Waar komt het idee van een U-bochtconstructie vandaan? Is er ook daadwerkelijk sprake van met invoering van de nieuwe Wiv 2017? In debatten over de nieuwe Wet op de inlichtingen- en veiligheidsdiensten (Wiv 2017, ook ‘sleepwet’ genoemd) komt met enige regelmaat de zorg over een zogenaamde U-bochtconstructie naar voren: dat de AIVD en MIVD aan buitenlandse geheime diensten zouden kunnen vragen om bevoegdheden in te zetten, waar ze zelf niet over beschikken.
--------------
Snowden
It seems that the idea of a circular exchange of data came up as part of the Snowden revelations. In his very first interview with hacktivist Jacob Appelbaum from May 2013, which was even before he fled to Hong Kong, Edward Snowden said:
"We're in bed together with the Germans the same as with most other Western countries. For example, we tip them off when someone we want is flying through their airports (that we for example, have learned from the cell phone of a suspected hacker's girlfriend in a totally unrelated third country -- and they hand them over to us. They don't ask to justify how we know something, and vice versa, to insulate their political leaders from the backlash of knowing how grievously they're violating global privacy."
This was immediately picked up by the leader of the German Green party, Konstantin von Notz, who interpreted it as if German and US intelligence established some kind of institutionalized circular exchange of data (in German: Ringtausch). So far, the Snowden documents did not provide any evidence for this, but the idea was kept alive by privacy activists.
In an interview with the German broadcaster ARD on January 26, 2014, Snowden explained the issue more detailed:
"In many countries, in America too, the agencies are not allowed to spy within their own borders on their own people. So the Brits, for example, they can spy on everyone apart from the Brits. But the NSA can conduct surveillance in England so, at the end, they could exchange their data and they would be strictly following the law.
Snowden seems to think that the goal of intelligence agencies is to collect as many data from as many people as possible, and more specifically, that foreign intelligence agencies want to gather domestic communications too. It's a rather ridicilous assumption for which there's no evidence and which seems to stem from the idea that secret services must be part of a deep state that secretly wants to control the population.
Somewhat later, in his testimony for the European Parliament, from... Snowden came with a different accusation that resembles the concept of circular exchange but then by using a third country:
“The result is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn't search it for Danes, and Germany may give the NSA access to another on the condition that it doesn't search for Germans. Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements.”
Again this is complete speculation as there's not a single document that shows this kind of operation. It is also based upon the assumption that : there’s no NSA or GCHQ document that shows this kind of operation)
United States
According to Snowden, Volgens Snowden hebben de VS en Groot-Brittannië als leden van het Five Eyes-partnerschap afgesproken dat ze niet elkaars burgers zullen bespioneren, maar dat zou volgens hem niet juridisch bindend zijn. - USSID 18 prohibits the targeting of the US and its territories and NSA Sigint Directorate policy prohibits the targeting of Second Party countries and territories: http://www.documentcloud.org/documents/1211050-targeting-2nd-party-countries.html#document/p1 - For GCHQ it’s also prohibited, see: https://theintercept.com/document/2015/06/22/operational-legalities-gchq-powerpoint-presentation/
What Snowden didn't mention is Executive Order (EO) 12333, issued by president Ronald Reagan in 1981, which is the legal authority for all foreign espionage by US intelligence. Article 2.12 is titled "Indirect Participation" and says: “No agency of the Intelligence Community shall participate in or request any person to undertake activities forbidden by this Order.”
This section is usually quoted in combination with 2.11, which is the famous rule that prohibits assasinations. 2.12 however, has a much broader scope, which becomes clear from its earlier version, which is article 2-307 about "Restrictions on Indirect Participation in Prohibited Activities" from Executive Order 12036 from 1978, which says: "No agency of the Intelligence Community shall request or otherwise encourage, directly or indirectly, any person, organization, or government agency to undertake activities forbidden by this Order or by applicable law."
This means that, among other things, US foreign intelligence agencies are not allowed to Dit betekent dan met name dat Amerikaanse diensten niet op indirecte wijze via buitenlandse diensten inlichtingen over Amerikaanse staatsburgers en ingezetenen mogen binnenhalen.
Germany
In Germany, the circular exchange or Ringtausch, was one of the many issues that were investigated by a special commission of the German parliament, the NSA Untersuchungsausschuss. This commission die zich maar liefst 3 jaar lang bezig hield met spionage door de NSA en de samenwerking van de NSA met de Duitse inlichtingendienst BND.
