Ronald Prins slips into his seat at Bodega de Posthoorn — a restaurant the waiter describes as “the very center of The Hague” — and sizes up the other diners in the wood-paneled room. The eatery is famous in the Dutch political capital for its clientele: politicians, diplomats, civil servants, artists, the occasional royal — and, says Prins, more than its share of spies. “It used to be the security services favorite place to eavesdrop.” For almost 60 years, the U.S. Embassy sat right opposite the restaurant — “How convenient,” Prins jokes.
Hes in a position to know. For decades, the mathematician-turned-hacker ran a cybersecurity firm that served as a parallel intelligence service for the Dutch government. A regular guest on talk shows beamed into the countrys 8 million households, he was a chief advocate of expanding the states online surveillance powers.
Now hes arguably the most powerful member of the three-person committee charged with advising the interior ministry on cyber spying by the Netherlands intelligence agencies. Any request for online hacking or surveillance must first pass Prins desk. “Its essential that not only jurists look at this, but you also have a technical understanding of whats possible,” he said. His two peers on the committee, both judges, have told him they dont dare to call shots without him around, he says, “because they dont always know what theyre saying yes to.”
With a seat on the countrys Electoral Council, Prins will also oversee measures against cyberattacks on next years European election.
The 49-year-old former hackers position puts him at the nerve center of digital security in the Netherlands, at a time when the country is fast becoming one of the Wests most powerful cyberintelligence powers. Earlier this year, Dutch intelligence revealed it had penetrated Cozy Bear, the infamous Russian hacker group, taking over their computers and even the closed-circuit video cameras mounted in their building near Moscows Red Square.
Dutch cyber police have worked with U.S. authorities to take down two of the largest dark-web marketplaces for the trading in illicit goods. And in October, Dutch authorities announced the countrys intelligence agencies had fended off an attempt by Russian intelligence agents to hack the Organization for the Prohibition of Chemical Weapons.
“You can violate someones privacy as long as the safeguards are properly set in the law” — Ronald Prins
To a large extent, the rising profile of Dutch spooks is Prins doing. For nearly two decades, he ran Fox-IT, a private cyberintelligence firm providing security to governments, as well as banks and other large companies. One-third of the companys revenue came from contracts with the Dutch government to secure state secrets with custom encryption.
Before founding Fox-IT, Prins spent a short stint working for the Dutch General Intelligence and Security Service (AVID), where he felt his efforts were unduly constrained by the law — more so, it turns out, than when he set up his own firm. “Its bonkers that you could do more as a private company than as police,” he says.
As Dutch authorities took up legislation on cybersecurity, Prins advised AVIDs lawyers. His input led to providing intelligence agencies with new hacking powers in 2002. And last year, the Dutch parliament adopted a new law, expanding the governments ability to hack into computers and carry out mass surveillance.
Prins — who started his current job last April after selling Fox-IT for €133 million to the British firm NCC Group in 2015 — dismisses critics who accuse him of championing measures that undermine civil liberties. “Those who have fears also make a lot of noise,” he says. “You can violate someones privacy, as long as the safeguards are properly set in the law.”
Dutch citizens, he says, are in safe hands: his. “No one can just march over and tell me: You have to approve this or else youre endangering national security. To them I say: Bugger off, Ill make up my own mind.”