Head of Dutch security service is fed up with privacy concerns
- 19 september 2016
Will people who value privacy know that they allowed a terrorist attack to take place? Rob Bertholee, head of the General Intelligence and Security Service of the Netherlands (AIVD) made this and other bold statements in a revealing interview, clearly showing his frustration about legitimate privacy concerns.
In the interview (in the Dutch daily De Volkskrant) he demands access to any encrypted communications despite the major security implications this may have for millions of citizens. By taking this position he even goes against the position of the Dutch government made earlier this year, when it said it would: “not adopt restrictive legislative measures against the development, availability and use of encryption within the Netherlands.”. And when he is challenged by the interviewer, Huib Modderkolk, about the negative consequences of the new powers he demands, he responds by framing the issue as a false dichotomy between privacy and security.
Bits of Freedom is worried that the head of the Dutch security service does not fully recognize that the right to privacy and the use of encryption is a core element of a secure and free society. It is not possible to weaken encryption just a little bit for “good causes” only. Introducing back doors would not only allow the Dutch security service to access encrypted communications but also make our communications vulnerable to criminals and foreign intelligence services.
This is a good moment for the Dutch government to put its laudable position about encryption into practice, and tell Mr. Bertholee why weakening encryption is truly a bad idea.
Below you will find a translation of the relevant passages from the interview. We would like to thank Tim van der Molen for helping us with the translation!
Excerpts of interview with Rob Bertholee, head of the AIVD:
Why is the threat so large?
“The threat is manifold. There are the jihadists who returned from Syria and are traumatised. There are jihadists who returned and willfully blend into society waiting to strike at a later time. And there are those who are inspired through social media without ever having gone to Syria or Iraq. The people who intentionally blend into society and are waiting for orders, are perhaps the easiest to discover for us. Because it requires communicating with Syria and communication can be intercepted. The largest threat comes from the lone wolve who gets inspired and radicalised at home. They remain invisible to us.”
Terrorists are said to mostly use chat applications like Telegram, WhatsApp and Signal. These applications offer strong encryption, making it very difficult for security services to read chat messages. France and Germany have proposed to restrict this use of encryption. The Dutch government is opposed, however, because encryption also provides security for millions of users. Bertholee’s position is clear: he believes his service should always be able to undo encryption.
The problem is that there is no such thing as partial encryption. If the AIVD can acces ecnrypted data, then encryption becomes useless for millions of others.
“That’s true. But we are not interested in all those other people.”
Still, if the AIVD is able to access encrypted data, then so can the Americans, the Russians, the British and anyone else. This is why the Dutch government opposes restrictions on encryption.
“In that case the Dutch government should also accept the fact that we are no longer able to access communications of terrorist. We have the legal authority to decrypt information and in many cases we actually do this. I want to have access to the communications of those who pose a threat.”
The crux of the matter is that it’s not possible to do this in selected cases only. This is why Apple refused to comply with the request from the FBI to unlock that particular iPhone 5c — because doing so would render insecure all phones of that type. Do you understand Apple’s position?
“Let me ask a counter question. Should helping terrorists communicate securely be one of Apple’s aims? We want to protect the law. This means we use our powers with restraint. We are not allowed to use them against persons not posing a threat.”
There is, however, no guarantee whatsoever that other intelligence services won’t abuse this [Bits of Freedom: i.e. the possibilibity to access encrypted data].
“Then you should accept the fact that you lose some security. Then you should ask yourself how much security you are prepared to sacrifice for privacy.”
Isn’t this a false dichotomy? After all, for many people more privacy also means a greater sense of security.
“I truly wonder. I, too, believe that protection of privacy is very important. But will people who value privacy over anything else continue to pursue their goal with the same enthusiasm after they have fallen victim to a terrorist attack? When they know that they allowed such an attack to take place?”
Bertholee gets fierce. He is fed up with the privacy discussion. Privacy is fine and important and all that, but according to him the image of the AIVD being a large violator of privacy is far from being true. “I admire the privacy organizations that invented a catchy term for this: the dragnet. But that’s incorrect. We don’t collect everything. We can’t do this and we aren’t allowed to. I cannot stress enough that we exist to protect freedom, and not to sustain some sort of regime.”
This invites the question of what exactly the AIVD intends to do. The Dutch government is preparing a bill allowing the AIVD to intercept internet traffic. This constitutes a considerable increase of the AIVD’s legal powers of what it can do.
Bertholee finds it difficult to answer questions about this subject. He prefers to give generic examples, pointing out that the enemies of the Netherlands are using the enormous data network and that the service wants to search for their communication in the most specific and directed way possible. Just trust us, he appears to be saying.
Essentially the AIVD will be able to scan a large part of all internet traffic.
“Do you know how thick a glass fiber cable is? And how many of those little fibers it contains? It’s an illusion to think that we can tap such a thick cable in its entirety. We can’t do that, we aren’t allowed to do that, and it’s not something I want to do. We will be looking for that one particular cable, make a network analysis and then zoom in.”
What will the new bill allow you to do what you cannot do now?
“Our opponents usually operate in networks. The new bill will help us to make a network analysis much faster. If an attack is being prepared in one of those networks, we will be able to filter much more easily and get to the people we need to get to. Right now we have to eavesdrop on everyone in such a network in order to find out the leaders. In the future we will be able to get to the core much faster.”
Still, this is not the full story. The AIVD is not empty handed at all. Technological developments make it easier for the service to intrude further into someone’s private life. It is possible to hack someone’s smartphone or computer, to look at CCTV images, or to attach GPS trackers to vehicles. Bertholee admits these possibilities exist. Just as he admits that wiretapping alone never has prevented a terrorist attack. In the end, the real work has to be done by humans.