In her final report from June 28, 2017, the parliamentary commission concluded that In haar eindrapport van 28 juni 2017 kwam de commissie tot de conclusie dat bij geen van de onderzochte samenwerkingsverbanden met diensten van de Five Eyes-landen indicaties voor een Ringtausch naar voren zijn gekomen. Een dergelijke methode zou bovendien illegaal geweest zijn, mede omdat in de samenwerkingsovereenkomst tussen NSA en BND de bescherming van de eigen burgers vastgelegd was.
Meanwhile, a new law for the BND had been passed in 2016, which in § 7 Absatz 2 says that the BND is not allowed to ask foreign intelligence services to intercept the communications of citizens or institions of European countries or of institutions of the European Union. This remarkable broad protection, which not only applies to German citizens, but also to those of other European countries, was the result of .
The Netherlands
The Snowden revelations also led to fear for circular exchange of data in the Netherlands. Intelligence oversight commission CTIVD Ook in Nederland was naar aanleiding van de Snowden-onthullingen zorg ontstaan over het mogelijke toepassen van een U-bochtconstructie. Het was dan ook een van de aspecten waar de toezichtscommissie CTIVD op lette bij zijn onderzoek naar het verzamelen, analyseren en met buitenlandse diensten uitwisselen van telecomdata door zowel de AIVD als de MIVD.
The result was oversight report nr. 38 from March 11, 2014, which said that the commission found no indications that AIVD and MIVD asked foreign intelligence services to collect data in a way that they are not allowed to do themselves. The oversight commission came with the same conclusion in report nr. 39 about the way AIVD social media. hoe de AIVD met sociale media omgaat. In rapport nr. 39 van 16 juli 2014 werd vastgesteld: “De Commissie heeft geen aanwijzingen dat de AIVD bij de bevragingen de buitenlandse dienst verzoekt om middelen in te zetten waar de AIVD niet over beschikt” (p. 32).
The oversight commission did stumble upon the situation that some foreign agencies with which AIVD and MIVD are cooperating, are authorized to conduct untargeted interception of cable-bound communications, something that the Dutch services were not allowed under the law at that time.
Wel stuitte de CTIVD op de situatie dat sommige buitenlandse diensten waar AIVD en MIVD mee samenwerken de bevoegdheid hebben om ongericht kabelgebonden communicatie te onderscheppen, een methode die onder de oude Wiv niet was toegestaan. Dat van buitenlandse diensten dus gegevens uit ongerichte kabelinterceptie verkregen kunnen worden achtte de CTIVD op zichzelf geen ongeoorloofde privacy-inbreuk. De CTIVD merkt wel op dat het ‘vrijwel onmogelijk’ is om na te gaan of gegevens die de Nederlandse diensten ontvangen, wellicht in het buitenland door foltering verkregen zijn. De enige manier om zoiets te voorkomen, is om zorgvuldig te bekijken hoe de mensenrechtensituatie in het betreffende land is. Wanneer het gaat om het verstrekken van persoonsgegevens, voorzien zowel de oude als de nieuwe Wiv in extra waarborgen: aan dubieuze landen mogen ze alleen in dringende en zwaarwegende gevallen worden verstrekt, het moet schriftelijk gebeuren en er moet aantekening van worden gehouden. de bestaande Wiv uit 2002 was hier geen expliciete regel over opgenomen, enkel was in art. 59 bepaald dat AIVD en MIVD gegevens of ondersteuning aan buitenlandse diensten kunnen geven, mits er voorafgaande toestemming van de minister is. De oude wet had dus geen regeling voor het verkrijgen van gegevens of ondersteuning van buitenlandse diensten. Niettemin werd dit, constateerde de CTIVD in onderzoeksrapport nr. 39 uit juli 2014: “De AIVD vraagt andere diensten niet om bevoegdheden in te zetten waarover de dienst zelf niet beschikt (‘U-bocht’).” Naar aanleiding van de geconstateerde leemte in de wet is in de nieuwe Wiv 2017 in artikel 90, vijfde lid bepaald dat een verzoek om ondersteuning geen betrekking mag hebben op handelingen die niet overeenkomen met de uitoefening van een bevoegdheid als bedoeld in dit wetsvoorstel. Dit om te voorkomen dat de diensten in zulke verzoeken om ondersteuning buiten de bevoegdheden van de wet treden, wat niet alleen de bijzondere, maar ook de algemene bevoegdheden betreft. In de Memorie van Toelichting wordt op pag. 165 nog eens gezegd: “wanneer de AIVD of MIVD aan een buitenlandse dienst een verzoek wil doen om bijvoorbeeld de telecommunicatie van een persoon in het desbetreffende land te intercepteren, daarvoor de regeling voor de toepassing van de bijzondere bevoegdheid tot het aftappen van telecommunicatie dient te worden toegepast. Dat betekent dat in dit voorbeeld er een gemotiveerd verzoek om toestemming aan de Minister dient te worden voorgelegd.”
