Dutch Government and ISP's Reach Compromise On Interception of The Internet

New organisation will manage the interception equipment and check the legality of interception orders

Dutch Internet service providers and the government have reached an agreement abou the way the ISP's will fulfill their interception obligations. The ISP's will found a common organisation, which will manage the interception equipment and check the legality of interception orders.

The new Telecommunications Act that came into force on 15 December 1998 extended the compulsory obligation to intercept messages for telephone companies to include Internet service providers (ISP) and other telecom providers. Internet providers were granted temporary exemption from the mandatory installation of interception equipment, but were ordered to comply with all the regulations by August 2000. The providers had not had enough time to prepare for the installation of the necessary equipment and besides, the technical, financial and judicial consequences were not entirely clear. Later, the Dutch service providers were granted another year to resolve the problems. The new deadline was fixed at 15th April.

In February of this year however, the Dutch providers announced that the new deadline was unrealistic. They claim there were still no clear technical specifications for the way in which intercepted traffic has to be delivered to the police. Therefore manufacturers of Internet interception equipment couldn't develop the proper installations. 'This indistinctness has resulted in a lack of relevant offers from which Internet Service Providers can choose,' stipulated the providers in a letter to the Ministry of Transport and Waterways.

They also pointed again at the differences between Dutch and European requirements for the interception of Internet traffic. 'The Dutch government has chosen to implement the interception obligation at a time when the European interception standard still has to be completed. Most other European countries wait for that standard, before they compel their providers to make their systems interceptable.'

Last week the Dutch ISP's claimed that they had reached a compromise with the government. The providers will found a common organisation, which is going to manage the interception equipment. Within six to nine months the providers should be able to fulfil their interception obligations. According to the director of the Dutch organisation of Internet service providers NLIP, Hans Leemans, his organisation was told informally by governmental officials that they would accept the crossing of the official deadline.

Buying and managing the interception equipment together will reduce the costs of fulfilling the interception obligation. This was one of the main problems for Dutch Internet service providers. The providers claimed a third of the Internet providers were expected to face bankruptcy as a result of the high interception costs.

The interception equipment has three parts: a black box which makes the interception possible, a sniffer to trace e-mail and websurfing, and a box which encrypts the intercepted material and transmits it in a common format to the authorities. This last box is according to Leemans the most expensive part of the equipment.

Providers now will transmit the intercepted material to the common organisation, where the material is encrypted and transmitted to the authorities. The common organisation will also check the legality of the interception orders and send them to the providers. In this way providers don't have to check themselves each interception order.

It is still not clear how many interception orders are to be expected. According to Leemans the authorities didn't give a clear statement on this subject. The Dutch privacy watchdog Bits of Freedom expects a huge rise in interception orders, now the technical possibilities are finally finished. Bits of Freedom also states that the new common 'interception organisation' will play a crucial role.