Wednesday March 21, is an important day. Not only will the country vote for new city councils, we also can vote in the second (and last) advisory referendum, this time on the law on the intelligences services, WiV. There are pros and cons, but what about the technical side of it?

Even though the bill is already in effect since January, we still can give an advice as to whether we want it or not. The new bill replaces the one from 2002, when digital communication and the Internet were just arriving. So most of the regulations were focussed on interception of communication that went through the ether. This bill focusses more on wired communication taps. That doesn’t mean that between then and now there were no wire taps on digital communication, it was just not really regulated and was only regulated when aimed for a specific target. The new bill has been updated, regulation has been added to address these techniques and the intelligences services now have to follow the rules on that.

One hundred percent filtered

But the rules have also been expanded. Especially when it comes to what data can be collected and how long they can store that data. Basically all online traffic can (and probably will) now be filtered, without any suspicion of suspected behaviour or threat. So whether you watch YouTube videos or Netflix, send a WhatsApp message or an e-mail, or look at websites that are Not Safe For Work; All that data and traffic will go through the filters. If something pops up, it will be stored. This already happens in countries like the US, the UK, Germany and Switzerland.

Three years

According to the intelligences services, 95 – 98 percent of the traffic will not be stored, because it shows no suspicious behaviour – at least not criminally speaking. But the two percent that is being stored, can be kept on their servers for three years. And if a prosecutor wants to hold on to it longer, he can ask for an extension, up to six years. Even longer if they find anything in let’s say a WhatsApp message that they have decrypted. That’s not possible yet at this point, due to the end-to-end encryption, but if they are able, what will stop the intelligence services to sift through all those messages?

How do they do it?

After reading the new bill, we still have some questions, technical ones. How in the world are they going to collect and store all this data? Because on a daily basis, there is a huge amount of data floating around. It is not unusual for an Internet Exchange to see up to 5.500 Gb of data being transferred per second(!) during peak times. That data has to go through servers somewhere, right? And although they will store only two percent of the data, think of how many racks you would need for that. In the US, the NSA has a 100.000 square meter server farm just for storage. Where will the intelligences services store the data here in the Netherlands? Is there a huge building we just haven’t discovered yet?

There is a fine line between privacy and security and everybody has to make their own choice as to whether they think the new bill should stay in place or not. So read up on it and let your voice be heard tomorrow.