Since we are a foundation that has privacy very high on its agenda, it is only natural for us to make use of a privacy-friendly hosting service for our website. Therefore the websites of Privacy First (privacyfirst.nl and privacyfirst.eu) are hosted on the servers of Greenhost in Amsterdam since this month. This decision was preceded by a thorough exploration of foreign alternatives, varying from hosting services inside a nuclear bunker in Sweden to VPN tunnels in Switzerland and an old fortress in the North Sea. However, Greenhost proved to be well ahead of its foreign competitors in terms of customer-friendliness, rapid response, sustainability and low costs for reliable and secure hosting, including Privacy by Design. Even the physical location is an advantage: Greenhost is situated in Amsterdam just a few hundred metres from the Privacy First office. Moreover, Greenhost has been a trustworthy partner of a number of NGOs, including Bits of Freedom. For Privacy First however, the decisive aspect was the fact that Greenhost has for years taken up an exemplary role of privacy pioneer, whereas many other ICT companies lagged behind in this respect. In 2009 Greenhost stopped logging email data and called for other companies to do the same. At the beginning of 2011 Greenhost wrote a manual for the security of internet traffic: the Basic Internet Security Manual. These initiatives not only reflect audacity and leadership, but also corporate social responsibility in the sense of privacy-friendly entrepreneurship. In that regard Greenhost and Privacy First have a shared vision on society. Therefore Privacy First looks forward with great confidence to the cooperation with Greenhost in the years to come!
At the end of this summer our colleagues from Bits of Freedom will once again be organizing the annual Big Brother Awards. Below are our nominations for the biggest Dutch privacy violations of the past year:
- Automatic Number Plate Recognition plans from Minister Opstelten
If it’s up to the Dutch Minister of Security and Justice, Ivo Opstelten, the travels of every motorist in the Netherlands will soon be stored in a police database for four weeks through automatic number plate recognition (ANPR) for criminal investigation and prosecution purposes. This means that, in the view of Mr. Opstelten, every motorist is a potential criminal. Privacy First deems this proposal absolutely disproportional and therefore in breach with the right to privacy as stipulated under Article 8 of the European Convention on Human Rights. In case Dutch Parliament accepts this legislative proposal, Privacy First will summon the
on account of unlawful legislation in violation with the right to privacy; see http://www.privacyfirst.eu/focus-areas/cctv/item/580-every-motorist-becomes-potential-suspect.html. Dutch State
- Proposal for hacking scheme from Minister Opstelten
A second miserable plan from Minister Ivo Opstelten is to authorize the Dutch police force to hack into your computer and to oblige citizens to decrypt their encrypted files for the police. In the view of Privacy First this plan, too, is entirely in breach with the right to privacy, since it’s unnecessary and disproportional. Moreover, the proposal contravenes with the ban on self-incrimination (nemo tenetur). The proposal will lay the basis for future abuse of power and forms a typical building block for a police State instead of a democratic constitutional State. For our main objections, see http://www.privacyfirst.eu/focus-areas/law-and-politics/item/599-privacy-first-objections-against-opstelten-hacking-scheme.html.
- License plate parking
As of late, in an ever greater number of Dutch cities (among which
) license plate parking is becoming compulsory. Privacy First stands up for the classical right of citizens to travel freely and anonymously in their own country. The right to park anonymously is a part of this. License plate parking clearly disregards these rights. Moreover, it leads to function creep in breach with the right to privacy. The prime example here is the already proven abuse of parking information of lease drivers by the Dutch tax authorities; see http://www.nrc.nl/nieuws/2013/07/29/privacywaakhond-het-servicehuis-parkeren-overtreedt-de-wet/ (in Dutch). Amsterdam
- Highway section controls
Section speed checks on Dutch highways make that the journeys of motorists are continuously being monitored. This forms a massive infringement of the right to privacy. Such an infringement requires a specific legal basis with guarantees against abuse. Moreover, function creep is just around the corner; this already becomes obvious from the current plans of Dutch Minister Opstelten to soon use all highway speed cameras for automatic number plate recognition (ANPR) for investigation and prosecution purposes of a whole range of criminal offences as well as the collection of outstanding fines, tax debts, etc.
