The Dutch Ministry of Finance is about to oblige companies to export personal data on a large scale. The measure is hidden in a subordinate clause of a letter from the Minister of Finance, although it has major consequences. The measure obliges companies that trade in 'virtual assets' (such as bitcoins, real estate, but also purchases in computer games) to include personal data of customers in the transaction records and messages. The information from all parties involved needs to remain visible and available to everyone in the value chain.
Consumers, companies and citizens cannot object to this mandatory addition of their personal data. The topic is not receiving the proper amount of political attention because it is presented as a technical measure. In his letter to Dutch Parliament of 21 March 2019, the Minister fails to point out the large scope and impact. It is, however, suggested that a consultation round will take the market responses to the envisaged rules onboard.
Privacy First and VBNL (United Bitcoin Companies Netherlands) have meanwhile understood that the worldwide objections to the proposed measure are being ignored. That is why they are today sending an urgent letter to the Dutch Minister of Finance. They ask him to study the issue better, with all relevant Ministries and in particular: to better inform Parliament. In doing so, they point to the conflicts of law that may arise as the measure may well violate international agreements and treaties that protect privacy.
Where it is known that consumers are very reluctant to make their own data available to private and commercial institutions, the government must be similarly reluctant on their behalf. Privacy First finds it extremely unfortunate that the Ministry of Finance seems to intend to give this all-in permission for unbridled export of personal data without giving it proper attention and without applying due process.
There is no merit to the claim that the measure is required for counter-terrorism purposes. Experts at Europol (!) indicate that the international proposal is "overkill" and not necessary for investigative purposes. The rule adds nothing to the existing European framework against money laundering and terrorist financing and only increases the risk of unwanted data breaches.
Privacy First and VBNL hope that their letter will make Dutch Parliament aware that this is a proposal that goes far beyond the much-debated access-regime of the recent second European Payment Services Directive (PSD2). With PSD2, consumers can decide to share data themselves. With this proposal, they will become deprived of that fundamental right for all kinds of economic acts. Privacy First and VBNL are calling on parliamentarians to protect consumers and businesses against this unnecessary planned measure.
The letter can be downloaded here (pdf).
Writing a New Year’s Column about the state of affairs concerning the protection of everyone’s privacy weighs me down this year. With the exception of a few bright spots, privacy in the Netherlands and the rest of the world has greatly deteriorated. For a while it seemed that the revelations of Edward Snowden in 2013 about secret services tracking everyone’s online behavior would be a rude wake-up call for the world. It was thought that an increasing number of data breaches and a rising number of governments and companies getting hacked, would make people realize that large amounts of data stored centrally is not the solution. The Arab Spring in 2015 would bring about major change through the unprecedented use of (social) media.
The European Union successfully voted against the exchange of data relating to travel movements, paved the way for the current General Data Protection Regulation and seemed to become the shining alternative example under the guidance of Germany, a country known for its vigilance when it comes to privacy. Unfortunately, things turned out differently. Under the Obama administration, Snowden was shunned as a traitor and other whistleblowers were clamped down on harder than ever before. Julian Assange was forced into exile while murdering people with the use of drones and without any form of trial was implemented on a large scale. Extrajudicial killings with collateral damage... While the discussion was about waterboarding... Discussions on such ‘secondary topics’ have by now become commonplace in politics, and so has the framing and blaming of opponents in the polarized public debate (the focus is usually on the person rather than on the argument itself).
Looking back on 2018, Privacy First identifies a great number of areas where the breakdown of privacy is evident:
Government & privacy
In March, an advisory referendum in the Netherlands was held on the introduction of the so-called Tapping law. Immediately after that, the referendum was abrogated. This happened in a time of unprecedented technological possibilities to organize referendums in various ways in a shared democracy. That’s outrageous. The outcome of the referendum was not taken into account and the Tapping law was introduced just like that. Moreover, it turned out that all along, the Dutch Minister of the Interior had withheld an important report on the functioning of the Dutch General Intelligence and Security Service.
Apparently this was nothing to worry about and occurred without any consequences. The recent report by the Dutch State Commission on the (re)introduction of referendums will likely end up in a drawer, not to be looked at again.
