What exactly happens to the five huge data sets with millions of personal data that are on the shelf at the secret services? That is the question since the complaint handling department of supervisor CTIVD ordered on Wednesday that those five sets must be destroyed within two weeks. The MIVD and AIVD hold them “unlawfully”. The retention period from the legal regulations had expired. According to the regulator, the services also had not properly argued why they needed more time to search the millions of data with privacy-sensitive data.
Because the advice of the complaint handling department of the CTIVD is binding, the responsible ministers have no choice but to implement their decision. They seemed to be planning to do that on Wednesday morning. Ministers Hanke Bruins Slot (CDA, Interior) and Kajsa Ollongren (D66, Defence) wrote the House of Representatives that the five bulk data sets must be ‘deleted and destroyed’. “The decision of the Complaints Handling Department is binding. The cabinet will therefore implement this decision immediately.”
Read the interview with the intelligence agency: ‘Most of the collected data is irrelevant’
‘Things you don’t want to throw away’
Immediately delete and destroy five data sets in their entirety, as the ministers write? In practice this is a bit different, according to an explanation of the AIVD. According to a spokesperson for the service, the decision of the CTIVD offers scope to partially retain the data. This concerns so-called ‘data processing’: data from the datasets that are already being used for ongoing investigations. “There is still work to be done,” says the spokesperson, “to see which data you can still use because they are part of ongoing research. In those sets there are things that you may not want to throw away and that you do not have to throw away from the CTIVD.”
For several years now, the services and their supervisors have been arguing about the five mega-data files. The ministers wrote again on Wednesday that they consider the datasets important for national security: “The government wants to emphasize that the bulk datasets to be destroyed contain data for investigations against threats from abroad.” Intelligence expert Ronald Prins therefore takes into account that the services will carry out new ‘bulk hacks’ to retrieve the same data again. The counter of the retention period will then start running again. “There is a chance that the services will immediately request to acquire data sets again,” he says. “There is a good chance that this will be allowed.” Prins has experience with this from the inside. He was a member of the Assessment Committee Deployment of Powers (TIB) from 2018 to the summer of 2020, which had to give permission for, among other things, the bulk hacks.
Intelligence expert and researcher Peter Koop also considers new electronic burglary attempts possible. “But”, he says immediately, “then the services must have a good story. Because they were apparently unable to explain to the CTIVD exactly what that data was good for.”
According to Ronald Prins, the chance is very small that the hacked target is now better protected against hacks. “The target probably never realized there was a hack.”
It is unclear what the purpose of the hacks was. Koop thinks it is “more about a physical threat” – terrorism or espionage – than, for example, hacking attempts from abroad to enter government systems. Koop: “I noticed that only a few hits had been found in the datasets until now. That rather indicates a search for personal names or flight details.”
Ronald Prins says that the services now have a lot of experience with destroying large data files. “The CTIVD closely monitors the destruction of that data.”
#AIVD #sees #room #partially #data