Besides the ‘usual’ cameras in neighbourhoods, shops, stations, above highways etc., citizens are increasingly – and almost unnoticed – being spied upon by flying cameras: so-called drones. The government does this (mainly the police) and so are private parties, yet without any sufficient legislation. Because of this the privacy risks and the likelihood of an accident are enormous. Privacy First therefore pleas for a moratorium on the use of drones until proper national legislation is put in place. Furthermore, drones should only be allowed to be used by the government in exceptional cases, for instance in disaster situations or for the investigation of suspects of very serious crimes, and only in case no other adequate means can be deployed. For private parties a license system is to be introduced with strict supervision and enforcement. Moreover, every drone is to be equipped with a transponder that is publically cognizable.
- Police Taser weapons
In September 2012 it became known that Dutch Minister Opstelten was planning to equip the entire Dutch police force with Taser weapons. In the view of Privacy First, the use of Taser weapons can easily lead to violations of the international ban on torture and the related right to physical integrity (which is part of the right to privacy). Taser weapons lower the threshold for police violence and hardly leave behind any external scars. At the same time they can inflict serious physical damage and mental harm. In conjunction with the current lack of firearms training for Dutch police officers, this produces serious risks for the Dutch population. In May 2013 the Dutch government had to justify itself over Opstelten’s plans in front of the UN Committee against Torture in Geneva; see http://www.privacyfirst.eu/focus-areas/law-and-politics/item/595-dutch-taser-weapons-on-agenda-of-un-committee-against-torture.html. Nevertheless, for the moment Opstelten’s intentions seem to be unchanged...
- Electronic Health Record
In April 2011 the introduction of a Dutch national Electronic Health Record (Elektronisch Patiëntendossier, EPD) was unanimously binned by the Dutch Senate due to privacy objections and security risks. However, the national introduction of almost the same EPD was subsequently worked towards along a private route and this included the exchange of medical data through a National Switch Point (Landelijk Schakelpunt, LSP). This will by definition lead to 'function creep by design' instead of privacy by design. The digital ‘regional walls’ in and around the LSP will easily be circumvented or removed. Therefore the entire system can take on its old central form again at any given moment in the future, with all the privacy and security risks this entails. Furthermore, the current layout is characterized by generic instead of specific permission of the patient to share medical data with healthcare providers (and future third parties). This constitutes an imminent danger for the medical privacy of citizens as well as the professional confidentiality of medical specialists.
Earlier this year the Dutch Minister of Justice and Security Ivo Opstelten came up with the miserable plan to authorize the Dutch police force to hack into your computer (both at home and abroad!) and to enable the police to demand that you decrypt your encrypted files in the presence of a policeman and obediently hand them over to the State. In the context of an online consultation (in Dutch), Privacy First notified to the Minister that it has a number of principal objections against his plans:
The Privacy First Foundation hereby advises you to withdraw the legislative proposal ‘enforcement of the fight against cybercrime’ on the basis of the following eleven principal grounds:
- In our view, this legislative proposal forms a typical building block for a police State, not for a democratic constitutional State based on freedom and trust.
- The Netherlands has a general human rights duty to continuously fulfil the right to privacy instead of restricting it. With this legislative proposal the Netherlands violates this general duty.
- This legislative proposal is not strictly necessary (contrary to possibly being ‘useful’ or 'handy') in a democratic society. Therefore the legislative proposal is in breach of Article 8 of the European Convention on Human Rights.
- Moreover, this legislative proposal violates the prohibition of self-incrimination (nemo tenetur se ipsum accusare).
- Function creep is a universal phenomenon. This will also apply to this legislative proposal, which will form the basis for future abuse of power.
- This legislative proposal puts the relationship of trust between the Dutch government and the Dutch people to the test. This will lead to a chilling effect in Dutch society.
- Through this legislative proposal age-old assets such as freedom of the press and the protection of journalistic sources, whistleblowers, freedom of speech, free information gathering, freedom of communication and the right to a fair trial are put under severe pressure. This is detrimental to the dynamics within a free democratic constitutional State.
- This legislative proposal and the accompanying technology will be imported and abused by less democratic governments abroad. Therefore the legislative proposal forms an international precedent for a worldwide Rule of the Jungle instead of the Rule of Law.
- As of yet the legislative proposal lacks a thorough and independent Privacy Impact Assessment.
- This legislative proposal stimulates suboptimal (i.e. crackable by the government, because otherwise illegal?) instead of optimal (‘uncrackable’) ICT security.