Fear of losing one’s role and the political mood of the day are all too important in a culture in which ‘professional politicians’ are afraid to make mistakes, but which is full of incidents nonetheless. One’s job or profession comes first, representing citizens comes second. Invariably, incidents are put under a magnifying glass in order to push through binding legislation with a broad scope. Without the review of compliance with guiding principles such as necessity, purpose limitation, subsidiarity and proportionality. There is an ever wider gap between government and citizens, who are not trusted but are expected to be fully transparent towards that self-same government. A government that time and again appears to be concealing matters from citizens. A government that is required by law to protect and promote privacy, but is itself still the most prominent privacy-violator.
The medical establishment & privacy
In this area things got really out of hand in 2018. Through various coordinated media offensives, the EU and the member states are trying to make us believe in the advantages of relinquishing our right to physical integrity and our humanity. Sharing biometric data with the United States continues unabatedly. We saw the police calling for compulsory DNA databases, compulsory vaccination programs, the use of smart medicines with microchips and the phasing out of alternative therapies. Furthermore, health insurance companies cautiously started to cover genetic testing and increasingly doing away with medical confidentiality, the Organ Donation Act was introduced and microchips implanted in humans (the cyborg as the highest ideal in Silicon Valley propaganda) became ever more popular.
How long before microchips become compulsory for all citizens? All (domestic) animals in the EU have already preceded us. And then there’s the Electronic Health Record, which was first rejected in the Dutch Senate but has reappeared on the minister’s agenda via a detour. Driven by commercial interests, it is being rammed down the throats of general practitioners while alternatives such as Whitebox are not taken seriously. The influence of Big Pharma through lobbying with government bodies and participating in government working groups is particularly acute. They closely cooperate with a few IT companies to realize their ideal of large and centralized networks and systems. It’s their year-end bonus and growth at the expense of our freedom and well-being.
Media & privacy
Naturally, we cannot overlook ‘fake news’. One of the premises for having privacy is being able to form your own opinion and respect and learn from the opinions of others. Furthermore, independent left and right-wing media are essential in a democratic constitutional State. It's their task to monitor the functioning of elected and unelected representatives in politics and in government. Journalists should be able to penetrate into the capillaries of society in order to produce local, national and global news.
Ever since free news gathering came about, it has been a challenge to obtain news based on facts. It’s not always easy to distinguish a press service, PR and propaganda from one another. In times of rapid technological changes and new opportunities, they should be continuously reviewed according to the principles of journalism. That’s nothing new. What is new, however, is that the European Union and our own Minister for the Interior, Kajsa Ollongren, feel they’re doing the right thing by outsourcing censorship to social media companies that are active on a global scale and have proven to be unreliable.
While Facebook and Google have to defend themselves in court for spreading fake news and censoring accounts, the governments hand over the monitoring task to them. The privacy violators and fake news distributors as the guardians of our privacy and journalism. That’s the world upside down. By so doing, this minister and this government undermine the constitutional State and show disdain for intelligent citizens. It’s time for a structural change in our media system, based on new technologies such as blockchain and the founding of a government media office whose task is to fund all media outlets through citizens’ contributions, taking into account the media’s scope and number of members. So that concerns all media, including the so-called alternative media, which should not be censored.
Finance & privacy
The erosion of one’s privacy increasingly manifests itself at a financial level too. The fact of the matter is, that the tax authorities already know in detail what the spending pattern of all companies and citizens looks like. Thanks to the Tapping Law, they can now pass on this information in real-time to the secret services (the General Intelligence and Security Service is watching along). Furthermore, a well-intended initiative such as PSD2 is being introduced in a wholly improvident and privacy-unfriendly way: basic conditions relating to the ownership of bank details (of citizens, account holders) are devoid of substance. Simple features such as selective sharing of banking details, for example according to the type of payment or time period, are not available. What’s more, payment details of third parties who have not given their consent, are sent along.
