Dutch Government wants to regulate strong cryptography

Action plan to combat terrorism targets modern communication technologies

Der folgende Beitrag ist vor 2021 erschienen. Unsere Redaktion hat seither ein neues Leitbild und redaktionelle Standards. Weitere Informationen finden Sie hier.

The Dutch Government announced Friday it wants to regulate the public use of strong cryptography. The regulation of cryptography is one of the measures the government is proposing in its action plan to combat terrorism.

Dutch Government is launching a range of proposals connected with modern communication technologies. 'The new terrorism makes intensive use of modern technology,' the government claims. 'Police and Intelligence has to give more attention on the use of modern technologies to prevent and fight terrorism.' One of the measures aims at the 'regulation of strong cryptography for public use.' How the government is seeking this 'regulation' is not clear. 'This will become clear in the coming month,' a spokesman told. 'We have to find some way to give intelligence services access to encrypted communication.'

In the early nineties, Dutch government tried to restrict the use of cryptography. A preliminary draft of a bill aiming to ban the use of encryption was introduced in March 1994. Anyone who could show that they had a legitimate reason to use cryptography was allowed to apply for a license. Concealed within the text was a clause making it compulsory to hand over the key to the authorities. The draft was withdrawn after a storm of protest from the legal world, the business community and privacy groups. For a long time afterwards, silence reigned on this subject.

In February 1998, the government gave the go ahead to cryptography in their memorandum "Legislation for the electronic highway": 'The use of cryptography will remain permissible.'

The government's reasons for this decision were the impossibility of controlling the availability of cryptographic products, the need of the business community for security and reliability, and the public's need for privacy. However, the Minister of Justice continued to try to restrict the use of cryptography. The first versions of the Computer Criminality bill II included the obligation for a suspect to decode their files. After much criticism from the legal world, the Minister of Justice withdrew the proposal. The Computer Criminality bill II, which is now being discussed in parliament, does not oblige suspects to decode their files.

Now the issue is back on the political agenda.

Dutch government also wants to get a fast track decision on plans to give law enforcement agencies and intelligence access to encrypted information and communication from TTP's.

The Dutch Ministries of Traffic and Waterways and Economical Affairs started in 1998 the national TTP project to regulate in co-operation with industry the grounding of TTP's. In a policy paper of March 1999 the Ministries pointed at the need of 'lawful access' and announced that if voluntary agreements on this subject would not be possible, the government would come with legislation.

"If industry does not want to cooperate in an active way in the development of the possibility of lawful access, the government will consider legislative initiatives to fulfil the need of lawful access." (see Bits of Freedom)

Further, Dutch Government wants a quick implementation of the interception requirements for Internet service providers. The government also announces fast track decisions on other interception measures, for instance rules for the use of the IMSI-catcher and the functioning of the Central Information point for telecommunication data. This information point is a sort of interface. Intelligence agencies and the police can ask the information point for information on subscriptions, corresponding names and addresses for the use of interception orders. The information point has direct access to the registers of the telecom providers and checks where the information is stored. When it finds it, the information is given to the authorities. The entirely process is automated and responds within a few minutes (see als Dutch Police and Intelligence Co-operation On Crypto And Interception Issues).

Dutch Governments further announces it will investigate which sort of communication data telecom providers are obliged to store and which problem intelligence services and the police are encountering 'because of the lack of obligations to store historical traffic data'.

This aims at the still heated up debate on the obligatory storage of traffic and location data. In the European Union, there is a strong demand on the side of law enforcement agencies to compel telecom and Internet providers to store traffic data for a long time. Till now the Netherlands took the position that a storage time of three months would be sufficient. The recent plans indicate that the government is reconsidering its position. According to a spokesman, the government wil look not only at the length of the storage of data, bu also if besides traffic data also location data will fall under the obligation.

The Dutch governments also states it will enhance the possibilities for the intelligence service to intercept satellite communication. Dutch Intelligence is able to intercept satellite communication by the use of the facilities of the Strategic Communication Intelligence Centre (SVIC) belonging to the Ministry of Defence. This interception centre, where intercepted communication is scanned and processed is in Kattenburg, Amsterdam. Dutch Intelligence recently got new powers to intercept satellite communication. The new law grants permission to intercept international telecommunication that is not conducted via the cable lines and to go through these messages (search or scan) for information (about people, subjects or catch phrases) that might be of interest to the intelligence service. According to the explanatory notes, these kinds of investigations aim to allow the service to find out whether there is any interesting information for them between all these messages.

Earlier versions of the law stated that the Minister of the Interior must give permission for the use of key words needed for scanning, but under the now adopted law, the minister will receive an information list once a year and the intelligence service would then be able to add words or combinations of words to the list as they saw fit

The last substantial extension concerned the authority to save intercepted and received telecommunication. Previously, conversations that were irrelevant to the intelligence service had to be deleted immediately, but the new bill will give the services permission to save everything that they intercept for up to a year.

Furthermore, there is an interesting addition about encrypted messages. Encrypted messages can be saved until intelligence is able to decode them. The explanatory notes read as follows: "with respect to telecommunication that has not yet been decrypted, whenever the fact that it has been encrypted attracts the intelligence service's interest, it is desirable to save this until it is possible to decrypt it". After the material has been decoded, it can be kept for another year to see whether the information recovered can be of any use.