So this is likely the last time you see me blog about my new (part time) job.
(Nederlandse versie hier).
Starting December 1st, I am one of the three members of the board that checks warrants for the Dutch intelligence and security services. This board is called “Toetsingscommissie Inzet Bevoegdheden” or TIB.
If either of the civil or the military intelligence and security services of The Netherlands want to use their lawful intercept, SIGINT or hacking (& some other) legal powers, they have to first convince their own jurists, then their ministry and finally the TIB. The TIB then studies if the warrant is legal, and that decision is binding.
The TIB consists of two judges (or former judges), plus a technical expert. There is also a secretariat and an additional technical advisor. When the Dutch law on the intelligence agencies (English version) was being rewritten in 2016, it was decided it was not enough to have judges on this panel, but that there should also be a technical member. Other countries are now following suit.
From 2003 to 2006 I worked for the civilian Dutch intelligence and security agency AIVD. Although this has not been particularly secret for some years, it might still come as somewhat of a surprise to my open source friends.
After I had decided to leave DNS and PowerDNS, I went looking for something worthwhile to do. In May 2020, a vacancy appeared on the TIB board, and I quickly realised that not many people would have the background and skills to do that job.
Becoming a member of TIB is quite a ride - you have to interview with the presidents of the two Dutch supreme courts and the national Ombudsman. Then there is another round of selection in parliament, who then have to vote on you. Next up is a very high grade security clearance. Finally the cabinet has to agree and you get appointed by royal decree and sworn in by the prime minister. Due to COVID-19 my royal decree arrived as a slightly crumpled photocopy by mail. I hope to one day see the real one.
Sadly, as you may guess, there is not much more I can tell you about the job. I am doing this work because I think it is important to have security and intelligence agencies and that they can do their jobs - the world is not kind. But I also very much believe in the rule of law, and I hope my oversight work will contribute somewhat to uphold that rule of law.
To round this off, a small Q&A:
- Are you a spy now? No, I regulate Dutch spies
- Isn’t your job secret? The work is secret, but it is policy that the oversight boards are very visible. Hence this post
- I think intelligence agencies are X or should do Y! Good point (or not, depending on X and Y), but sadly I can’t help you
- Can you do a talk/presentation on encryption/security/hacking/lawful intercept/SIGINT? Sadly, not anymore. But some of my previous thoughts can be found here
- Will you still do work on open source? Yes, galmon.eu and other projects will continue as normal