The Supervisory Committee for the Intelligence and Security Service (CTIVD) has announced that it will investigate the collection of bulk data sets, large amounts of data, by hacks from the AIVD and MIVD.

The investigation addresses the question of whether the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) comply with the law when deploying and applying hacks in which large amounts of data can be acquired.

The services may collect the bulk data sets based on the hacking authority. The authority was expanded when the Intelligence and Security Services Act (Wiv) came into force in 2018.

By extending the hacking authority, the security services are allowed to collect and process large amounts of data, also known as bulk hacks. This should help the services to detect and investigate criminals and terrorists.

The bulk data sets consist largely of data from organizations and individuals who are not part of a survey. The law states that these data that are not relevant to the investigation must be destroyed as quickly as possible.

AIVD and MIVD did not comply with the Wiv in earlier investigations

Earlier this year, CTIVD published a report stating that the AIVD and MIVD did not yet comply with the Wiv and that the services still had to do a lot of work. This included, among other things, the obligation to "collect and process data as specifically as possible".

The investigation into the extensive hacking authority is part of the evaluation of the Wiv. The regulator wants to publish a report in May 2020 with conclusions about the implementation of the Wiv.