Dutch intelligence illegally shared data with foreign services, says report

Sharing a selection of signals intelligence data without permission is illegal, the committee found

The Dutch Military Intelligence and Security Service (MIVD) illegally shared data with foreign services and hacked Web forums without ministerial approval, according to a report made at the request of the Dutch House of Representatives.

Although it is allowed to share data in bulk with other countries under existing partnerships, the MIVD illegally provided selected signal intelligence (SIGINT) data without permission of the relevant minister, according to the report, published late Tuesday.

SIGINT data is collected by intercepting signals in bulk, for instance by gathering information of communication between satellites. This way of intercepting communications is used to gather metadata as well as the content of the communication itself, according to the report.

The Dutch House of Representatives requested the information from the Dutch Review Committee for the Intelligence and Security Services (CTIVD), following concerns about surveillance by the U.S. National Security Agency (NSA).

The committee is an independent body consisting of three people that are appointed by Royal Decree on the recommendation of the relevant ministers, after being nominated by the House of Representatives.

The committee did not immediately respond to a request for comment, but Harm Brouwer, the committee's chairman, told Dutch public broadcaster NOS that the MIVD did not ask for permission to share a selection of the gathered SIGINT data. And "every illegal act by intelligence services is too much," he added.

The committee did not provide information on the selected information which was shared. It did also not disclose which foreign intelligence service received the selected data.

However, two new documents provided by NSA leaker Edward Snowden showed that the Netherlands intercepts vast amounts of Somali telephone traffic which it shares with the NSA, Dutch newspaper NRC Handelsblad reported on Saturday.

The telephone traffic was intercepted by the Dutch National Sigint Organisation (NSO), an alliance between the two Dutch intelligence services- General Intelligence and Security Service of the Netherlands (AIVD) and MIVD, according to the newspaper report. While the Dutch use the information to combat pirates operating off the Somali coast, the U.S. may be using the information to target terrorism suspects with armed drones, according to the newspaper.

The review committee found that both MIVD and the AIVD generally adhere to the law and did not indiscriminately intercept cable-based communications. But besides illegally sharing a selection of SIGINT data, it found other illegal intelligence activities by the agencies.

The AIVD for instance hacked Web forums where extremists reportedly exchange information without providing good reason for the hacks and without the proper permission needed from the minister, according to the report. As a result, personal data was collected from people that were not targets, according to the committee.

In order to prevent this from happening, the committee recommended the creation of additional safeguards.

The government accepted the suggestions and has introduced procedures and measures with regard to the hacking powers of the intelligence services, the Minister of the Interior and the Minister of Defense wrote in a letter responding to the report.

The process for sharing a selection of SIGINT information with foreign services will also be altered, they wrote.

The defense ministry, which runs the MIVD, did not immediately comment.

The Review Committee for the Intelligence and Security Services is still reviewing the AIVD's activities on social media, and a report on that is expected to be finished in April. The committee is also working on a more thorough review of the collaboration between Dutch intelligence services and foreign partners, which expected to be finished in May, Brouwer told the NOS.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags Dutch Review Committee for the Intelligence and Security ServicessecurityU.S. National Security Agencylegalgovernmentprivacy

More about IDGNational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place