In the meantime, the ‘cash = criminal’ campaign goes on relentlessly. The right to cash and anonymous payment disappears, despite even the Dutch Central Bank now warning that the role of cash is crucial to our society. Privacy First has raised its opinion on this topic already in 2016 during a public debate. The latest development in this regard is the further linking of information through Big Data and profiling by debt-collecting agencies and public authorities. Excluding citizens from the electronic monetary system as a new form of punishment instead of letting them pay fines is a not so distant prospect. In this regard, a lot of experimentation is going on in China and there have been calls in Europe to move in the same direction, supposedly in order to fight terrorism. In other words, in the future it will become increasingly difficult to raise your voice and organize against abuse of power by governments and companies: from on high it takes only the press of a button and you may no longer be able to withdraw cash, travel or carry out online activities. In which case you have become an electronic outcast, banished from society.
Public domain & privacy
In 2018, privacy in public space has all but improved. Whereas 20 years ago, the Netherlands was deemed too small to require everyone out on the streets to be able to identify themselves, by now, all governments and municipalities in Europe are developing ‘smart city’ concepts. If you ask what the benefits and use of a smart city are (beyond the permanent supervision of citizens), proponents will say something vague about traffic problems and that the 'killer applications' will become visible only once the network of beacons is in place. In other words, there are absolutely no solid figures which would justify the necessity, subsidiarity and proportionality of smart cities. And that’s not even taking basic civil rights such as privacy into consideration.
Just to give a few examples:
- ANPR legislation applies from 1 January 2019 (all travel movements on public roads will be stored in a centralized police database for four weeks)
- A database consisting of all travel movements and stays of European citizens and toll rates as per 2023
- Emergency chips in every vehicle with a two-way communication feature (better known as spyware) as per 1 January 2019
- Cameras and two-way communication in public space, built into the lampposts among other objects as part of smart city projects
- A decision to introduce additional cameras in public transport as per 2019
- The introduction of Smart Cities and the introduction of unlimited beacons (doesn’t it sound so much better than electronic concentration camp posts?)
- Linking together all traffic centers and control rooms (including those of security companies operating on the private market)
- Citizens are permanently monitored by invisible and unknown eyes.
Private domain & privacy
It’s well known that governments and companies are keen to take a peek in our homes, but the extent to which this was being advanced last year, was outside of all proportion. Let’s start with energy companies, who foist compulsory smart meters on citizens. By way of ‘appointment to install a smart meter’, which you didn’t ask for, it’s almost impossible to stay clear of red tape. After several cancellations on my part and phone calls to energy provider Nuon, they simply continued to push forward. I still don’t have a smart meter and it will stay like that.
Once again Silicon Valley featured prominently in the news in 2018. Unelected dictatorial executives who are no less powerful than many a nation state, promote their utopias as trendy and modern among citizens. Self-driving cars take the autonomy and joy away from citizens (the number of accidents is very small considering the millions of cars on the road each day), while even children can tell that a hybrid approach is the only option. The implementation of smart speakers by these social media companies is downright spooky. By bringing smart toys onto the market, toy manufacturers equally respond to the needs that we all seem to have. We can all too readily guess what these developments will mean for our privacy. The manipulation of facts and images as well as distortion, will starkly increase.
Children & privacy
Children and youths represent the future and nothing of the above bodes well for them. Screen addiction is sharply on the rise and as children are being raised amidst propaganda and fake news, much more attention should go out to forming one’s own opinion and taking responsibility. Centralized pupil monitoring systems are introduced indifferently in the education system, information is exchanged with parents and not having interactive whiteboards and Ipads in the classroom has become unthinkable. The first thing children see every single day, is a screen with Google on it... Big Brother.
Dependence on the internet and social media results in impulsive behaviour among children, exposes them to the madness of the day and affects their historical awareness and ability to discern underlying links. The way of thinking at universities is becoming increasingly one-sided and undesirable views are marginalized. The causes of problems are not examined, books are not read though there is certainly no lack of opinions. It’s all about making your voice heard within the limits of self-censorship that’s in force in order to prevent becoming the odd one out in the group. The same pattern can be identified when it comes to forming opinions in politics, where discussing various issues based on facts seems no longer possible. Not to mention that the opinions of citizens are considered irrelevant by our politicians. Good quality education focused on forming opinions and on creating self-reflective minds instead of a robot-way of thinking, is essential for the development of a healthy democracy.
Are there any positive developments?
It's no easy task to identify any positive developments in the field of privacy. The fact is that the introduction of the GDPR and the corresponding option to impose fines has brought privacy more sharply into focus among companies and citizens than the revelations of Snowden have been able to do. The danger of the GDPR, however, is that it narrows down privacy to data protection and administrative red tape.
