Warning

JUser: :_load: Unable to load user with ID: 65

"La proposta del primo cittadino van der Laan rafforza la possibilità già prevista dalla legge di perquisire i cittadini sulla base del semplice sospetto nelle zone a rischio. Proteste dal partito liberale D66 e delle associazioni: "Superato ogni limite".

Il comune di Amsterdam vuole dotare la polizia di body scanner "portatili" che consentano di 'guardare' attraverso i vestiti dei sospetti e di individuare facilmente armi o altri oggetti non consentiti. Non si tratta di una promessa "elettorale" giustizierista di Geert Wilders ma di un annuncio del primo cittadino della capitale olandese, il sindaco laburista Eberhard van der Laan ripreso con gran clamore dalla stampa nazionale. Per il borgomastro, l'introduzione di questi sofisticati strumenti, che avrebbero in dotazione un sensore capace di "fiutare" anche droghe o esplosivi, potrebbe rappresentare un valido aiuto per implementare la politica di "stop and search" ossia la possibilità riconosciuta dalla legge olandese alla polizia, di condurre, sulla base del semplice sospetto, perquisizioni casuali in zone della città considerate a rischio.
(...)
Due anni e mezzo dopo, le parole del sindaco di Amsterdam riaprono il caso ma il partito laburista, per bocca dell'ufficio stampa, cerca di smorzare, preventivamente, le polemiche: "La discussione non è ancora iniziata ma noi pensiamo si possa trattare serenamente del tema magari individuando dei limiti a tutela della privacy: per esempio, noi diremmo no a scanner come quelli impiegati all'aeroporto di Schipol, che fotografano i contorni del corpo e consentono immagini in alta definizione". Intanto, il tema è stato all'ordine del giorno in commissione sicurezza del comune, lo scorso giovedi, ma l'aula ha deciso di riaggiornare il dibattito a gennaio 2013, probabilmente per spegnere le vigorose, benchè isolate, proteste che si sono levate proprio alla vigilia dell'inizio della campagna elettorale per le elezioni politiche di settembre. Si è fatto sentire, infatti, il partito liberale D66, piccolo ma influente movimento che per bocca del capogruppo in consiglio comunale Jan Paternotte ha fatto sapere al sindaco che non ha alcuna intenzione di prendere in considerazione la proposta: "La facoltà, per la polizia di fermare in strada chiunque, senza ragione, ed effettuare perquisizioni è già una misura estremamente invasiva e potenzialmente discriminatoria ma con il bodyscan superiamo ogni limite", ha tuonato Paternotte e ha concluso: "E' davvero necessario che la polizia di Amsterdam possa venire a conoscenza di ogni dettaglio della vita privata dei cittadini?". Dello stesso avviso l'associazione "Privacy First" che ha attaccato l'idea del borgomastro, annunciando mobilitazioni ed azioni legali per contrastare l'eventuale misura."

Read the entire article in Italian newspaper il Fatto Quotidiano HERE, or click HERE for an 'English version' in Google Translate.

This week the Dutch House of Representatives will vote on a legislative proposal on the taking of 10 fingerprints of all foreigners (immigrants) for criminal investigation and prosecution purposes. This legislative proposal originally dates back to March 2009, the period in which all the Dutch government could come up with was privacy-intrusive legislation. The Privacy First Foundation deems this legislative proposal to be in breach of the right to privacy and the prohibition of self-incrimination. Below is the email that Privacy First sent to relevant Members of Parliament this afternoon:

Dear Members of Parliament,

Next Tuesday you will cast your vote on a legislative proposal aimed at extending the use of biometric features (fingerprints, facial scans) of immigrants. Hereby the Privacy First Foundation advises you to vote against this legislative proposal, especially in light of its disproportionate character. This disproportionality is demonstrated by the lack of relevant statistics and the relatively low fraud figures mentioned in the annotation to the legislative proposal dated 13 July 2012 by former Minister for Immigration, Integration and Asylum Gerd Leers (Christian-democratic party CDA).[1] As with all human rights, any infringement of the right to privacy (Article 8 of the European Convention on Human Rights, ECHR) requires a concrete statistical necessity instead of vague suspicions and wishful thinking. Therefore, it is all the more worrying that under this legislative proposal the prints of as many as 10 fingers will be taken of every immigrant to ‘compensate’ for the fact that the biometric technology is inadequate to suffice with just one or two fingerprints. However, are these 10 fingerprints not actually meant to serve the interests of criminal investigation behind this legislative proposal...? In this respect, a comparison could be made with the following consideration by the Minister of Justice Benk Korthals (Dutch political party VVD), dated 10 December 2001:

‘‘In response to the question by the CDA, I am not prepared to proceed to the taking of fingerprints of all Dutch citizens in the interests of criminal investigation. This would be disproportionate, considering for example the number of print cases offered on an annual basis, in the whole of the Netherlands around 10,000. Furthermore, it is basically impracticable because prints have to be made of all ten fingers and possibly the hand palms for them to be of any use for criminal investigation. Apart from the administrative processing and control, this would require too big a drain on police resources. In the context of the new ID card, a new biometric feature such as a fingerprint will possibly be adopted. This will be about determining whether the holder of the ID card is in actual fact the very person that is mentioned on it. Perhaps just one fingerprint will be enough for that, but that is absolutely insufficient for criminal investigation.’’[2]

In other words: under the guise of combating fraud, with this legislative proposal a centralised search register of immigrants is created, exactly in the same way that this was about to happen a few years ago with the fingerprints of all Dutch citizens. Privacy First assumes that the various reasons why this last project was reversed midway through 2011 at the insistence of your Parliament (!) are known to you and apply just as much for the current legislative proposal. In addition, this proposal has a stigmatizing effect since it causes a whole population group (immigrants) to be seen as potential suspects. This creates an inversion of the presumption of innocence and conflicts with the prohibition of self-incrimination. In that sense the legislative proposal constitutes a collective violation of both Article 6 (nemo tenetur) and Article 8 ECHR (privacy and physical integrity). With regard to the Passport Act, this has led to a Dutch and European snowball effect of lawsuits since 2009. Therefore, Privacy First hopes that the House of Representatives has the progressive insight to prevent a repetition of this history.

