Lecture Summary: International Cyber Security and the 'Sleepwet'

On Monday the 12th of March we had a lecture about International Cyber Security and the 'Sleepwet'. Below you can find a summary of this evening.Will it be YES or NO? That was the big question that the Netherlands population could vote on, besides the municipal elections, on March the 21st . The AIVD and MIVD need better tools to protect us, but is the WiV or the Sleepwet the tool we want to give them? This was the topic of debate during the SIB Lecture on International Cyber Security and the Sleepwet on the 12th of March at CREA.“Scaring people with myths stating that every single person will be watched following the ‘Sleepwet’ does not get us anywhere.” – Peter KoopPeter Koop, our first speaker, is very well acquainted with the topic and has been writing blogs on the secret services, cryptography and communication surveillance in the Netherlands and the world since 2012. Following the Snowden-revelations he is one of the few people who critically analysed these documents and he shared his intricate knowledge of the topic. Regarding the ‘Sleepwet’ he has been very critical of the language that many media outlets adopted, without really informing the people of its merits. “Eavesdropping is not the right terminology, in most cases the Sleepwet is focused on internet communications being intercepted, filtered and analysed.” Peter explained how the secret services will effectively be able to use the “OnderzoeksOpdrachtGerichte” (OOG) interception, which basically is collecting data on a big scale, using existing telephone and internet tapping systems. This is one of the points of critique that the Sleepwet faces. As the Sleepwet, dragnet, will not only focus on gather data on specific targets, but drag everybody in a certain area into the database. Peter explained the difficulties with realizing this system as the shear amounts of data would be too much to handle for the servers in place. Hence, the Sleepwet, will filter a lot of the data and only save metadata and use “contact-chaining” filtering the data to that “that is most relevant.”Many, however, disagree with this dragnet method: “our freedom and democracy are being pressured as all our digital interactions are mediated. These values are worth protecting.” Hans de Zwart, director of Bits of Freedom and our second speaker of the evening, strongly opposes the Sleepwet. He argued that the Sleepwet allows the secret services to utilise too far reaching tools unproportioned to the issue they aim to tackle. He followed up Peter’s explanation of the dragnet, as “nobody is sure whether it is going to work and the necessity is not proven.” Moreover, he explained how the AIVD and MIVD can through cooperating parties can directly access vast amounts of personal data. Also, he introduced the concept of ‘zero-days’, unknown vulnerabilities of software, discovered without notifying the software developer, allowing those who know to abuse these loopholes. “Surely this is unethical for the government to legally apply.”Following the two talks, the Peter and Hans went into debate, where Hans passionate opposition and Peter’s factual knowledge of the Sleepwet came to the same conclusion. There is definitely a need for a new Cybersecurity law in the Netherlands, however the current proposed law has a lot of flaws that need to be addressed adequately. Both Peter and Hans agree that the CTIVD needs to get the power to immediately stop the secret services if their conduct is not lawful. Moreover, we need more clarity on the what will happen with the collected data and the efficiency of the dragnet within the WiV. However, Peter explicity states that the only way to truly find out how effective this law can be, it needs to be put to practice, whereas Hans states that in its current form, applying the law is unethical.For now, it is NO. Following the results of the Referendum, the population, with a small majority, voted against the law, which prompts the government to rethink the current proposal. It will be remained to be seen whether the law will be amended by the government, but at least the law lead to a heated discussion about the balance between security andprivacy.On April 9th SIB will follow up this lecture with a lecture on the Russian Elections and theFuture of Putin’s Russia. See our Facebook page for more information.