United Kingdom
http://website-pace.net/documents/19838/1085720/20150126-MassSurveillance-EN.pdf/df5aae25-6cfe-450a-92a6-e903af10b7a2 The British answer includes a helpful presentation of applicable legislation and review mechanisms32 and stresses that “the gathering of information using state surveillance should be carried out in a proportionate and non-arbitrary manner, with legitimate purposes, in accordance with the rule of law and subject to effective oversight.” Regarding my question, the letter says: “You have asked whether the strong working relationship between the GCHQ in the UK and NSA in the United States has been used to circumvent domestic legal regulations on the collection of information. The answer is emphatically no.”
Regulation of Investigatory Powers Act (RIPA) 2000 didn't contain a provision about circular exchange. For the United Kingdom, the new Investagotry Powers Act (IPA) from 2016 prohibits circular exchange of data. Section 9 of the act is about "Restriction on requesting interception by overseas authorities" and says that
This section applies to a request for any authorities of a country or territory outside the United Kingdom to carry out the interception of communications sent by, or intended for, an individual who the person making the request believes will be in the British Islands at the time of the interception. (2)A request to which this section applies may not be made by or on behalf of a person in the United Kingdom unless— (a)a targeted interception warrant has been issued under Chapter 1 of Part 2 authorising the person to whom it is addressed to secure the interception of communications sent by, or intended for, that individual, or (b)a targeted examination warrant has been issued under that Chapter authorising the person to whom it is addressed to carry out the selection of the content of such communications for examination.
Canada
https://www.ocsec-bccst.gc.ca/s21/s68/d365/eng/highlights-reports-submitted-minister CSE cannot request any person to undertake activities on its behalf that CSE itself is prohibited from conducting.
However, in 1999, a former CSE employee made well-publicized accusations that ECHELON – the name popularly used to describe the signals intelligence collaboration between Canada, the United States, the United Kingdom, Australia and New Zealand – was being used to circumvent the privacy laws of each country “Ottawa Snoops on Canadians, Says Ex-spy; Bypasses Law by Letting Allies Track Communication,” Toronto Star (19 June 1999) at 1
Canada: As [former CSIS director] Mr. Elcock stated to the [Arar] Commission, when it comes to information that may have been the product of torture, ‘the reality is in most cases we would have no knowledge that it was derived from torture. You may suspect that it was derived from torture, but that is about as far as one will get in most circumstances.’75 Canada, SIRC, Annual Report 2004–2005 (Ottawa: Public Works Canada, 2005), available at http://www.sirc-csars.gc.ca/pdfs/ar_2004-2005-eng.pdf.
Torture is among the gravest of human rights abuses. How information extracted via torture is used must, therefore, be closely regulated. One view is that any reliance – formal or informal – on intelligence produced by torture is tacit complicity in the torturing act. It is probably unrealistic, however, to expect that a security or intelligence agency would ignore completely urgent information – for example, warning of an imminent bombing – even if provided by a torturing foreign intelligence service. At the very least, they would be expected to investigate the allegation. (forcese)
The Arar inquiry reported that Canada’s primary signals intelligence entity – the Communications Security Establishment (CSE) – does not normally share information with its international partner agencies that relates to the interception of private communications – that is, communications with a Canadian nexus – “although it may provide relevant intercepted information relating to national or alliance security.” Even then, “the CSE does not disclose identifying information it may have collected on a Canadian citizen except in response to a formal request, after consultations with relevant Canadian security and intelligence partners, and provided that the request meets CSE criteria.”88 CSE does not, in other words, spy on Canadians for allied services (Forcese)
a.”88 CSE does not, in other words, spy on Canadians for allied services. However, in 1999, a former CSE employee made well-publicized accusations that ECHELON – the name popularly used to describe the signals intelligence collaboration between Canada, the United States, the United Kingdom, Australia and New Zealand – was being used to circumvent the privacy laws of each country. Since privacy laws tend to restrict states’ ability to monitor their own citizens but not those located in other countries, each state’s agency allegedly was asked to spy on the other state’s citizens89 and, presumably, share the results.90 These accusations have been firmly rejected by the CSE91 and there is no evidence of which this author is aware that Canadian intelligence agencies actively collaborate to circumvent Canadian privacy laws. Presumably, such behaviour would be detected by the CSE or CSIS oversight and review mechanisms.