Yours sincerely,

The Privacy First Foundation

[1] See Annotation on account of the report, Parliamentary Documents II, 2011-2012, 33192, no. 6, at 2-3, 5-6, 23, 25-27.

[2] Letter of the Minister of Justice (Benk Korthals) dated 10 december 2001, Parliamentary Documents II, 2001-2002, 19637 (Policy on refugees), no. 635, at 7.

Update 29 January 2013: the legislative proposal (no. 33192) has unfortunately been accepted by the House of Representatives this afternoon (video; starting at 19m36s). Dutch political parties D66, SP, ChristenUnie and the Party for the Animals voted against. Read also the report by Privacy Barometer and today’s article in newspaper NRC Handelsblad. Next stop: the Senate...

Update 29 January 2013, 21:45: Left-wing party GroenLinks ('GreenLeft') has notified that it had intended to vote against and will have the voting record corrected.

Update 30 January 2013: today GroenLinks notified the House of Representatives of its vote against the legislative proposal.

Update 31 January 2013: the article in NRC Handelsblad was also published in the affiliated newspaper NRC Next. Read also today's article in newspaper Nederlands Dagblad.

Update 8 February 2013: for the current status of the legislative proposal in the Dutch Senate, click HERE.

Update 6 March 2013: today Privacy First has sent a similar version of the email above to the Commission for Immigration and Asylum of the Dutch Senate.

Published in Law & Politics

The Privacy First Foundation regularly organises networking drinks combined with informational sessions for our volunteers, donors and experts from our network of journalists, scientists, jurists and people working in ICT. Since July 2011, these events are organised about every three months and take place at the Privacy First office in the former building of de Volkskrant newspaper in Amsterdam. Themes discussed so far have been privacy in the Netherlands (speaker: Bart de Koning), biometrics (Max Snijder) and profiling by the government (Quirine Eijkman and André Hoogstrate). There were also book presentations by Dimitri Tokmetzis (De digitale schaduw – The digital shadow) and Adriaan Bos (Advocaat van de waarheid – Advocate of the truth). On Thursday night 13 September this year, we had a real scoop: a lecture about the Dutch General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst, AIVD) and the right to privacy by no one other than the Head of the AIVD himself, Mr. Rob Bertholee. (Click HEREpdf for the invitations to our network (in Dutch). Would you also like to receive our invitations from now on? Email us!) The following morning, the essence of Bertholee’s lecture appeared on the AIVD website: click HERE (in Dutch). An article in Dutch newspaper Telegraaf about the event was published today. Below is a translated summary of Bertholee's speech and the discussion with the audience that followed (taking over two hours in total).

A common goal: freedom in an open democratic society

The night starts with a short introduction by Privacy First chairman Bas Filippini. In Filippini’s view, Privacy First and the AIVD actually pursue the same objective, namely freedom in an open democratic society, albeit from different perspectives. Rob Bertholee affirms this and says that tonight, contrary to what some may think, he doesn't really consider himself to be in the lion’s den. After a long career in the army, Bertholee has been the Head of the AIVD for nine months now. One of his first impressions of the AIVD was one of a professional organisation with people who are driven by their ideals, he says. Both the AIVD and the MIVD (military intelligence) have to deal with risks and threats to national security and the democratic legal order, in other words, with threats to our way of life and the guarantees for our freedoms thereof. As a result of internationalisation and new technologies, threats and risks increase in number and have a greater impact and reach. An example is the internet that, apart from its positive aspects, has a downside to it as well. 
Rob Bertholee


Security is not a fundamental right

The AIVD has two main tasks: intelligence and security. Formally however, security is not a fundamental right, Bertholee rightly remarks. In its case-law, the European Court of Human Rights has indicated that States are obliged to take all reasonable measures against life-threatening situations, he says. Subsequently, the Council of Europe has endorsed this in its Guidelines on human rights and the fight against terrorism. Whereas Privacy First focuses on the protection of the individual, the AIVD concentrates on the protection of the community of individuals. In between there’s a trade-off: in order to protect the community, sometimes it is necessary to infringe the rights of the individual. Bertholee then mentions a couple of tasks of the AIVD which do not infringe the right to privacy. This is the case for 1) personal security assessment and 2) protective measures for individuals, organisations and companies, for example in relation to espionage. In these two cases the law dictates that the AIVD is, by law, not allowed to deploy special intelligence powers. It is exactly the deployment of such powers that infringes people's privacy.

An important part of the AIVD is the National Communications Security Agency (Nationaal Bureau voor Verbindingsbeveiliging, NBV) which supports the Dutch central government in securing special information. The NBV evaluates security products and plays a role in their development. It is this agency where, for example, USB flash drives for the government are tested on data leakages. Then there’s the political intelligence task of the AIVD abroad, "which, admittedly, intrudes upon people's privacy, but not here in this country". Finally, there’s the task of making threat analyses for certain individuals (for example politicians), organisations or events. One task of the AIVD through which privacy in the Netherlands is put at stake concerns the assessment of ‘threats to our national security, the continuation of democratic rule of law and other, important State interests". This assessment is carried out, first of all, through open sources (media, internet, etc.), but can (subsequently) proceed by shadowing, monitoring or eavesdropping of persons or by penetrating virtual or physical spaces. In this respect Bertholee emphasizes the high degree to which employees of the AIVD are aware of 'the spirit' of the Dutch Intelligence and Security Services Act 2002 (Wet op de inlichtingen- en veiligheidsdiensten, Wiv2002). "As a citizen I felt reasonably reassured from the moment I had an understanding of what the AIVD was actually doing and what it could and was allowed to do, and also by the way the government can continue to exercise control over a service like the AIVD," says Bertholee. "You don't have to believe me, but I just wanted to share this with you," he jokes. Then he’s resolute again in saying "our tasks and powers are all clearly defined by law."

