The current state of Dutch politics and cyber security issues

Introduction

In this article, the intersection of Dutch politics and cyber security will be briefly examined by exploring the party programs of the Government’s political parties. This intersection covers issues such as defense, entrepreneurship & trade, innovation, privacy, and public justice.


Illustration 1: Seat allocation in the House of Representatives

The political parties that constitute the Dutch government are VVD, CDA, D66, and ChristenUnie. Therefore the political programs of these parties have been selected and reviewed. Starting with the biggest political party and ending with the smallest. By selecting only the programs of the political parties that form the Dutch government not all political views are taken into consideration. However, the Ministers and State Secretaries are all selected from these parties and thus will probably have more impact than the opposition on the strategies, policies and plans of the Ministries of Defence, Foreign Affairs, Interior and Kingdom Relations, and Justice and Security. These four Ministries have published extensively extensively on cyber security issues. This will be examined in a different article as part of this series on “The current state of Dutch politics and cyber security issues”.

Political party programs and its perspectives on cyber security issues

VVD (Conservative liberals)

This party places emphasizes on countering radicalization, jihadism and terrorism. They argue for increased budget and capabilities for the intelligence services that match new technologies and novel means of secure communications to monitor and track potential terrorists. While acknowledging the use of internet by potential terrorists, there is no shortage of criminal activities taking place on the internet as well. The following measures are proposed:

  • More investigations and harsher prosecution of cyber crime;
  • Public awareness and education on how to safely use the internet;
  • Use of specialized teams that can hack and closely work together with banks and companies;
  • More knowledge and expertise available at the police and prosecution regarding computer related crime ;
  • Protection of vital digital systems and networks;

It seems that this party is also worried about the ability of criminals to “shutdown” the country with a cyber attack. Offensive and defensive cyber capabilities for the Dutch Ministry of Defence (MoD) should be operationalized and put to good use. Preferably, with the best of class by placing focus on harnessing the modern en flexible employees benefits of private companies that can attract and hire the best hackers in a better way than the MoD.

The benefits of having good overall cyber security maturity levels are beyond just national security. They extend to commerce, entrepreneurship and innovation. The Netherlands has to promote itself as a “safe place to do business”. Protecting digital systems and networks from malicious intentions is essential to keep the economy going, to safeguard privacy and to keep governmental secrets safe from criminals, hackers and state actors. The use of (new) encryption technologies and data hosting solutions are identified as noteworthy areas of interest to boost this ambition.

The last item on their political party program seems to be the ambition to create a new formal position for some sort of Minister of Technology (including cyber security).

CDA (Christian democrats)

According to the Christian democrats, the whole-of-government does not yet have an effective response to cyber crime. A major catch-up is required. Criminals have plenty of free space to roam around the internet to conduct their malicious activities. Thus, more authorizations ought to be transferred to the police and justice to hack networks and devices, copy data, decrypt encrypted messages, conduct observations and to wiretap communications.

In case of severe illegal acts, a suspect could be enforced with an “encryption warrant” to decrypt encrypted devices or data. Also investing in more knowledge and expertise at the police is done through establishing highly specialized units. Children and young adolescents should be better protected against cyberbullying and “revenge porn” must be made punishable.

Citizen’s control over their own personal data is insufficiently protected by current laws which are from the “analog” era. Most of our personal data is now owned by major foreign companies that sell this data to make profits or lose huge amount of data in breaches due to lack of cyber security measures. This abuse must be protected with better and more modern laws.

In order to increase national security and international stability intensive cooperation is required when it comes to dealing with to cross-border crimes, human trafficking and terrorism by means of sharing information, coordination and joint investigations.

D66 (Social liberals)

The Netherlands should be a digital front runner and digital safe haven by 2030. However, this shall be achieved by balancing technological advancements vis a vis the right to privacy and protection of consumers’ data. The rise of a ‘data proletariat’ must be avoided by protecting the weakest in society from big tech companies selling their personal data and constant monitoring by a surveillance state. Consumers and citizens should be made aware what kind of personal or sensitive information is collected and shared. Giving back control to the individual what is shared and what not is shared benefits liberty of choice and autonomy.

To better serve cyber security, the National Cyber Security Center (NCSC) ought to be truly independent, similar to the National Institute for Public Health and the Environment (RIVM), in order to avoid unwanted influence from Justice & Safety or the General Intelligence and Security Service (AIVD) on its public advice. Furthermore, policies for responsible disclosures by white hat hackers should be more vigorously drafted and put into practice. Especially by producers of consumer electronic goods with chips that can be accessed from the internet.

