Wide scale of Dutch state surveillance revealed by data leak

Concern over both the leak of data and the extent of surveillance by authorities in the Netherlands.

Wide scale of Dutch state surveillance revealed by data leak
Wide scale of Dutch state surveillance revealed by data leak
The NRC, a Dutch national newspaper, claims to have revealed the large scale of state surveillance in the Netherlands with the revelation of dozens of confidential police files that have ended up in the public domain.

The files - which were accessible via Google - included details of murders, armed robberies, gangs and the actions of suspected Jihadis.

Police have confirmed the leak and taken the data offline.

The newspaper claims that the data from ongoing police investigations was placed on the personal website of an accountant, apparently by a relative who works for the police IT department.

It remains unclear why and how this happened, says the paper, which adds that the documents cover cases which involve suspects being monitored and some involve information from police informants.

Interestingly, the paper notes that the data relates to several criminal cases in which defendants are involved, with the information being indexed/mapped to allow easy cross referencing.

In one instance cited by the NRC, the network of people around a leader of a criminal organisation was completely mapped. In another, a group of teenagers suspected to be travelling to Syria for a Jihad, were found to have been tracked in their travels.

The paper adds that the leaked information also contains names, photos and addresses of dozens of suspects, including details of the cars they drive, as well as the areas they visit, and what mobile phones they favour.

In one example cited by the paper, a 17-year-old suspect read online how he left his home at 8.50 pm last month, what clothes he was wearing and how he travels by bus to school. Around 11:00 am on another day, notes the paper, he was seen to be walking with friends to a shopping mall.

Investigation


The Dutch National Department has launched an investigation into the leaking of confidential criminal information, but says that the data - whilst stored on a website, had been flagged as inactive.

Fran Howarth, a senior security analyst with Bloor Research, said the discovery of the documents illustrates the fact - known to most Ditch citizens, she says - that the Netherlands is arguably the most surveilled country in Europe.

"The general consensus is that there is a high degree of paranoia amongst the security services in the Netherlands," she said, adding that the widespread sharing of data between the various government departments in the Netherlands is almost certainly the main reason why the data was so easily accessible.

The story, she explained, is really about the fact that there is way too much data on private citizens that is available online and shared between multiple agencies. The Dutch police, she said, have far too much in the way of surveillance powers.

Nigel Stanley, a former security analyst and now practice director for cyber-security, risk and compliance with OpenSky UK, was critical of the security methodology used by the Dutch police, who he said - whilst they clearly have a job to do - need to practice better system hygiene, as it is one thing to surveil data for internal use, but it is an entirely different matter to then leak that data on the public Internet.

"Given what we know about state surveillance in the wake of the Edward Snowden affair, we all understand the need for information collation on the bad guys. Leaking this information, however, is not good. What is of concern is this data was effectively leaked publicly via Google - it should not have happened," he explained.