The referendum cannot be understood without understanding a bit about its political context. The referendum not only was merely consultative (and thus not legally binding), the law allowing for such referendums has already been scrapped, a fact which was used by a number of parties to state that they would ignore the results of the referendum and press ahead with the ‘dragnet surveillance law’, as its opponents called it. However, despite making the referendum seem a rather pointless exercise, opponents of the new law still fought a campaign against it. Though few thought that the previous law, from 2002, wasn’t ripe for an update, these opponents argued that the law made it too easy for the intelligence services to perform large-scale surveillance to hack devices and to share data with foreign partners. The law’s supporters defended it as necessary against current digital threats and pointed out that, while the law did indeed increase the services’ untargeted surveillance powers, a number of extra checks were introduced to prevent misuse. What did play into the hands of those supporters is that the referendum took place together with local elections in most of the country, thus making a possibly silent majority of supporters turn out to vote. In the end, though turnout was indeed over 50%, this didn’t happen: 49.44% voted against the law and with a little over four percent blank votes, this was enough for the No vote to be declared the winners. Despite the initial promise of several governing parties that they would ignore the result, the government has now said it will take the No vote into account. It is yet to be seen what this means in practice, and few expect the kinds of changes the opponents had been hoping for. Yet the long-term impact may still be important.
How will the referendum impact the online community in the Netherlands?
The Netherlands is no exception in that law enforcement and intelligence services see criminals, terrorists and nation-state actors increasingly use the Internet for their purposes and for them to be faced with laws that may seem, and in some cases clearly are, outdated. And just as elsewhere, far more people are using the Internet for work, for fun, and not rarely to do really great things. People who have a professional or personal interest in privacy and security will have thought long about these issues and have likely formed their opinion on where the balance should lie between privacy and security - or may point out that this isn’t an either/or question and that there are great solutions providing both. Most other people will not have thought about it. They will have heard of the Snowden leaks and of the online activities of various rogue actors, but they have never been forced to think where they believe the balance should lie. Thanks to this referendum and the debate surrounding it, they were asked to make a decision. And whatever your own position on the subject is, this cannot be a bad thing. It can be hard to grasp how confusing the digital world still is for those who don’t spend many hours a day working in IT or discussing privacy. Just like the Cambridge Analytica scandal will have made many people think about the personal data they provide to web companies, this debate will have made many people think about the actual implications of far-fetching or very restricted powers to the intelligence services. The politics around the referendum were messy, but every country deserves a debate like the one that was had in the Netherlands. So if you have strong views on the subject, challenge your opponents and try to engage as many people as possible in the debate. Edward Snowden had said that his biggest fear was that people simply wouldn’t care about what he did. Like his actions or loathe them, we should make sure at least this doesn’t happen.