be performed in different stages of the process, namely, before an action is performed, during processing and afterwards (Eskens, Van Daalen & Van Eijk, 2015). Nowadays, the supervisors are only allowed to give information and advice because the minister is responsible for the actions of the intelligence services. Another element to come to complete oversight is that the supervisory bodies should be independent. The minister is not independent in his oversight because he is part of the government and the government addresses the tasks of the intelligence services and is besides the tasking body, also customer. The best way to achieve independent oversight is, according to Eskens, Van Daalen and Van Eijk (2015), by using judiciary oversight. Not in every state this would be a guarantee that this oversight is independent. In addition, the judge can stamp his decisions or he can take a long time to come to a decision. Therefore, resources are necessary to prevent this way of decision making. A specialised commission and a parliamentary commission can be valued as independent if the members of the specialised commission are appointed by parliament. The parliamentary commission should involve members of the ruling parties as well as members of the opposition. A difference between the two commissions is that the specialised commission has more expertise, but the parliamentary commission will be able to better defend itself publicly (Eskens, Van Daalen & Van Eijk, 2015).

2.4.3. Sub conclusion

There is a lack of trust amongst citizens towards the government. Even though, according to Leventhal (1980) the decision-maker should be neutral, the minister approves the requests of the intelligence services to use special powers. Eskens, Van Daalen & Van Eijk (2015) stated that the minister cannot be neutral because he works for the government. Therefore, other supervisory bodies should be included in the oversight on the services, like a specialised commission or a parliamentary commission which can be seen as independent, if there are appointed in the right way. Another independent body could be the judiciary, nevertheless, resources are than needed to ensure the effectiveness of this body. If complete oversight is achieved, supervision can be a way to ensure that the data of people are used in correct matters.

2.5. Evaluation aspect

The Wiv 2002 had not been evaluated in the ten years after its introduction. Also, before 2002 there had never been an examination to indicate if the law brought what was expected of it (Commissie Dessens, 2013). In order to address this fault a mandatory evaluation is included in the new Wiv and states the following:

‘’1. Our Prime Minister, Our Minister of General Affairs, will send in accordance with our concerned ministers, within five years after the entry into force of this law, and every other five years, to the States General a report about the effectiveness and the effects of this law in practice.

(23)

2. Our concerned Minister shall, within five years after the entry into force of this law, and every other five years, report to the States General about the effectiveness of the services under his authorization.’’ (Wiv 20.., 2015, article 147).

According to Perche (2011), the political strategies and needs of the evaluators played a significant role in the outcome of the evaluation process during most evaluations. This could be seen as a disadvantage of evaluations, but by performing evaluations failures can also become visible. Another disadvantage could be that evaluations often leave room for different kind of interpretations and contestations (Perche, 2011). This is also, due to the way the evaluation is conducted. The classical way of policy evaluation focuses on the question if the aim of that policy has been achieved. In this way of evaluating the evaluations will only examine the objectives which were given by the officials, other findings will not be included in the evaluation. As has been mentioned before, political strategies play an significant role. If the classical way of policy evaluation is used, which will often be the case, this will lead to meaningless results (Bressers, Van Twist & Ten Heuvelhof, 2012). In order to come to more meaningful findings, the evaluators should be able to use spontaneous findings in their examinations. Besides, it matters what kind of evaluation is done, while the outcome differs. An evaluation can be done, for example, ex ante or ex post and it can be performed by an external and independent supervisory body, or by an internal commission (Edelenbos & Van Buuren, 2005).

As has been elaborated during the previous paragraphs, procedural justice is important. The six criteria of Leventhal (1980): consistency, bias suppression, accuracy of information, correctability, representation and ethicality can help in the evaluation to examine whether the procedure has been performed fairly. Even though it seems that this depends on someone’s perspective, research shows that people evaluate the fairness of decision-making in similar ways, even though their political standpoints, educational backgrounds and ethicality might be different (Joss & Brownlea, 1999). So, even though there are different types of evaluations and some disadvantages, evaluations are always used to learn for future policies. This means that evaluations have to be contingent and should be re-designed for every research (Perche, 2011; Bressers et al., 2012).