Another positive development is the growing number of (as of yet small) initiatives whereby companies and governments consider privacy protection as a business or PR opportunity. This is proved by the number of participants in the 2019 Dutch Privacy Awards. Recurring themes are means of anonymous communication (email, search engines, browsers), possible alternatives to social networks (messaging services like WhatsApp, Facebook, Instagram and Twitter) on the basis of subscriptions, blockchain technology and privacy by design projects by large organizations and companies.
Privacy First has teamed up with a few top quality pro bono attorneys who are prepared to represent us in court. However, judges are reluctant to go off the beaten track and come up with progressive rulings in cases such as those concerning number plate parking, average speed checks, Automatic Number Plate Recognition, the Tapping Law, etc. For years, Privacy First has been suffering from a lack of funding. Many of those who sympathize with us, find the topic of privacy a bit eerie. They support us morally but don’t dare to make a donation. After all, you draw attention to yourself when you’re concerned with issues such as privacy. That’s how bad things have become; fear and self-censorship... two bad counsellors! It’s high time for a government that seriously deals with privacy issues.
Constitutional reform should urgently be placed on the agenda
Privacy First is a great proponent of constitutional reform (see our 2017 New Year’s column about Shared Democracy), based on the principles of the democratic constitutional State and the European Convention on Human Rights (ECHR). Our democracy is only 150 years old and should be adapted to this current day and age. This means that the structure of the EU should be changed. Citizens should take on a central and active role. Government policies should focus on technological developments in order to reinforce democracy and formulate a response to the concentration of power of multinational companies.
Privacy First argues that the establishment of a Ministry of Technology has the highest priority in order to be able to stay up to date with the rapid developments in this field and produce adequate policies accordingly. It should live up to the standards of the ECHR and the Dutch Constitution and avoid becoming a victim of the increasing lobbying efforts in this sector. Moreover, it is time for a Minister of IT & Privacy who stays up to date on all developments and acts with sufficient powers and in accordance with the review of a Constitutional Court.
The protection of citizens’ privacy should be facilitated and there should be privacy-friendly alternatives for current services by technology companies. For 2019, Privacy First has a few tips for ordinary citizens:
- Watch out for and stay away from ‘smart’ initiatives on the basis of Big Data and profiling!
- Keep an eye on the ‘cash = criminal’ campaign. Make at least 50% of your payments anonymously in cash.
- Be cautious when communicating through Google, Apple, Facebook and Microsoft. Look for or develop new platforms based on Quantum AI encryption and use alternative browsers (TOR), networks (VPN) and search engines (Startpage).
- Be careful when it comes to medical data and physical integrity. Use your right for there to be no exchange of medical data as long as initiatives such as Whitebox are not used.
- Be aware of your right to stay anonymous, at home and in public space. Campaign against toll payment, microchips in number plates, ANPR and number plate parking.
- Be aware of your legal rights to bring lawsuits, for example against personalized waste disposal passes, camera surveillance, etc.
- Watch out for ‘smart’ meters, speakers, toys and other objects in the house connected to the internet. Purchase only privacy by design solutions with privacy enhanced technology!
The Netherlands and Europe as guiding nations in the field of privacy, with groundbreaking initiatives and solutions for apparent contradictions concerning privacy and security issues - that’s Privacy First's aim. There’s still a long way to go, however, and we’re being blown off course ever more. That’s due in part because a comprehensive vision on our society and a democracy 3.0 is lacking. So we continue to drift rudderless, ending up in the big manipulation machine of large companies one step at a time. We need many more yellow vests before things change. Privacy First would like to contribute to shaping and promoting a comprehensive, positive vision for the future. A future based on the principles that our society was built on and the need for greater freedom, with all the inevitable restrictions this entails. We will have to do it together. Please support Privacy First actively with a generous donation for your own freedom and that of your children in 2019!
To an open and free society! I wish everyone a lot of privacy in 2019 and beyond!
Bas Filippini, Privacy First chairman
A train passenger has submitted an enforcement request to the Dutch Data Protection Authority, because he argues that Dutch Railways (NS) violates the privacy of train passengers.
