The hacking authority of the intelligence services AIVD and MIVD, with which they can collect large amounts of data under certain conditions, is being investigated. The Supervisory Committee for the Intelligence and Security Service (CTIVD) announced this on Wednesday.

The investigation addresses the question of whether the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) abide by the law when deploying and applying hacks where large amounts of data can be collected.

The services may collect so-called bulk data sets, for example by purchasing them, but also by hacking. The authority was expanded when the Intelligence and Security Services Act (Wiv) came into force in May 2018.

The extension allows the security services to collect and process large amounts of data obtained from hacks. The principle is therefore also called bulk hacks. The data from these large databases should help the services to detect and investigate threats.

The bulk data sets consist largely of data from organizations and people who are not part of an investigation, because they are not in the sights of the intelligence service. The law states that these data, which are not relevant to the investigation, must be destroyed as quickly as possible.

Second supervisor intervened in the millions hack

The Assignment of Powers (TIB), a new, second supervisor for the intelligence services, announced in its annual report in April that one of the secret services wanted to implement a million hack.

In addition, the intelligence service wanted to download the data of millions of customers at a company to get to the specific details of a small number of targets. The TIB, which checks the powers in advance, thought that this would go too far in this situation and put a stop to it.

The investigation into the extensive hacking authority of the CTIVD - which, in contrast to the TIB, makes a judgment afterwards - is part of the evaluation of the Wiv. The regulator wants to publish a report in May 2020 with conclusions about the implementation of the Wiv.