Rob Bertholee

Legal framework

In the field of counter-terrorism, at the moment most of the AIVD’s attention goes out to (potential) Jihadists and radical 'lone wolves' like Anders Breivik. Bertholee finds it worrisome that such lone wolves are hard to track down, even though relevant information is sometimes available, for example at healthcare institutions or the police. A difficult dilemma is, on the one hand, the question whether or not certain events could have been prevented by correlating information on national and international levels and, on the other, which risks society is willing to take in order to preserve people's privacy, Bertholee explains. However, he can well imagine that citizens worry about the correlation and international exchange of data and that this is bringing about a 'Big Brother' experience. As a citizen, Bertholee himself is worried about this too. Where is the right balance between protecting the individual and protecting the community? Every special power of the AIVD is anchored in the Wiv2002. The most simple special power is talking to people (Article 17 Wiv2002). For every single special power in the Wiv2002 the following requirements apply: 1) necessity, 2), proportionality and 3) subsidiarity. Therefore, special powers may only be deployed in case open sources (internet etc.) prove to be insufficient. The AIVD is to continually ask itself: is it strictly necessary? And are we very certain that there are no lighter measures at our disposal? The enforcement of those very powers is verifiable afterwards. Apart from opening letters (this falls under the Dutch Postal Act) there is no investigative magistrate involved. However, for the use of every special intelligence power the approval by the Minister of the Interior and Kingdom Relations or by the Head of the AIVD on behalf of the Minister is required. Moreover, every new employee of the AIVD gets a basic education through which he or she is being taught, among other things, about the Wiv2002. In this context, Bertholee relates an interesting anecdote: once in a while the AIVD invites a number of journalists, members of Parliament or jurists to discuss a case. It turns out that those not working for the AIVD are more inclined to allow the use of special powers than the AIVD employees themselves. As an answer to a question from the audience, Bertholee says that he himself gave an explanation about the Wiv2002 to Interior Minister Liesbeth Spies, just one and a half hours after she was sworn in by Queen Beatrix. "We have no rules of our own, we abide to what is written in the law," Bertholee says. He goes on telling about the process that sees the deployment of a special power: it starts with an employee who wants to use a special power for an AIVD investigation. The employee is to account for his request in writing and an AIVD operational lawyer looks into it. The request is then sent to a supervisor, after which it is forwarded to Bertholee. Finally, the request ends up at the desk of the Interior Minister. This happens case by case, always taking the prerequisites of the Wiv2002 into consideration. No form of pressure is allowed in the event the AIVD makes a request for information to citizens. The same goes for requesting information to journalists: it is entirely up to them to cooperate or not. "If a journalist is not willing to cooperate, then that’s a pity for the AIVD and that’s where things end", Bertholee explains. However, some (parts of) conversations are being registered in a memo since everything needs to be verifiable for the AIVD.

Supervisory mechanisms

Bertholee tells about the way the AIVD is monitored by various bodies that each play their own role. First of all there’s the Dutch Parliamentary Commission for Intelligence and Security Services ('Commissie Stiekem') which consists of all the leaders of Parliamentary parties. Then there’s the (public) Parliamentary Commission for the Interior. The legality of the execution of tasks by the AIVD is scrutinised by the Dutch Review Committee on the Intelligence and Security Services (Commissie van Toezicht betreffende de Inlichtingen- en Veiligheidsdiensten, CTIVD); this is an independent supervisory body which consists mainly of legal experts. According to Bertholee, in recent years the CTIVD assessments on the AIVD have largely been positive. Furthermore, the Netherlands Court of Audit (Algemene Rekenkamer) examines the (secret) budget of the AIVD. Both the CTIVD as well as the Court of Audit have access to everything within the AIVD.

Revision of the Wiv2002

With regard to a possible revision of the Wiv2002, Bertholee remarks that the legal space currently offered is sufficient for the AIVD and that he doesn’t need more powers. However, he does think it is "particular" that the Wiv2002 is in some aspects related to the Dutch Postal Act and to the Telecom Act, which makes it necessary for the AIVD to get the permission of an investigative judge to open a letter, while that same permission is not required for intercepting or opening an email. Hence the legislation is technology-dependent and "something needs to be done about that", Bertholee states. Besides, the CTIVD has proposed to change the legislation with regard to SIGINT (Signals Intelligence). Furthermore, Parliament may evaluate the Wiv2002 in the near future. It seems there are two thorny issues at the moment: a possible ban on using journalists as informants and more control over the effectiveness of the AIVD. The difficult thing is that the effectiveness of an organisation like the AIVD is hard to measure; this is related to the nature of the work and the type of threats that are being averted. Bertholee: "I accept that life has certain risks. The question, however, is what society wants. How many casualties per year do you find acceptable?"

No Big Brother

Confronted with a question from the audience about new, predictive technologies and the effect that these can have on social behaviour, Bertholee makes clear "not to be in favour of Big Brother. There are limits to what you can and what you cannot do. This is also related to the risks that you are willing to take as a society." Bertholee responds to another question from the audience saying that a special power may only be used as long as it's necessary. When the necessity (i.e. the reason or threat) ceases to exist, the authority to use a special power ceases to exist as well. The CTIVD keeps an eye on that. Five years after a special power has been used, a duty of notification towards the citizen involved applies, unless this could reveal relevant sources or a current operational method. However, this duty to notify has so far never been used. In fact, Bertholee wonders whether such a notification could actually be experienced as an assault on one’s private life in case there was nothing going on with the person concerned.