- Fighting cybercrime demands multilateral cooperation and coordination instead of unilateral panic-mongering as is the case with this legislative proposal.
The Privacy First Foundation
On 22 October 2012 our next networking drink around a topical issue will take place at the Privacy First office in the former building of de Volkskrant newspaper in Amsterdam. As a follow-up to the recent lecture by the Head of the Dutch General Intelligence and Security Service (AIVD) Rob Bertholee, we have invited Wil van Gemert to further expand on the theme of cyber security. Mr. Van Gemert is Director Cyber Security of the NCTV, the National Coordinator for Security and Counterterrorism and he will prepare a lecture at the interface of security and privacy in cyberspace. What exactly is cyber security and what are the current challenges and problems in this area? What role does the government fulfil with regard to developments in cyber security? And what is the best way to strike a balance between privacy and security? Investigative journalist Brenno de Winter will moderate the discussion. During the lecture there will be plenty of opportunity for questions and discussion with the audience. Afterwards we will go for a drink in café-restaurant Canvas where DJ Wong and DJ Broky B will take care of the music.
Date: Monday 22 October 2012, starting time 19.30h. The doors will be opened at 19.00h.
Location: Wibautstraat 150, 1091 GR Amsterdam. The lecture and discussion will be held at ground level (Big Room), afterwards the informal party will take place at the 7th floor (Canvas). An itinerary can be found here.
Update 6 November 2012: click HERE for our account of the night.
The Privacy First Foundation organises networking drinks on a regular basis, inviting a prominent speaker around a topical issue. In September this year we organised a night with the Head of the AIVD, the Dutch Intelligence and Security Service. On 22 October we invited a speaker from the cyber security scene, namely Wil van Gemert, Director of Cyber Security at the NCTV, the National Coordinator for Counterterrorism and Security, part of the Dutch Ministry of Security and Justice. Investigative journalist Brenno de Winter was asked to moderate the discussion. Click HERE for the invitation to our network (in Dutch). Would you also like to receive our invitations from now on? Email us! Below is a translated summary of Mr. Van Gemert's speech and the discussion with the audience that followed:
Introduction by Privacy First
Chairman Bas Filippini gives a short introduction on the work of the Privacy First Foundation and introduces Wil van Gemert as well as Brenno de Winter. Filippini recalls that the Dutch government increasingly expects citizens to do everything digitally. In particular the elderly as well as people with fundamental objections are put in difficulty by this development. Meanwhile the government attains ever more powers of surveillance in the digital private domain of citizens. A current development in this regard is the plan of Dutch Security and Justice Minister Ivo Opstelten to be able to hack into computers of citizens. Privacy First is firmly opposed to this plan because, among other things, it would violate the right to confidentiality of email. The Dutch government should safeguard the privacy of its citizens. In that sense Privacy First and the Dutch government share the same goal, albeit from different perspectives. However, Opstelten’s hacking plans threaten to break down people's privacy and (through this) democracy as a whole. Filippini then gives the floor to Wil van Gemert.
Trends in cyber security
Mr. Van Gemert thanks Privacy First for the invitation and kicks off by showing a funny commercial advertisement about linguistic confusion; click HERE. Like in the video, in cyber security it is all about trust, knowledge and awareness. Finding the right balance between tasks and responsibilities is equally important. In his lecture Van Gemert consecutively pays attention to current trends in cyber security, tasks of the government, cooperation between the public and the private sphere, the Netherlands Cyber Security Assessment (Cyber Security Beeld Nederland) and 'security versus privacy?': is this a contradiction or rather a matter of complementarity? And what are the present-day challenges? When it comes to cyber security, it all revolves around confidentiality, reliability, integrity and continuity of data in the digital information society. The first worldwide trend that Van Gemert identifies is 'Big Data': the enormous amount of data that is stored continuously and which increases on a daily basis. How can we handle this in good way? A second trend is hyperconnectivity: the number of digital (internet) connections increases exponentially. This is how an 'Internet of Things' comes to life. The Netherlands has the one but highest internet density in the world, which gives our country a special position in this regard. A third trend is the disappearance of borders, both in time and distance as well as in terms of work and the private sphere. These trends require changes both in the way companies do business as well as the role of the government in guaranteeing a secure society. These trends also have an influence on people, on consumers, for example through the new possibilities offered by mobile telephony. Big Data can be used to make highly personalised commercial offers in real time, say, a travel insurance when you're at Schiphol airport. However, when Van Gemert asks how many in the audience find this a good idea, not a single hand is raised. Van Gemert doesn't think it's a good idea himself either: it harms your privacy, it makes you feel you're being followed. Relatively many youths seem to be just fine with it though.