In response to three new attempts by Dutch Railways (NS) to violate the privacy of train passengers, NS customer Michiel Jonker has submitted a request for enforcement to the Dutch Data Protection Authority (DPA). It concerns:
- Rejecting the reimbursement of the remaining balance on anonymous public transport chip cards if the holder does not provide his or her name and address data to NS;
- Refusing international train tickets by NS employees at station desks if buyers do not provide their name and address data to NS;
- Charging, since 2 July 2018, additional "service costs" when holders of anonymous public transport chip cards pay in cash for topping up the balance on these cards.
Since July 2014, NS has already launched attacks on the privacy of Dutch train passengers in various ways. It then concerned:
- Discriminating holders of anonymous public transport chip cards in discount hours;
- Requiring de-anonymization of the anonymous public transport chip cards when NS is asked to provide services (for example, reimbursing money in the event of delays);
- Applying two unique card numbers on each anonymous OV chip card, as a result of which the anonymity of these cards is affected.
As a traveler who wants to maintain his privacy, Jonker repeatedly asked the DPA to investigate these violations and to take enforcement measures. Jonker already won several lawsuits against the DPA, which initially refused to even investigate the reports.
The recently adopted General Data Protection Regulation (GDPR) will play an important role in the assessment of the new violations by NS. Another central issue will be the right to pay by cash, which protects privacy.
Jonker: "In all these matters, the question is whether users of Dutch public transport are entitled to a real, effective protection of their privacy. This question is more relevant than ever, when you see how people are treated in situations where privacy is not adequately protected. We don't only think about China with its Social Credit score, or the United States with their "No Fly" lists, but also about European countries where laws have been adopted in recent years that allow the government to spy on travelers who are not even suspected of any punishable or risky behavior. For example France with its permanent state of emergency and the Netherlands with its new Intelligence and Security Act."
In this new case, Jonker is supported by Privacy First and Maatschappij voor Beter OV.
Source: https://www.liberties.eu/en/news/ns-privacy-fight-passenger-privacy/15444, 25 July 2018.
On November 2nd 2016, the Dutch House of Representatives will address a controversial legislative proposal that will introduce four week storage of the travel movements of all motorists in the Netherlands. In case both chambers of Dutch Parliament adopt this proposal, Privacy First will try to overturn this in court.
Large scale breach of privacy
It is Privacy First’s constant policy to challenge large scale privacy violations in court and have them declared unlawful. Privacy First successfully did so with the central storage of everyone’s fingerprints under the Dutch Passport Act and the storage of everyone’s communications data under the Dutch Telecommunications Retention Act. A current and similar legislative proposal that lends itself for another major lawsuit is legislative proposal 33542 (in Dutch) of the Dutch Minister of Security and Justice, Ard van der Steur, in relation to Automatic Number Plate Recognition (ANPR). Under this legislative proposal, the number plate codes of all motorists in the Netherlands, i.e. everyone’s travel movements, will be collected through camera surveillance and stored for four weeks in police databases for criminal investigation purposes. As a result, every motorist will become a potential suspect. This is a completely unnecessary, wholly disproportionate and ineffective measure. Therefore the proposal is in breach of the right to privacy and thus unlawful.
The current ANPR legislative proposal was already submitted to the Dutch House of Representatives in February 2013 by the then Minister of Security and Justice, Ivo Opstelten. Before that, in 2010, Opstelten’s predecessor Hirsch Ballin had the intention to submit a similar proposal, albeit with a storage period of 10 days. However, back then the House of Representatives declared this subject to be controversial. Opstelten and Van der Steur have thus now taken things a few steps further. Due to privacy concerns, the parliamentary scrutiny of this proposal was at a standstill for several years, but now seems to be reactivated and even reinforced through a six-fold increase of the proposed retention period, courtesy of the ruling parties VVD and PvdA.
Under current Dutch national law, ANPR data of innocent citizens must be erased within 24 hours. In the eyes of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP), all number plate codes that are not suspect (so-called ‘no-hits’) are to be removed from relevant databases immediately. Van der Steur’s plan to also store the number plate codes of unsuspected citizens for four weeks directly flies in the face of this. VVD and PvdA are even willing to increase this retention period to six months. The inevitable consequence, a haystack of data, would constitute a blatant violation of the right to privacy of every motorist. Any possible judicial oversight of the use of these data would do nothing to alter this.
