The AIVD and MIVD security services have not been careful enough to share data with foreign services. This is stated in a research report from the Supervisory Committee for the Intelligence and Security Services (CTIVD). The report will be shared with the House of Representatives on Tuesday by Interior Minister Kajsa Ollongren.
The supervisor, in collaboration with the Ministry of the Interior, carried out research into sharing so-called unevaluated data with foreign relations. From May 2018 to January 2019, the CTIVD investigated procedures at the security services regarding data sharing.
At the request of allies, the AIVD (General Intelligence and Security Service) and MIVD (Military Intelligence and Security Service) share data collected by the Dutch services and sometimes do so without knowing exactly what the content is. Sharing this type of data is permitted under the Intelligence and Security Services Act 2017 (Wiv), as this would be necessary for international security.
There are several conditions attached to sharing this unevaluated data, which the AIVD and MIVD did not meet, according to the regulator.
Firstly, the security services have not properly defined what unevaluated data is. As a result, the boundary between evaluated and unevaluated data is unclear to employees of the security services. In addition, it is not properly recorded when this type of data is shared with foreign security services.
This must also be improved, the regulator believes. The Minister of the Interior must also be informed when unevaluated data is shared by the AIVD. According to the report, this has not always happened. The MIVD has complied with the reporting obligation, except for the data that were incorrectly considered as evaluated.
Urgency is high according to the regulator
The CTIVD advises the security services to better enforce the safeguards and to ensure that employees know better how to deal with the provision of unevaluated data.
The regulator emphasizes the urgency of this, since the security services have been able to intercept data on a large scale since the entry into force of the new Wiv on 1 May 2018. The CTIVD already ruled in June that the security services were insufficiently prepared for this.
In a conversation with NU.nl, a spokesperson for the Ministry of Defense said that the advice of the CTIVD was adopted. The spokesperson emphasized that it is important for national and international security that the data can continue to be shared with foreign relations, but that the services have improved their motivations for data sharing.
Employees also receive better instructions, so that it is clearer when it comes to unevaluated data. The security services will also ensure that from now on permission is requested from the minister to share unevaluated data. When these are shared, this is now also reported to the CTIVD.