It seems certain, however, that information on Canadians captured by foreign intelligence services in the course of their regular functions is provided to Canada under information-sharing agreements. That is likely one of the very purposes of these agreements. It is also possible that foreign intelligence services draw (and then share) intelligence from communications that occur entirely in Canada. Changes in technology and recent policy developments in the United States may increase the likelihood of this situation arising.
However, it is also fair to posit that CSIS does or at least could receive intelligence from the U.S. government processed from transiting Canadian communications. This would not occur through design, but rather through happenstance; that is, through the ongoing process of exchange of intelligence between allied agencies. This is intelligence the sharing service obtained through means it views as legitimate. It would be surprising if the U.S. government would withhold information material to Canadian security discovered through its surveillance. It would be even more surprising – and indeed troubling – if CSIS were to ignore this information.
The best that might be expected is a statutory amendment expressly prohibiting any active or tacit policy among Canadian agencies encouraging foreign intercepts of intra-Canadian communications.
Bill Robinson: It's an interesting question. The main rule is that CSE and other Canadian agencies are not allowed to ask any foreign agency to undertake any collection activity that it would have been illegal for the Canadian agency itself to undertake. If, however, a foreign partner does intercept a communication involving a Canadian and it believes that Canada should be informed about it, it is legal for the Canadian agency to receive a copy from the foreign partner. There is an understanding that the partners do not normally target each other's nationals, but it is also recognized that sometimes it occurs, and that incidental collection also occurs. Recently, CSE even set up a special channel with a foreign partner (probably NSA) to facilitate passing such traffic from the partner to our domestic security agency, CSIS. No information has been made public as to the volume of Canadian-related traffic that is passed to Canada through this channel or otherwise by its partners. The total is probably not very high, although it has almost certainly been on the increase due to interest in monitoring foreign fighters in Syria and elsewhere. This is all separate, of course, from cases in which CSIS or Canadian police have obtained a judicial warrant to monitor specific Canadians, in which case it is legal to ask for the assistance of foreign partners to help with the monitoring (as long as the judge was informed when the warrant was sought).
“an express prohibition on the use of foreign partners in any way that results in the circumvention of national legal standards.” CONCLUSIE Snowden’s waarschuwing voor U-bochtconstructies blijkt (wederom) ongefundeerde bangmakerij te zijn. Zowel uit de door hem gelekte documenten, als uit grondige onderzoeken in Nederland en Duitsland zijn geen aanwijzingen naar voren gekomen dat zo’n constructie daadwerkelijk wordt toegepast. In Nederland, Duitsland en de VS is het ook gewoonweg niet toegestaan. Overigens speelt het gevaar van een U-bochtconstructie vooral bij landen met een aparte inlichtingendienst voor het buitenland. Die zou dan via zo’n bocht gegevens over eigen burgers kunnen bemachtigen, wat voor zo’n dienst zelf niet toegestaan is. Dat een buitenlandse inlichtingendienst dat überhaupt zou willen, lijkt te berusten op het spookbeeld dat geheime diensten koste wat het kost alles over iedereen willen weten. In Nederland zijn er geen aparte diensten voor binnenland en buitenland: AIVD en MIVD zijn beide bevoegd voor zowel binnenlandse als buitenlandse operaties. Alleen al om die reden is een U-bochtconstructie voor wat Nederland betreft geen zaak om heel bezorgd over te
Links and sources
- Craig Forcese: The Collateral Casualties of Collaboration: The Consequence for Civil and Human Rights of Transnational Intelligence Sharing (2008)