Defence needs to be able to conduct in cyber warfare operations by strengthening the Defence Cyber Command (DCC), the intelligence services and their networks. Intense collaboration between the government, academia and companies will be required. This will lead to protecting our data and our export position. Specializing Defence in a nice capability such as the ability to conduct full cyber warfare operations needs to be prioritized.

Technological changes are rapidly evolving and its impact on society is increasing. Cybercrime is seen as a threat resulting from these changes. Netherlands’ competitive advantage is linked to the digital infrastructure and the level of cyber security practices implemented. Thus, more companies and individuals in the field of cyber security shall be attracted. However, this digital growth agenda needs to be taking into account the preservation of human rights. Such an agenda is typically cross-disciplinary. Thus, coordination is required. A so called “digital triangle” between several Ministries and independent supervisors. Finally, an “iPlatform” shall be instituted where citizens and organizations shall be able to critically reflect on the relation between technology en fundamental human rights.

ChristenUnie (Conservative christian democrats)

Pornographic material related to children must be combated by specialized teams of detectives that know there way around the darknet. Because of our highly digitalized economy we are vulnerable to online threats. Having a thriving cyber security sector is important to prevent en recover from malicious activities. Start-ups shall be financially stimulated. Start-ups and scale-ups should have a advisory role in “e-governance” issues like cyber security.

The cyber threats from state and non-state actors increase international instability and have an impact on our national security. This multi-faceted threat requires Defence to deal with such threats. Acknowledging the cyber domain as a new domain to conduct warfare, so shall we need to invest in acquiring new knowledge, expertise and capabilities to have a future-proof Defence.

Synthesis

Among the political parties, there is a need to set the agenda for cyber security issues in at least four narratives. The first one that stands out is related to crimes against citizens and companies. Politicians are also worried about full blown cyber attacks that could shutdown the country, criminals that steal and sell sensitive data, and predatory pedophiles roaming free on the darknet. The solutions proposed are mainly to invest in strengthening the police apparatus and justice department to embrace the inner workings of the internet and how all kinds of different websites and applications facilitate criminals and pedophiles to conduct their malicious activities. There is an overall consensus to strengthen the capabilities to hack into suspicious network and devices used for criminal activities followed by identifying suspects and prosecute them. The right to privacy and use of encryption should no longer apply to suspects of severe criminal acts.

A second narrative that most parties apparently find important enough is the ability to engage in cyber warfare. Meaning to defend against state and non-state actors or attack on behalf of national or international interests. Defence should not try to do this on its own but by closely collaborating with academia and companies. Making the strategic decision to focus on sharpening just one or a few weapons from the weaponry instead of everything is proposed to become a specialized Defence organization instead of a generalist organization that can do a lot but not really good. However, this implies that conducting cyber warfare is independent from land, sea, air, and space capabilities, which is not the case.

The third narrative relates to linking cyber security with economic prosperity. Having a stable and secure digital infrastructure with proper laws and regulations attracts big tech companies to do business. However, this may conflict with the desire to safeguard the privacy of citizens. The privacy of citizens is at stake when cyber security measures are not in place. Big companies that hold much of our data get continuously breached by hackers and criminals for commercial gains. And if not breached, more and more companies thrive on a business model that offer their services for “free” while making profits on selling your personal data. The need for the protection of the so called “data proletariat” is a striking analogy.

A final narrative is presented that the government itself is need of an upgrade. For example, through the establishment of a new Ministry of Technology including cyber security. The creation of better and modern laws to keep up with the technological advancements including both its benefits and dangers to society. Or some sort of platform where questions and concerns are addressed concerning the relation between technological advancements and fundamental human rights.

These four narratives reveal that all of the cyber security related issues are, to paraphrase DeNardis (2014), deeply political in the sense of involving direct multi-stakeholder governance of technical infrastructure that has direct social implications and that online attacks such as DDoS are often deployed as a proxy for political activism or even part of warfare. Whatever narrative a political party wants to focus on, it most of the time comes down to an important debate where the degrees of internet freedom, related to privacy, expression or to earn money are negotiated against conflicting values of national security and law enforcement.1

1 [2014. DeNardis, Laura. The Global War for Internet Governance. Chapter 10, p243]