The influence of social media
An important aspect of cyber security is mobility: companies want to be able to reach their clients everywhere they go and employees are increasingly less bound to a workplace at the employer's office. For companies, political parties and the government too, social media become ever more important to know what goes on in the market or in society. An interesting case is the recent incident with an airplane from Vueling Airlines with which radio contact was lost and for which for some time the possibility of a hijacking was accounted for. Since 2001 such an airplane (a 'renegade', PF) is escorted by F16s by procedure. Imagine, however, that all passengers inside the airplane communicate through Twitter that things are fine, then how do you deal with that as a government? These are questions that are pondered over within the government at the moment. Another aspect concerns the role of the government: from a monopoly to a more independent role since for most part the cyber infrastructure is in the hands of companies. Then there's the authority issue: social media have an influence on the degree to which government campaigns are successful with the general public. A recent example is the government campaign for vaccinations against cervical cancer. A further aspect is that cyber security is community driven: the community makes itself the owner of a certain problem, as was the case for example with the Dorifel virus. This community consists of researchers, relevant companies, hackers etc. and can sometimes offer clarity on certain issues, unlike with classical investigation methods whereby the directions are with the government. However, the digital IQ of most companies is still low, so it is a challenge for the government to increase the digital IQ of companies, says Van Gemert.
Lack of a security concept in cyberspace
The Netherlands is a country characterised by seas and dykes: if the water seeps through, we build a dyke around it. This classical way of crisis containment is almost impossible in cyberspace. Companies often are not aware of where their data are situated precisely, how they are interconnected and which effects occur when a failure manifests itself somewhere. Apart from the human factor, platforms, applications and infrastructures all have problems of their own. Due to the interaction between these four levels, a security problem often becomes very extensive. In the physical world we are familiar with a safety concept; think of the safety regulations on a construction site. But is there such a security concept in cyberspace? And which roles do the government, the private sector and citizens play in this? At the moment this is insufficiently clear. On the highway certain safety standards and traffic rules are in force. But each citizen can also buy a computer and go onto the digital highway unprotected.
Since one and a half years the Netherlands has a National Cyber Security Strategy. Part of this has been the installation of a Cyber Security Council: an independent advisory body for the government. In the National Cyber Security Strategy it has been agreed that the Netherlands makes an annual Cyber Security Assessment of threats and actors. Furthermore, from the beginning of 2012 there is an operational management within the NCTV, which consists of two parts: 1) the National Cyber Security Centre, NCSC (which acts as a centre of excellence, among other things) and 2) a range of policies (which support, among other things, the answering of parliamentary questions and questions from the private sector). The starting point here are public-private partnerships; in this way new coalitions with new forms of participation between the government and trade and industry as well as with NGOs come to life. Both the government as well as private parties and experts take part in the Cyber Security Council and in the NCSC. One topic that is being dealt with together is cloud computing. Moreover, since recently the NCSC has an ICT Response Board; within this public-private partnership people from the government and the industry can be summoned up for advice and assistance in the event of incidents or crisis situations. Then there are ISACs, Information Sharing and Analytical Committees, in different areas, for example for the vital infrastructure with regard to energy, water, finances, etc. This too is a public-private partnership.
Threats in cyberspace
Cyber security has been a hot topic of late and negative incidents sometimes result in positive initiatives. There has been an unanimous request by the House of Representatives to set up a security breaches notification centre. In this context Van Gemert tells the following: "The Diginotar affair has made clear that the following question is of relevance: what can the government do in the event of a crisis? How can the government force a company that plays a key role to cooperate in order to prevent social breakdown and damage to society? Are such possibilities at our disposal in the first place? Our conclusion from July this year was affirmative, in case we can declare a state of emergency in relation to a cyber incident." Furthermore, Van Gemert stresses that we should not just invest in the detection of data leakages, but also in the right response to this. Hereby the role of the government concentrates on coordination, communication and consultation. In July this year the second Cyber Security Assessment of threats, targets and actors was released. The main threat comes from foreign governments (espionage) and cyber criminality. Contrary to what most people believe, so far cyber terrorism poses a smaller threat. In addition, cooperation between 'hacktivists' and foreign State actors (i.e. intelligence services) could be worrisome.