Rob Bertholee

International exchange

The Wiv2002 remains applicable to the international exchange of intelligence between the AIVD and foreign secret services, Bertholee explains. Furthermore, an international code of conduct applies. The exchange of intelligence is examined from case to case and from country to country. In the event of exchange, what is allowed to happen with the intelligence in question is being indicated. Internationally this is being adhered to pretty well, according to Bertholee. However, in some cases, or rather, with some countries the exchange of intelligence could become a dilemma...

Drawing the line where violence starts

One question relates to the degree to which activists figure in AIVD files. Bertholee explains that, in principle, the AIVD conducts no investigations into activists. "We don’t care what someone thinks. We do not represent the moral high ground of the Netherlands. It is only when violence comes into play - or calls for violence, clear intentions towards violence, radicalisation - that we feel involved."

Current risks

During the discussion with the audience Bertholee emphasizes that it’s not the aim of the AIVD to collect as much data as possible. The aim is rather to collect the right information in order to be able to fend off threats. It is not the AIVD, but the industry that is the driving force behind the development of information technology that, unfortunately, is also used in less democratic countries. In response to a question Bertholee admits that there is a risk that a service like the AIVD could 'drown' in an abundance of data. Biometrics are one such development of new technology. This makes it more difficult to assume a new identity, both for people with bad intentions as well as for officers of the AIVD itself. Furthermore, the privatisation of intelligence is risky, especially due to the lack of legislative checks and balances.

Finally

Bertholee finishes his speech by emphasizing once more that the AIVD 1) doesn’t keep records of everyone, 2) doesn’t wiretap everyone, 3) shoots nobody, 4) doesn’t arrest anyone, 5) doesn’t force cars into the kerb, 6) doesn’t torture anyone, 7) doesn’t hack into every computer, 8) has no enforcement powers, 9) doesn’t put pressure on people and 10) doesn’t recruit journalists. Then Privacy First chairman Filippini rounds off the night and invites everyone present for drinks with music.

Handover of the book 'The digital shadow' and a bottle of wine by Bas Filippini to Rob Bertholee

 

Postscript Privacy First: as international peace and security often benefit from dialogue between 'opponents', the same goes in our country for a good relationship between the government and civil rights organisations like Privacy First. In that sense we consider this night to have been very valuable and we hope that the AIVD deems this event to be worth repeating in the future!

Screenshot AIVD website 14 September 2012

Update 27 September 2012: as a result of Bertholee's speech, a second article appeared in Dutch newspaper Telegraaf.

Published in Meta-Privacy

This afternoon the Privacy First Foundation sent the following email to the Dutch Senate: 

Dear Members of the Senate,

Recently the international Amsterdam Privacy Conference 2012 took place. In his opening speech at this conference, Dutch politician Lodewijk Asscher principally addressed the current legislative proposal of regulating prostitution. Asscher voiced the expectation that the envisaged registration of prostitutes will lead to lawsuits that will end up before the European Court of Human Rights in Strasbourg. The Privacy First Foundation shares this expectation. Therefore, we hereby make an urgent appeal to you not to let things get this far and to reject the legislative proposal during the plenary discussion this coming Tuesday, October 30th. Privacy First does so on the following grounds:

1. Compulsory registration of prostitutes will lead to a shift of prostitution to the illegal circuit. Thereby this legislative proposal will prove to be counterproductive, with all the risks this entails. The social (legal) status of prostitutes will become further weakened instead of strengthened.
2. Compulsory registration of prostitutes violates the right to privacy because it concerns the registration of sensitive personal information. This is prohibited under Article 16 of the
Dutch Data Protection Act and is in breach of Article 8 of the European Convention on Human Rights.
3. Registration of prostitutes has a stigmatizing effect. Moreover, the security of this registration cannot possibly be guaranteed and there is also the danger of function creep. Therefore, the supposed advantages of registering do not outweigh the risks of data breaches, hacking, unauthorised and unforeseen use - now and in the future. This, in turn, also implies new risks of abuse and blackmailing.  
4. Combating criminality and human trafficking ought not to happen through the risky registration of prostitutes, but rather through more effective criminal investigation, prosecution and adjudication of the culprits without putting the victims in danger. For that purpose it is up to the Minister to develop alternative, privacy-friendly instruments in consultation with relevant NGOs.

We are willing to supply further information on the above points upon request.

Yours sincerely,

Privacy First Foundation

Update 30 October 2012: this afternoon the Senate heavily criticised (especially) the privacy aspects of compulsory registration of prostitutes. As a result, Minister Ivo Opstelten has decided to reconsider his approach to the issue. It now seems that compulsory registration is shelved. The discussion on other parts of the legislative proposal is postponed until further notice. Click HERE for an audio recording of the parliamentary debate (in Dutch) until its suspension (mp3, 2u53m, 119 MB).

Published in Law & Politics

On Thursday morning 23 August 2012, the Dutch Royal Military and Border Police (Koninklijke Nederlandse Marechaussee, KMAR) presented to the international press the by now notorious Dutch camera system called @migo-Boras. That same afternoon the Privacy First Foundation was visited in Amsterdam by a camera crew of international news agency Associated Press (AP). For copyright reasons unfortunately we cannot publish the video material from AP. Among other things, Vincent Böhre (Privacy First) declared the following to AP:

‘‘Our main concerns are about privacy, because this system is based on profiling and total surveillance of everybody driving on the highway. Our second objection is of course the Schengen Agreement: this system really comes down to border control, even though they don’t want to call it that way. But if you look at the capabilities of the system and the intentions behind it, it’s pretty clear that it comes down to border control, and that's also what most lawyers say.’’

The news report that was then distributed across the world by AP is set out below:

‘‘Amid privacy concerns, Dutch immigration minister shows off new border cameras targeting crime’

THE HAGUE, Netherlands (AP) — The Dutch immigration minister has shown off the government’s new system of cameras posted at border crossings with Germany and Belgium that he says will help clamp down on crimes like drug and people smuggling and illegal immigration.