UN Human Rights Council
In recent years, Privacy First has repeatedly expressed this position to both the House of Representatives (standing committee on Security and Justice) as well as to relevant MPs personally. Privacy First has also made its stance clear in personal meetings with Minister Opstelten (July 2012) and Minister Van der Steur (July 2014, at that time still a VVD MP). Moreover, Privacy First has recently raised this issue with the United Nations. In May 2017, the Dutch government can be held accountable for this at the UN Human Rights Council in Geneva.
In case both the House of Representatives and the Dutch Senate will adopt the ANPR legislative proposal in its current form, Privacy First (in a broad coalition together with other civil organizations) will immediately summon the Dutch government in order to render the law inoperative on account of violation of the right to privacy. If necessary, Privacy First and co-plaintiffs will litigate all the way up to the European Court of Human Rights in Strasbourg. Considering the European and Dutch case law on the subject, Privacy First rates its chances of legal success very high.
Update 20 December 2018: today the Dutch government has announced that the ANPR Act will enter into force on 1 January 2019. The summary proceedings of Privacy First against the ANPR Act will soon take place at the District Court of The Hague.
Column by Bas Filippini,
Privacy First chairman
The Dutch police is currently running a pilot with Radio Frequency Identification (RFID)-chips in license plates. According to an internal report, fraud with license plates is alleged to be a big problem. A chip which is compulsory for every motorist and which can be read from a distance through a 'read-out portal' at all times on public roads, would supposedly be THE solution. However, Privacy First perceives the setting up of a national control system to track all movements in public space of all 17 million Dutch citizens as a great danger to society. Privacy First finds a compulsory spychip disproportional and unfit for a decent democracy under the rule of law.
A comprehensive electronic control system
Enquiries by Privacy First reveal that the license plate chip is part of a much larger plan to equip all roads in the Netherlands with so-called 'portals' with measurement equipment. These portals would record all cars 24 hours a day and thus the movements of all 17 million citizens in public space. The Dutch Bicycle and Automobile Industry (RAI) Association strongly recommends the use of such a chip in a recently leaked report. Moreover, new regulations, which make chips inside cars compulsory alongside license plate chips, are being prepared by European Parliament. According to the basic concept, over 60 details would be recorded and stored in the European database EUCARIS. The chip should enable immobilizers as well as a digital license plate database, online license plate requests, a European general periodical car inspection and could eventually grow into a European system for travel and residence rights and taxes.
For the time being, the project is traded as a solution for identity fraud and license plate related crimes in order to get citizens 'aboard'. However, in Privacy First's eyes the system is yet another attempt to be able to record citizens in public space, either through the public transport chip card or chips in license plates and/or cars. A license plate chip for all citizens as if it were an ankle bracelet is a dogged principle in the current control oriented way of thinking by the Dutch government and now the European Parliament, too. Which role do Dutch lobbyists outside Dutch parliament play in order to introduce these chips from Dutch manufacturer NXP in all European license plates on the basis of a Europe measure, or, in other words, by way of a political U-turn? Privacy First thinks it's high time for some serious journalistic research into this.
Current license plate issues: facts or suggestions?
Upon enquiry into the real problem, none of the authorities have been able to provide any clarity about the presupposed 40,000 cases of fraud with license plates. Even though it's important for citizens to know if there's a problem, and how substantial this problem is, the figure cannot be confirmed. Therefore, the question is raised whether it's legally justified to introduce such a system. Even in case of an estimated 40,000 license plates (a mere 0.5 per mil of the total) it's dubious whether the privacy of the entire society should be sacrificed. It's also altogether unclear how high the costs of such a system would be, and how high the gains in respect of the current alleged costs of identity fraud and license plate related crimes.
Are there no alternative solutions to 'the problem'? From a recent letter from the Dutch minister of Security and Justice, Ard van der Steur, it emerges that fraud with license plates occurs less frequently already due to measures such as the controlled online management and issuing and returning of license plates, requirements for recognized manufacturers and laminators (laminate code) as well as the obligation to report stolen or lost blank plates or license plates that have not yet been issued. Moreover, in 2000, the system of duplicate codes on license plates was introduced. Furthermore, faulty license plates are entered in the database for Automatic Number Plate Recognition (ANPR) control.