On the relationship between privacy and security, Van Gemert remarks that as far as he is concerned "there is no privacy without security. If you do not organise security, in the end there will no be privacy. You really do need to take measures to make sure your privacy is protected. Privacy and security have a mutual interest in each other. So in that area, information protection and related agreements are necessary. Also in order to protect privacy, on a daily basis the NCSC brings out advice on vulnerabilities which could be harmful for companies and citizens. Our website www.waarschuwingsdienst.nl is focussed on making citizens more aware and to mobilise them against threats. However, we are not a supervisory body, we cannot enforce anything. We can merely give out advice and propose best practices. Between 12 and 22 November 2012 the government will pay attention to 'awareness' through its campaign Alert Online in cooperation with 10 partners. This campaign is aimed at citizens as well as companies."
Finally, Van Gemert underlined the importance of fundamental digital rights and self-reliance of citizens through knowledge and awareness. Van Gemert brings forward three subjects for discussion with the audience: 1) How do security and freedom relate to each other conceptually? 2) What is the role of Privacy First? Is it always to be an opposing force or can it also be an ally? 3) What is the role within cyberspace of our law-enforcement and supervisory organs, for instance the police? What is their role when it comes to individual emergency aid and law-enforcement in cyberspace?
Discussion with the audience
Even though Van Gemert is not responsible for the cybercrime department, he is nevertheless prepared to say one or two things about it on behalf of the Ministry of Security and Justice. Answering a question from the audience about the possible international consequences which an intervention in cyberspace from the Netherlands may have, Van Gemert points out that the concept of virtuality requires a different approach compared to a territorial approach when it's not clear where a particular server is situated. He hereby makes a comparison with the development of maritime law in international waters. The country in which the damage occurs should form a point of reference in terms of jurisdiction. However, in this regard there are no unequivocal answers; the national and international rules on these matters are not yet clear. Brenno de Winter emphasises that Dutch hacking activities in foreign countries could well set a dangerous international precedent. What if a country like Iran ascribes those same powers to itself? This is a concern that is shared with others among the audience.
Another question from the audience relates to the public-private partnership as is the case with Diginotar. Israeli wiretapping systems in the Netherlands are being referred to as well. Does the Netherlands not make itself enormously vulnerable with this? Van Gemert replies that this has indeed become a prominent question since the Diginotar affair. However, he is not willing to go into the topic of wiretapping systems since he's not involved in this policywise. Then it's being mentioned from the audience that, within public-private partnerships in the area of cyber security, Dutch NGOs are structurally being kept out. De Winter too remarks that the NCSC is seen by many as an unreachable fortress where you're not being heard. Van Gemert responds to this saying the NCSC certainly does look for contact with pressure groups. Here too the question is which side do these pressure groups pick: do they take on an opposing or a supporting role? "I'm convinced that we should look for new forms of cooperation between the government, the industry and trade, the citizenry and with pressure groups, which make sure our society becomes more secure. Looking out for those contacts is the reason that I'm standing here," Van Gemert says.
Another question from the audience is about the detection of hack attempts. To what extend is this being delegated by the government to industry? Van Gemert reacts saying that the government does the detection work itself on the basis of the exchange of digital traffic data (not on the basis of content) as far as it concerns the vital (government) infrastructure; companies take care of such detection efforts themselves. Someone in the audience remarks that in this respect the government could take up the role of bringing together relevant knowledge and experience in each individual business sector. Another comment from the audience concerns the lack of international rules that was presupposed earlier: why does the Netherlands not conform itself to the already existing Budapest Convention on Cybercrime and why are the legal possibilities under this Convention not being adequately used? Other observations deal with the cooperation between Dutch municipalities, the banks and the telecom sector. Someone asks how big a threat cyber warfare really is and how the Netherlands prepares itself for it. Van Gemert here refers to cyber as the 'fifth battlefield' apart from the four domains of land, sea, air and space. This is an actual development: by now there are about 20 countries which have the capacity for this type of warfare. There are a lot of financial cuts in the Netherlands, but money is actually being invested on cyber matters by the Ministry of Defence. Cyber war entails a new question of attribution: which country inflicts the damage and how is one to react to it? During the discussion the US Patriot Act is mentioned as well as the risks of storing data in 'the cloud'. "Think carefully about what you put in the cloud," Van Gemert advises. Then comes the question to what extent the government considers the protection of personal data vital for our infrastructure and to what degree the government is keeping an eye on the risks of identity fraud and identity theft through the coupling of personal data to citizen service numbers. Does the government endorse the Scientific Council for Government Policy report called iGovernment? Is declaring a cyber state of emergency equivalent to a disaster or warfare situation in which all regular legislation can be nullified with all the privacy risks it entails?