However the new surveillance system has raised concerns among privacy activists.

The European Commission says that, based on information provided by Dutch authorities, the surveillance does not appear to breach the Schengen agreement governing freedom of movement within the 27-nation bloc and does not amount to a reintroduction of border controls.

However, the Commission says it will monitor the use of the cameras, which are posted at 15 highway border crossings. Immigration Minister Gerd Leers said Thursday the cameras are intended to help police target suspicious vehicles.’’
(Example: Montreal Gazette, via AP Worldstream)

Meanwhile, the Privacy First Foundation still considers taking legal action against @migo-Boras. It does so because 1) the system still has no specific legal basis, 2) the system is not necessary because it is solely 'supportive' to the task of the KMAR called Mobiel Toezicht Veiligheid (Mobile Security Monitoring) which is to check up on people from other Schengen countries travelling into the Netherlands, 3) the system is disproportionate because it is meant to track down a few individuals at the cost of the privacy and freedom to travel of everyone, 4) people are stopped and searched by the KMAR on the basis of the unlawful criterion of 'being interesting' instead of the lawful criterion of being under the 'reasonable suspicion of a criminal act', 5) the effectiveness of the system has thus far not been proved, 6) the system considers everyone at border crossings a potential suspect, 7) in practice, some elements of the system have a discriminatory effect, 8) the system seems increasingly set to be extended with four weeks of storage of everyone's travel movements through Automatic Number Plate Recognition (ANPR), 9) within the system design there is 'function creep (derogation from the original purpose) by design' instead of 'privacy by design' and 10) despite the judgement of the European Commission things basically come down to mass electronic border controls which are prohibited under the Schengen Agreement.

See also the following items (in Dutch, on privacyfirst.nl):

Big Brother-systeem zet privacy automobilist aan kant (Telegraaf.nl, 10 September 2012)

Interview met Privacy First over camerasysteem @migo-Boras (BNR Nieuwsradio, 1 August 2012)

Met @migo-Boras maak je geen vrienden (Privacy First, 5 January 2012)

Interview met Privacy First over nieuw grenscontrolesysteem @migo-boras (NOS Radio 1, 30 November 2011)

Interview met Privacy First over nieuw grenscontrolesysteem @migo-Boras (ZDF Journaal, 25 November 2011)

Click HERE for more items about @migo-Boras.

Published in CCTV

This morning in Geneva the long-awaited Universal Periodic Review (UPR) of the Netherlands took place before the Human Rights Council of the United Nations (UN). In the run up to this four-year session, the Privacy First Foundation and various other organisations had emphatically voiced their privacy concerns about the Netherlands to both the UN and to almost all UN Member States; you can read more about this HERE. The Dutch delegation for the UPR session was led by Interior Minister Ms. Liesbeth Spies. The opening statement by Spies contained the following, remarkable passage about privacy:

"The need to strike a balance between different interests has sometimes been hotly debated in the Dutch political arena, for example in the context of privacy measures and draft legislation limiting privacy. The compatibility of this kind of legislation with human rights standards is of utmost importance. This requires a thorough scrutiny test, which is guaranteed by our professionals and institutions. Improvements in this regard have been made when necessary, especially in the starting phase of new draft legislation. This has been done in the field of privacy, where making Privacy Impact Assessments (PIAs), describing the modalities for the planned processing of personal data, are compulsory now." (pp. 5-6, italics Privacy First)

A "thorough scrutiny test" and compulsory Privacy Impact Assessments are the terms that positively stand out for Privacy First.

Prior to the UPR session, the United Kingdom had already put the following questions to the Netherlands: "Given recent concerns about data collection and security, including the unintended consequences of cases of identity theft, does the Netherlands have plans for measures to ensure more comprehensive oversight of the collection, use and retention of personal data?" (Source) On behalf of the Netherlands, Minister Spies responded to this question in Geneva this morning saying: "On the review of our laws on data protection, The Netherlands are currently working on a legislative proposal on data breach notification, following announcements of this proposal in the present coalition agreement. The proposal, which would require those responsible for personal data to notify the data protection authorities in case of "leakage" of personal data with specific risks for privacy (including identity theft), is expected to be tabled in Parliament in the coming months." This answer is rather concise and unfortunately it doesn’t contain any new elements. However, a new Dutch law on compulsory notification for data leakages will hopefully become a best practice for other UN Member States. The credits for this go to our colleagues of the Dutch NGO Bits of Freedom who have worked on this for a long time.  

During the UPR session Estonia called the protection of privacy and personal data a "human rights challenge of the 21st century". Morocco then asked a critical question about the privacy issue: "Quelles sont les mesures concrètes entreprises par les autorités néerlandaises pour sécuriser l'utilisation des donnés personnelles?" ("What are the concrete measures taken by the Dutch authorities to protect the use of personal data?") The Philippines also raised the issue of the right to privacy, but only in these words: "The Philippine delegation appreciates the frank assessment of the Netherlands of the obstacles and challenges it has to hurdle in the implementation of the right to privacy especially in the area of protection of personal information." The comments by Greece, India, Russia and Uzbekistan were more content-focused. Greece addressed the practice of preventive searches: "We take note of reports regarding the issue of preventive body searches. We recommend that the Netherlands ensure that in its application of preventive body searches, all relevant human rights are adequately protected, in particular the right to privacy and physical integrity and the prohibition of discrimination on the basis of race and religion." India exhorted the Netherlands on ethnic profiling of citizens: "We encourage the Dutch Government to take concrete measures to combat discrimination including discrimination by the Government such as ethnic profiling." Russia too advised the Netherlands "to introduce measures to stamp out discrimination arising as a result of the practice of racist, ethnic or religious profiling." The Netherlands was addressed about this very issue by Uzbekistan as well: "We are concerned over the existence of information on the increasingly broad use by the police of racist profiling."