2.5.1. The future of the balance

Academics have also written about how the balance between privacy and security could remain in balance in the future. As Demchak and Fenstermacher (2004) stated, governments would like to see a combination of identity-based and behaviour-based approaches to gather information. Privacy advocates believe that the right on privacy will then disappear. Therefore, according to Demchak and Fenstermacher (2004), the best way to keep the balance between privacy and security would be to keep both information about identity and behaviour separated. The government should be able to gather information about behaviour, because this information has more value to government officials, as is mentioned before, however, identity-based information should be encrypted. Only when there is proof that identifying information is needed, the encrypted information could be connected with the behaviour-based information. A challenge with this system is that it can be difficult to translate this into policy and to have organizations adapt this way of working into their guidelines. Another point is the development of the technologies behind these systems. However, not only the technologies of the systems can be a challenge, also the rapid development of other new technologies can be a challenge. The people who the government is looking for, probably also have knowledge of new developments, and will use these new techniques to escape from the government. The task for the government is then to keep being able to gather behaviour-based intelligence and not, for example, only being able to track people (Demchak & Fenstermacher, 2004). In order to keep up with all the new developments

(24)

in technology it will become necessary that the reliance on automated techniques will increase. A policy should be developed which foresees a possible conflict between datamining and the collection of data and data protection (Crossman, 2008).

Another perspective is given by Gill & Phythian (2006) who see the balance between security and fundamental rights as a metaphor. Because of intelligence scandals, the oversight on the services has increased. This often happened in combination with limiting their legal powers. When intelligence failures such as 9/11 occurred, the intelligence services received more legal powers. So, it is more a pendulum that is swinging between rights and security. States will not be able to achieve democratic legitimacy if they do not respect the fundamental rights and freedoms of their citizens. There is a tension between security and the rights, nevertheless, this tension can be made proportionate by establishing legal rules and ethical codes (Gill & Phythian, 2006).

2.6. The analytic framework for answering the research question

With the amendment the intelligence services get broader competences in order to gather information. To obtain this information, different forms of intelligence gathering can be used. While using these measures the privacy of the citizens needs to be respected as is stated by the ECHR (AIVD, 2015). Privacy advocates often lose in the debate about privacy versus security because of the lack of a clear definition of privacy. Privacy is not only about keeping information secret, when this statement is taken into account, privacy advocates have much more ground to stand on. In order to get more insight in the privacy concept it would be interesting to know what the law states about privacy. Also, because the ‘authoritative’ standards are a key element in the judgement whether a procedure has been performed fairly. Article 8 of the ECHR has already been briefly mentioned, but what more is there to find in the law? It would also be interesting to examine the Dutch law and the European law, while this last one is also applicable in the Netherlands. The first sub question which can be asked in order to get an answer to the research question will be:

What does the Dutch and European law state about the right of privacy and the right of security?

This paper wants to give insight into the impact of the amendment on the balance between security and privacy interests of citizens. The literature has also discussed the balance and has come up with ideas to keep this balance. Demchak and Fenstermacher (2004) stated that separating behaviour and identity could be a way of keeping this balance. Therefore, it would be interesting to use their ideas and translate this to the amendment. While discussing the security-privacy debate line also behaviour and identity have been discussed. Still, it is not clear what kind of information can be gathered by the intelligence services and how this is done. Accurate information is needed in order to make a decision, but how is this information gathered? Therefore the second question will be:

How does the amendment relate to the framework of Demchak and Fenstermacher and what methods are used to gather information?

Not only the security-privacy debate line has been discussed, also supervision and the ‘’nothing to hide argument’’ from Solove (2007) have been described. This also raises more in depth questions about the amendment. The previous question is more technical because the examination will focus on what kind of information is needed and what the amendment states. With this question it will be more about how this will be translated into practice. What is the role of the minister? What measures are taken in the amendment to respect people’s privacy? The overall question for this part will be as followed:

Security vs. Privacy, the state is watching you