‘You can’t have total control and a free society’
Philip Zimmermann warns against the Intelligence and Security Services Act (Photo: Jos Wassink)
An open letter signed by dozens of academics was published a few days before the referendum on the Dutch Intelligence and Security Services Act (Wiv). One of these signatories was Dr Philip Zimmermann, cryptography pioneer and currently working at TU Delft Cybersecurity Group.
In the 1990s, Zimmermann developed encryption for email under the name PGP (pretty good privacy). He saw secure communication as a human right and distributed his free software via the internet. He became the subject of a criminal investigation by the FBI, which only stopped many years later. As a known old hand in the area of tension between internet communication and the government, it seemed obvious that he would be approached to add his name to the list of academics writing an open letter warning against the unintentional effects of the proposed Intelligence and Security Services Act (Wiv), colloquially known as the ‘tapping act’ or ‘dragnet act’.
Dr Zimmermann, how did you become involved in the open letter about the Intelligence and Security Services Act?
“I received an email from Tanja Lange (Professor of Cryptology at TU/e). I thought it was a good idea and I added my name.”
Why was it good?
“We've had similar debates about mass tapping practices in the United States in the past few years. It touches on my own work in the 1990s about the role of cryptography in a civil society. The justice department didn't want to allow cryptography, and it took ten years to arrive at a consensus between journalists, human rights organisations, courts, Congress and the intelligence services.”
What was the gist of the consensus?
“That society would benefit from strong cryptography. The FBI was the only party to object. This letter isn't about cryptography; it's about tapping. But there are similarities. Today's security services have more technology for monitoring civilians than ever before.”
As an American, do you have a different perspective than the Dutch?
“I come from a country where the security services are much more powerful than here. When we were debating cryptography in the 1990s, we already knew that the NSA had a long arm. But when Edward Snowden opened the lid in 2013, we learned that the power of the NSA was far greater than we had thought. To be honest, we were flabbergasted by the scale of it. We started to realise that the government knew everything about its citizens. You can't have a free society and an all-knowing government. The all-knowing government in China has eliminated every form of political opposition. It simply isn't possible to initiate political activities that oppose the current regime there.
Will the Intelligence and Security Services Act make the Netherlands any safer?
“There are many aspects to safety. The Intelligence and Security Services Act may make it easier to trace criminals. But this also carries risks for society. We would do well to realise that we are only ever one election away from a totalitarian regime. In the Netherlands you have the PVV, in France the Rassemblement National, formerly Marine le Pen’s Front National. It's all very well setting up a security structure when you have faith in the present government, but what happens after the next elections, when another party with very different values gets into power? When they inherit this intelligence structure?”
Under the heading Security versus privacy: a false contradiction, over 80 signatories express their doubts about whether the Intelligence and Security Services Act would make society safer. They put forward three main arguments:
- Security services utilise little-known weaknesses in equipment and software to break in. Taking advantage of these weaknesses, rather than reporting them, increases the risk for users.
- Network taps will be put in place to intercept internet traffic. But every tap damages internet security, because hackers can use them too.
- There will be no control if the Netherlands shares bulk information with foreign security services. Information of this kind has already been leaked and misused.
The researchers are warning that if the Dutch government introduces the Intelligence and Security Services Act, it will be creating extra security risks. Legislation on intelligence and security services is much more complex than the issue of privacy versus security, claim the signatories.
Read what Professor of Ethics Jeroen van den Hoven (TPM) thinks about the trawling act here.