As a reaction to these points Minister Spies referred to recent research by the Dutch police, scientists and the National, the Amsterdam and the Rotterdam Ombudsman about preventive body searches, discrimination and ethnic profiling. With regard to digital profiling (in general), she moreover proclaimed the following: "In its recent proposal for a general Data Protection Regulation, the [European] Commission has included rules on profiling, which can address the problems associated with profiling and the protection of personal data. The Netherlands endorses the need for clear legislative rules with regard to this topic, given the specific challenges for privacy protection that this technique entails. This is also the background against which the Netherlands welcomed in 2010 the Council of Europe Resolution on this topic, which contained a useful definition of profiling that would also be beneficial for inclusion in the [European] Commission proposals. The Netherlands will draw attention to this ongoing discussion in Brussels. The Regulation, once in force, will be directly applicable in the Netherlands." 

By and large this is a reasonable result, given that up until now the privacy issue had hardly played any role at all within the UN Human Rights Council. However, it’s a shame that most countries still hardly dare to confront this issue, let alone ask specific and critical questions about it. Many of the recommendations by Privacy First have not been touched upon during this UPR session, although diplomats in Geneva and The Hague had earlier shown great interest in them. Perhaps they were stopped by their Foreign Affairs departments in capital cities because many privacy issues are also sensitive in their own domestic politics? Who knows... However, the fact remains that the international community was informed by Privacy First well in advance, which was part of the reason that the Dutch UN delegation headed by Minister Spies was properly focussed on the job at hand. This can only be to the benefit of general awareness and the protection of privacy, both inside and outside the Netherlands. In the end, for us this is what it’s all about. 

Update 4 June 2012: This afternoon, a working group of the Human Rights Council adopted a draft report on the Dutch UPR session. The final version of this report will be adopted by the Human Rights Council in September 2012, accompanied by a (motivated) acceptance or rejection by the Netherlands of each individual recommendation in the report. Furthermore, this will also be discussed by the Dutch House of Representatives.

A total of 49 countries have taken part in the Dutch UPR session. It is noteworthy that Belgium, Italy and Austria did not take part in the session (although Belgium and Italy had in fact enrolled beforehand). As far as Austria is concerned this is particularly regrettable, because of all the UN Member States it was actually Austria which had in advance expressed the most interest in the Privacy First UPR shadow report and had intimated to be able to make a powerful, overall recommendation to the Netherlands about the right to privacy.  

Update 21 September 2012: This morning, the UN Human Rights Council discussed its recommendations to the Netherlands. The Dutch Permanent Representative in Geneva declared which recommendations have been accepted or rejected by the Netherlands; see this UN document and this video. The two recommendations by the Human Rights Council that related to ethnic profiling and preventive body searches have both been accepted by the Netherlands under the following clarification:

ethnic profiling: "The Dutch government rejects the use of ethnic profiling for criminal investigation purposes as a matter of principle." About profiling in a more general sense: "In its recent proposal for a General Data Protection Regulation, the European Commission included rules on profiling that address problems that may arise due to the increasing technical possibilities for in-depth searches of databases containing personal data. The Netherlands endorses the need for clear legislative rules on this subject, given the specific challenges for privacy protection that this technology entails." (Source, 98.57 & n. 75).
- preventive body searches: "The power to stop and search is strictly regulated in the Netherlands. The mayor of a municipality may designate an area where, for a limited period of time, preventive searches may be carried out in response to a disturbance of or grave threats to public order due to the presence of weapons. The public prosecutor then has discretion to order actual body searches and searches of vehicles and luggage for weapons."
(Source, 98.74 & n. 95).

See also this statement by the Netherlands Committee of Jurists for Human Rights (Dutch abbreviation: NJCM) from this morning (video). Just like the NJCM, Privacy First regrets the lack of government consultation in the run up to today’s UPR session.

Below you can watch the 31 May 2012 UPR session in its entirety (click HERE for video segments of individual countries). 

Published in Law & Politics
These days, of all human rights the right to privacy finds itself under the most pressure. Therefore, it is of great importance that the government, being the largest privacy violator, is tightly controlled by means of proper legislation. With good checks & balances, for the government itself as well as for monitoring possible privacy violators such as Microsoft, Google, Apple and large ICT companies like Cisco and Intergraph that set up entire electronic surveillance infrastructures in China.

Under the ‘principle of security’, current Western democracies are increasingly being led by suspicion, hate and control instead of the principles of trust, love and freedom. And all of this to protect those last three mentioned? In the view of Privacy First, the line in the sand has already been drawn in 2001. Under the guise of security our legislation has been heavily modified to the disadvantage of individual citizens and through function creep the boundaries of the application of this legislation are continuously being stretched. Will loitering youth and football hooligans soon be seen as criminal or terrorist organisations under our judicial system? And what about everyone who thinks or acts differently? Where can we draw the line? And who makes the decisions over this? And who will scrutinize the decision maker and the executor?

At the moment, it is under the big heading of ‘profiling’ that ever more privacy violations take place. The aim of profiling is tracking entire populations or target groups in order to identify so-called 'outliers' through criteria and norms that are to be imposed. Outliers are deviations from the norm: people who behave differently than the ‘normal group’, or a specific group the government has set its eyes upon, whoever it may concern. People who have unpaid bills, who drive too fast, who gather in groups, attorneys, journalists, activists, airplane passengers, those entitled to public aid, sect members, etc. Just identify and track them, you never know if there’s someone amongst them who hasn’t abided by the rules or who fits a certain profile you’re looking for.