Whether it concerns black boxes, chips for theft prevention in (as of yet only more expensive) cars, eCall for crash analyses (also manufactured by NXP), dashcams, speed checks or the network of ANPR cameras, time and again Privacy First sees a pattern whereby the Dutch government tries to turn the complete recording of travel behaviour of citizens into reality. Now we're about to witness a spychip in every license plate and in every car, through undemocratic EU law – the ICT industry lobbied a number of MEPs in order to circumvent national parliaments – and the central database EUCARIS.
Reasons to opt for free choice and very selective use of a passive chip
Privacy First sees many reasons to not give a control infrastructure the go-ahead:
• A lack of necessity due to the absence of concrete figures regarding the 'alleged problem' and the availability of alternative solution-paths and measures, some of which have already been introduced.
• A complete lack of a cost-benefit analysis of a control infrastructure. The only one benefitting from the system in the short term is the chip manufacturer: in the future, chip manufacturer NXP will spy on you alongside the NSA! Under American surveillance legislation that is.
• The alleged problem is not commensurate with the measure, which is entirely disproportional and in breach of Article 8 ECHR. In the fight against identity fraud with license plates, a passive registration chip suffices and citizens should be able to choose freely whether or not they want to have a RFID license plate.
• The system will enable real-time identification, monitoring and recording of all citizens, including lawyers, journalists, politicians, activists – a very serious privacy infringement
• A central infrastructure and central data storage are particularly susceptible to fraud. If criminals get access to databases containing all the travel and residency data of cars and people in the Netherlands and the rest of Europe, all floodgates will be opened.
• There is a risk of function creep. The tax authorities, police and other law enforcement agencies already have real-time access to systems that have been intended for entirely different purposes, think of systems related to car parks and speed checks.
• Eventually a system like that could be deployed to burden citizens even more in various ways, such as road pricing and other travel & residency taxes and sanction systems, something that is perhaps the underlying thought of this draconian measure. Meanwhile ANPR cameras are used to fine drivers of old diesel cars in inner cities. What's next?
• Permanently recording citizens in public space will lead to self-censorship and an 'apology society' in which citizens have to have an alibi all time to explain what they were doing in a given location and why they were there. Citizens are already pestered by the police and authorities as a result of their travel behaviour – complaints about this reach Privacy First ever more often.
• Finally, an infrastructure like this affects our constitutional democracy by inverting the legal principle that there should be a reasonable suspicion of a criminal offence to be tracked: every citizen would be considered a potential suspect and would be continuously spied on.
An over-zealous control oriented way of thinking by a distrustful government
The policies of the Dutch government are tenaciously moving in one direction only. New technological gadgets are mandatorily deployed to record all citizens and central systems are subsequently linked together. After that, a flawed law and its implementation are being proposed and finally there are talks with privacy organizations and guileless citizens, who are left behind in an electronic prison. Nowadays Big Data, data mining and profiling are the magic words in all government departments. It all concerns 'OPD' (other people's data) anyway, very convenient indeed. In this case we're talking about equipping each car with three chips and implementing and maintaining a comprehensive ICT network on all roads, a market potentially worth billions of euros. And in the relationship that is then being formed between the public and the government, the latter is a distrustful partner that wants to know who the former is communicating with and what its travel movements look like. It also wants to dispose of systems with which errors can be checked, but in the worst case, it deals carelessly with all the data it collects. Such a relation, based on mistrust, certainly isn't sustainable.
The Netherlands, a global pioneer in the field of privacy
Time and again people forget: it's the legitimate task of the government to protect and promote the privacy of its citizens! Privacy First wants the Netherlands to become a global pioneer in the field of privacy with advanced technologies, based on the principles of our constitutional democracy and independent of the misconceptions of the day and our incident-driven political system. After all, this is about a fundamental turnaround in the relationship with the public, something Privacy First is opposed to. We therefore challenge politics, industry and science to turn the Netherlands into THE nation that is at the vanguard of privacy matters while maintaining security, and not the other way around!