Dutch marines collected messages on social media and news websites about developments that might be of interest to them. Think of the refugees crossing from Venezuela to the Caribbean Netherlands. But now they don’t make this digital clipping newspaper anymore. Because the messages contain names of people. Retaining them may constitute a violation of the rules for the protection of personal information.
The Dutch Air Force wants to use Internet searches to gain insight into possible threats to air bases, such as demonstrations or sabotage. Being able to alert the police if the threats seem serious. But for now, no one in the air force’s tower in Breda is typing the keywords ‘airbase X’ plus ‘demonstration’. Because that inevitably results in a by-catch of personal names. This may also be a breach of the Privacy Act.
“After the Land Information Maneuver Center (LIMC), there has been a fear of processing personal data,” the analysis agency Eiffel notes in a defense report a few months old. The LIMC was an army unit that mapped the corona pandemic and disinformation in 2020 by browsing social media and websites – without a legal basis and without complying with privacy laws.
After publications in NRC shut down and eventually discontinued. Subsequently, dozens of other armed forces’ initiatives in the so-called information domain were scrutinized and frozen in cases of doubt, as in the examples above. The Ministry of Defense’s privacy watchdog now closely monitors all military activities on the Internet.
At the same time, Dutch soldiers are expected to develop into true internet ninjas, using their smartphones and laptops as easily and effectively as their handguns and grenade launchers. Today’s warfare requires soldiers to be able to gather, interpret and use all kinds of information at lightning speed. LIMC, which in its reports highlighted among other things the demonstrations of Virus Truth and the conspiracy theories surrounding Bill Gates, therefore intended to practice this ‘battle with information’.
Also read: The army collected information without a legal basis for months during the corona crisis
The LIMC debacle shows that the armed forces are stuck between what should and what is (yet) not allowed, concludes the Brouwer committee in a report published earlier this month. Brouwer is harsh about the legal bits made with LIMC (“impermissible for an armed force”), but even harsher that politicians and officials have not equipped the armed forces with the right legal tools.
Brouwer therefore calls on politicians to finally get this right, seven years after ‘information-driven action’ officially became part of the defense strategy. Minister Kajsa Ollongren (Defence, D66) has now adopted Brouwer’s recommendations. The House of Representatives will consider it on Thursday during the debate on the future of the armed forces.
Glimpses of that future can already be seen in Ukraine, which was invaded by Russia almost a year ago. The Ukrainian armed forces are very good at making videos of, for example, destroyed apartment blocks and creating Internet memes like the one about the mythical pilot who is said to have shot down countless Russian fighter jets. They inspire not only their own soldiers and civilians, but also foreign governments, which continue to send weapons as a result.
Such information operations are not new in themselves, the military magazine points out Military review, but the Ukrainians are giving a ‘tactical TikTok’ masterclass this way. With their smartphone, soldiers on the battlefield make films of possible war crimes or Russian impotence and share them. It happens very quickly, and yet only what fits into Ukraine’s booth.
For example, the video of the destroyed Russian tank being towed away by a tractor trailer put an end to the idea that Russia would win the war so quickly. “The Ukrainian armed forces probably have someone in every unit making that kind of content, just like you have a wounded aide or a machine gunner,” says Gwenda Nielen. She used to work in defense for information operations and now works for a company that fights disinformation.
The LIMC debacle shows that the armed forces are stuck between what should and what is not (yet) allowed
The idea is that Dutch soldiers should be able to move in the information domain just as easily. Suppose an NCO, says Nielen, hears soldiers say that the war in Ukraine was provoked by the NATO alliance. “Then he has to understand ‘hey, this story is coming from Russia’. And be able to have the conversation. ‘Where did you see that? Oh, on TikTok, did you check that source? It’s coming from this website for conspiracy theorists.'”
Soldiers on deployment need to know not only where the bridges and mountains are in the mission area, but also what is going on among the local population. “So if the military suddenly no longer has contact with the population, they must be able to think: Could it be due to an untrue story that our opponents are spreading via social media?” says Nielen. “And then think what our story will be.”
Reconnaissance units can seek public sources for this purpose if military personnel are officially deployed on a mission, for example – with a government letter to the House of Representatives. “Only outside there are also strategic conflicts, such as Russian disinformation campaigns, in the so-called gray zone. Because there is no formal war, soldiers are not allowed to follow such things on the Internet,” says Danny Pronk. He is an intelligence expert who previously worked for the Military Intelligence and Security Service (MIVD).
Read here how the army searched the internet for disinformation
The MIVD is allowed to collect intelligence, but it comes partly from closed sources, is secret and above all must protect the Dutch state. “The commanders of the Army, Navy and Air Force also need operational information to prepare their units for possible deployment,” says Pronk: “The MIVD still does not adequately meet this need.”
This can be seen in the air force, which would like to be able to assess if and when the Very High Readiness Joint Task Force, NATO’s ‘flash force’, will be deployed – and therefore Dutch fighter jets will take off. The MIVD probably has too little capacity to do the necessary analyses, says the Eiffel report: “It is probably ‘too late’ if information is only collected when the planes are already about to take off.” Therefore, the Air Force would like to collect mountains of information on the Internet itself – but yes, privacy legislation.
This is how Brouwer’s ‘clamp’ appears again and again. To capture trends, ‘feelings’ and widely shared stories (“narratives”), military personnel will prefer to work with widespread software that quickly sifts through a sea of public data (scrape). Inevitably, names of people are left on the horizon, whether it is a politician or the holder of a Twitter account with many followers.
The MIVD is allowed to collect intelligence, but it comes partly from closed sources and is secret
The software usually discards these names, but it is still a form of personal data processing. This means that data storage falls under the General Data Protection Regulation (GDPR), with all the associated obligations, from retention periods to a legal basis.
The latter is the most important, the Brouwer committee emphasizes in its report, and not for nothing Basically searched states: “The principle is and remains that the deployment of the armed forces always requires a basis based on a decision by the government.” LIMC therefore searched for months, but in vain, for such a basis, including a request for assistance from the police.
Read here how the defense argued about LIMC
To free the armed forces from this trap, Brouwer makes several suggestions. One: Make a new defense law, which has the disadvantage that it can take years. Two: Bring the entire armed forces under the GDPR and get the Secretary of Defense to make an exception to the processing of personal data in the event of ‘deployment or disclosure to the armed forces’. The disadvantage of this is that the State Council believes that such exceptions should really be legislated.
The third proposal therefore seems most promising: come up with something within the existing rules. By having soldiers train in a “(yet to be created) virtual gym”. Or by letting a number of them work temporarily with MIVD; they can then “acquire the knowledge and experience necessary for deployment in the information domain”.
MIVD chief Jan Swillens is willing to cooperate on such a thing, believes intelligence expert Pronk: “Swillens has often stated that he wants to do more for the armed forces.” Pronk only doubts whether the MIVD has the capacity to “train hundreds of soldiers”. According to Nielen, it also doesn’t make much sense to “create a huge security service with specialists producing secret documents, while ordinary soldiers have to do analysis based on public information.”
For now, the best solution seems to be to have soldiers practice in a shielded environment with their own search engine and (partially) fictitious data. “When I was still an intelligence officer in the Air Force, we went on an exercise in Canada and I came up with scenarios for the pilots,” says Pronk. “You can do that for the information domain as well.”
Gwenda Nielen is now developing an ‘experimentation environment’ with Cambridge University in Mastodon, which has emerged as an alternative to Twitter, where you can gradually train ‘with real data sets, but without the personal data’. According to her, it takes a lot of time and money to create a complex training environment that approaches reality: “While that environment simply already exists, on everyone’s smartphone.”