Profiling is characterised by four aspects that in our perception are in conflict with the Dutch Constitution as the basis for our constitutional State:

  • The reversion of a fundamental principle of law: citizens are tracked en masse without a concrete, reasonable suspicion of a crime. Through profiling everyone becomes a potential suspect and everyone’s privacy can be violated unpunished.
  • With the current state of technology, profiling is aimed at continuous, real-time identification instead of passive registration and analysis of data of a citizen under reasonable suspicion. So we move from registration to identification, without the authorization and awareness of the trustful citizen. In this way, out of its own distrust the government abuses the good faith of citizens and in so doing imposes its own standard criteria. Without any democratic evaluation or strict legal guarantees.
  • The application of the technology used for profiling is based on the principle that ‘everything’s allowed if it’s technically possible’. For the greater part this development is invisible for citizens. Subway stations, trains, busses, trams, inner cities, police helmets and even parking machines (!) in Amsterdam are incessantly being equipped with cameras. These are linked to central control rooms and, where possible, fitted with identification and pattern recognition software in order to be able to directly perceive ‘suspicious matters’. The mantra of our government: ‘ill doers are ill deemers’.
  • Increasing restrictions to internet freedom of companies and individuals. Since 2010 all our personal telephone and email correspondence are being stored. All this is being done to prepare for profiling. At the moment the US Congress is working on a legislative proposal (Cyber Intelligence Sharing and Protection Act, CISPA) which grants private businesses and the US government the right to spy on citizens at any given moment and for as long as they want and to report them in case there are ‘outliers’. All of this without the need for a warrant. WikiLeaks, child porn, copying illegal content and the like are all too readily used to introduce new legislation to further restrict our internet freedom and which is to be applied in other areas the government wants to have control over. Preferably on a worldwide scale, without any democratic scrutiny. The government obliges citizens to increasingly use online services: the Citizen ‘Service’ (Control that is) Number (in Dutch: Burger Service Nummer, BSN), the Electronic Child File (Elektronisch Kind Dossier, EKD/DDJGZ), the Electronic Student File (Elektronisch Leerlingen Dossier, ELD), Diagnosis Treatment Combinations in healthcare (Diagnose Behandel Combinaties, DBC’s), etc. Of every citizen an ‘electronic life file’ comes into existence which in conjunction with electronic traces are to become able to predict suspect or deviant behaviour. Preferably in real-time and online. All of this, naturally, to protect our freedom...

In case fingerprints in passports will be replaced by new biometric features, the road will be cleared for a much worse form of profiling. Through the use of facial scans in databases, citizens will be able to be identified and tracked in public spaces in real-time and to be singled out through profiling on the basis of criteria predetermined by ‘someone’. In this process the government deliberately focuses on modifying the technology. As a result, there is 'fortunately' no need to talk about whether or not biometrics are actually desirable in our society, and if so, under which conditions and guarantees. Privacy First advocates for 'privacy by design' and privacy enhanced technologies as well as strict legislation with regard to biometrics and profiling. Because we don’t want to leave our children behind in an electronic concentration camp...

For a free, open and vivid 2012!

Bas Filippini,
Chairman of the Privacy First Foundation

Postscript: in the context of the National Privacy Debate, this column has also been published (in Dutch) as an Opinion by Dutch web-magazine Webwereld: http://webwereld.nl/opinie/110383/profiling-het-grootste-gevaar-voor-privacy--opinie-.html and http://nationaalprivacydebat.nl/article/ww/110383/profiling-het-grootste-gevaar-voor-privacy-opinie

Published in Profiling
These days, of all human rights the right to privacy finds itself under the most pressure. Therefore, it is of great importance that the government, being the largest privacy violator, is tightly controlled by means of proper legislation. With good checks & balances, for the government itself as well as for monitoring possible privacy violators such as Microsoft, Google, Apple and large ICT companies like Cisco and Intergraph that set up entire electronic surveillance infrastructures in China.

Under the ‘principle of security’, current Western democracies are increasingly being led by suspicion, hate and control instead of the principles of trust, love and freedom. And all of this to protect those last three mentioned? In the view of Privacy First, the line in the sand has already been drawn in 2001. Under the guise of security our legislation has been heavily modified to the disadvantage of individual citizens and through function creep the boundaries of the application of this legislation are continuously being stretched. Will loitering youth and football hooligans soon be seen as criminal or terrorist organisations under our judicial system? And what about everyone who thinks or acts differently? Where can we draw the line? And who makes the decisions over this? And who will scrutinize the decision maker and the executor?

At the moment, it is under the big heading of ‘profiling’ that ever more privacy violations take place. The aim of profiling is tracking entire populations or target groups in order to identify so-called 'outliers' through criteria and norms that are to be imposed. Outliers are deviations from the norm: people who behave differently than the ‘normal group’, or a specific group the government has set its eyes upon, whoever it may concern. People who have unpaid bills, who drive too fast, who gather in groups, attorneys, journalists, activists, airplane passengers, those entitled to public aid, sect members, etc. Just identify and track them, you never know if there’s someone amongst them who hasn’t abided by the rules or who fits a certain profile you’re looking for.

Profiling is characterised by four aspects that in our perception are in conflict with the Dutch Constitution as the basis for our constitutional State:

  • The reversion of a fundamental principle of law: citizens are tracked en masse without a concrete, reasonable suspicion of a crime. Through profiling everyone becomes a potential suspect and everyone’s privacy can be violated unpunished.
  • With the current state of technology, profiling is aimed at continuous, real-time identification instead of passive registration and analysis of data of a citizen under reasonable suspicion. So we move from registration to identification, without the authorization and awareness of the trustful citizen. In this way, out of its own distrust the government abuses the good faith of citizens and in so doing imposes its own standard criteria. Without any democratic evaluation or strict legal guarantees.
  • The application of the technology used for profiling is based on the principle that ‘everything’s allowed if it’s technically possible’. For the greater part this development is invisible for citizens. Subway stations, trains, busses, trams, inner cities, police helmets and even parking machines (!) in Amsterdam are incessantly being equipped with cameras. These are linked to central control rooms and, where possible, fitted with identification and pattern recognition software in order to be able to directly perceive ‘suspicious matters’. The mantra of our government: ‘ill doers are ill deemers’.
  • Increasing restrictions to internet freedom of companies and individuals. Since 2010 all our personal telephone and email correspondence are being stored. All this is being done to prepare for profiling. At the moment the US Congress is working on a legislative proposal (Cyber Intelligence Sharing and Protection Act, CISPA) which grants private businesses and the US government the right to spy on citizens at any given moment and for as long as they want and to report them in case there are ‘outliers’. All of this without the need for a warrant. WikiLeaks, child porn, copying illegal content and the like are all too readily used to introduce new legislation to further restrict our internet freedom and which is to be applied in other areas the government wants to have control over. Preferably on a worldwide scale, without any democratic scrutiny. The government obliges citizens to increasingly use online services: the Citizen ‘Service’ (Control that is) Number (in Dutch: Burger Service Nummer, BSN), the Electronic Child File (Elektronisch Kind Dossier, EKD/DDJGZ), the Electronic Student File (Elektronisch Leerlingen Dossier, ELD), Diagnosis Treatment Combinations in healthcare (Diagnose Behandel Combinaties, DBC’s), etc. Of every citizen an ‘electronic life file’ comes into existence which in conjunction with electronic traces are to become able to predict suspect or deviant behaviour. Preferably in real-time and online. All of this, naturally, to protect our freedom...

In case fingerprints in passports will be replaced by new biometric features, the road will be cleared for a much worse form of profiling. Through the use of facial scans in databases, citizens will be able to be identified and tracked in public spaces in real-time and to be singled out through profiling on the basis of criteria predetermined by ‘someone’. In this process the government deliberately focuses on modifying the technology. As a result, there is 'fortunately' no need to talk about whether or not biometrics are actually desirable in our society, and if so, under which conditions and guarantees. Privacy First advocates for 'privacy by design' and privacy enhanced technologies as well as strict legislation with regard to biometrics and profiling. Because we don’t want to leave our children behind in an electronic concentration camp...

For a free, open and vivid 2012!

Bas Filippini,
Chairman of the Privacy First Foundation

Postscript: in the context of the National Privacy Debate, this column has also been published (in Dutch) as an Opinion by Dutch web-magazine Webwereld: http://webwereld.nl/opinie/110383/profiling-het-grootste-gevaar-voor-privacy--opinie-.html and http://nationaalprivacydebat.nl/article/ww/110383/profiling-het-grootste-gevaar-voor-privacy-opinie

Published in Columns

Since a few days there is justified commotion over two new Dutch government plans that will grossly invade people's privacy. The first one is a plan by Dutch Minister for Immigration, Integration and Asylum Affairs Gerd Leers of the Christian-democratic party CDA to start creating automatic risk profiles of every airplane passenger. Before going on a business trip or on vacation, you will get a little green, yellow, orange or red flag behind your name. Without you knowing it. This is no hint at a surprise party, no, it’s because in the eyes of the Dutch government you may be a dangerous terrorist. At Schiphol Airport you are hopefully amongst those who can quickly go passed the security checks for people with green flags. In case you have a different flag you’ll be taken apart, thoroughly checked and interrogated and as a consequence you might miss your flight. The legislative proposal hasn’t yet been sent to the Dutch House of Representatives, but the government is already starting to build the corresponding central infrastructure (PARDEX). This is the state of democracy in the Netherlands in 2012.

The second plan has been concocted by Dutch State Secretary for Social Affairs and Employment Paul de Krom of the liberal party VVD. In terms of protection of privacy, De Krom happens to be just as uncompromising: his idea is to create comprehensive profiles of everyone entitled to social welfare from now on, on the basis of all the possible databases that can be linked to the municipal population register. In case an anomaly is found in your digital profile, you immediately appear on the radar of a central control room, a sort of Central Command for public benefits. Subsequently, it’s up to you to prove something’s not right with your profile, otherwise you may lose your benefit.  

Both proposals are all about profiling: creating and keeping up-to-date detailed risk profiles of ordinary citizens. In an ocean of information that for 99% derives from innocent people, Leers and De Krom are hoping to catch that 1% of (potential) troublemakers. (Do you remember 'The One Percent Doctrineby Dick Cheney?) In other words, it’s an inversion of the classic principle that the government is only allowed to intrude upon your privacy once there’s a reasonable suspicion of a crime. After all, through profiling everyone is treated as a (potential) suspect beforehand. This effectively turns the right to privacy into fiction.

Yesterday night this topic was discussed on Dutch radio programme Dichtbij Nederland (‘Close to the Netherlands’) on NTR, Radio 5. Apart from Vincent Böhre of Privacy First, two experts took part in the debate: criminologist Marianne van den Anker (former municipal councillor of the regional political party Leefbaar (‘Livable’) Rotterdam, dealing with security) and Marc Jacobs (writer and former police commissioner). The whole discussion can be listened to HERE (starting at 17m48s).

Published in Profiling
Monday, 19 December 2011 12:40

The Catalogue: having a good time shopping?

'The customer is king.' But does this saying also apply when during shopping you are completely screened and profiled by cameras, databases and Radio Frequency Identification (RFID) tags? Without you knowing it and without being able to do anything about it? How kinglike is that? A short film by British video artist Chris Oakley shows a shopping mall where everyone is unwittingly reduced into a digital consumption profile: click HERE to watch the video 'The Catalogue' (2004). Will this become the shopping mall of the future? Certainly not if it were up to Privacy First to decide. After all, as a customer you should remain king, and that includes remaining king over your own 'profile'.

Published in Art Collection
Page 2 of 3

Our Partners

logo Voys Privacyfirst
logo greenhost
logo platfrm
logo AKBA
logo boekx
logo brandeis
 
 
 
banner ned 1024px1
logo demomedia
 
 
 
 
 
Pro Bono Connect logo
Procis

Follow us on Twitter

twitter icon

Follow our RSS-feed

rss icon

Follow us on LinkedIn

linked in icon

Follow us on Facebook

facebook icon