Someone mentions that the police power to hack into computers of citizens could imply that computer data of individuals could be changed without it being noticed and could then be used against those same individuals. Van Gemert replies that personal data is fundamental and critical data that is to be protected properly. Not just companies but citizens themselves ought to be better aware of this. As far as a state of emergency is concerned, Van Gemert remarks that this was not even proclaimed during the Dutch flood of 1953. In terms of cyberspace there is no need for new, complementary legislation for a state of emergency. Current legislation for a state of emergency can only be applied in extreme situations.
Another point of discussion is the fact that for years the Dutch government has been dependent on Microsoft: why is this situation (with the associated privacy risks) lasting ever longer? On request Van Gemert clarifies his earlier remarks on a cyber state of emergency: such a situation cannot be proclaimed on the basis of a single incident, but only when we're dealing with large-scale societal breakdown. Then it is being asked from the audience to what degree the government has the responsibility of not making legislation and policies which can be copied and abused by other countries, like the way companies are not allowed to deliver certain dual use equipment to certain countries. Van Gemert tells that for some goods there are indeed UN sanctions lists: the Dutch General Intelligence and Security Service (AIVD) verifies this. A free internet abroad is mainly supported by the Dutch Ministry of Foreign Affairs. Generally speaking, a democratic society always needs to abide to a moral guideline. Then the discussion about possible government powers to hack computers in foreign countries comes to life again among the audience. In this context, does the permission of an examining magistrate offer sufficient protection against abuse? Someone else in the audience remarks that, nowadays in the area of phone-tapping, the examining magistrate has become some sort of rubber-stamping device. Someone remarks that Van Gemert's distinction of five domains of warfare is put too simply. In international law, traditionally there are only three domains of warfare: land, sea and air. Since the 1970's, in space the principle of 'peaceful use of outer space' applies. So why not introduce a similar new principle of 'peaceful use of cyberspace?'
In reaction to a question about guaranteeing privacy, Van Gemert replies that he attaches importance to clarity over what is and what isn't allowed. Through investigative powers sometimes one's innocence can also be proved. The challenge is finding the balance between cyber security and privacy, Van Gemert says. Then someone in the audience points to the dangers of the coupling of personal data and function creep. Our democratic constitutional State is no invariable matter of fact. Does the government take this into account? Van Gemert iterates that the challenge is in finding the right balance. Calls for new legislation by parliament after an incident are not always adhered to by the government, for instance when it concerns anti-terrorism legislation and emergency legislation. Then someone in the audience states that for a raid a search warrant is required, which is verifiable for the citizen. This verifiability is absent when hacking into a computer. Van Gemert responds by saying that such verifiability is equally missing when it comes to phone tapping or police observation, especially when it's a case that's not brought to court. In this respect, De Winter remarks that neither the existing compulsory notification is complied to by the government. From the audience it is added that through all registration measures the presumption of innocence of citizens is put under pressure. This changes society and makes people start to comply with an 'all-seeing government'. As a response, Van Gemert underlines once more that 'privacy and security cannot do without each other'. In his view these sorts of discussions are important to get more clarity and to be able to make steps forward. Finally, Van Gemert stresses the importance of a security concept in cyber space with sufficient attention to privacy.
De Winter gives the final word to the Privacy First Foundation. Chairman Bas Filippini thanks Van Gemert for his open attitude toward the opposition. In the view of Privacy First, discussions such as these are fundamental. In recent years there has been too little dialogue with the privacy movement; the government has grown bigger while participation by citizens has decreased. Privacy First is happy to accept the invitation to become part of the coalition. "We will be a necessary irritant, but you have to be able to deal with that", Filippini concludes.