And it would enable tracking of people, how nice...

If organisations published there SSL certificates using DNSSEC ( http://tools.ietf.org/html/draft-ietf-dane-protocol-10 ) and Web Browsers incorporated DANE and DNSSEC validation technology like DNSSEC Validator for Mozilla the users would be better protected. Organisations that want to their customers/staff would protect not rely on a single method.

"Mozilla has already announced that it will also remove PKIoverheid from the list of trusted certificates following the Dutch government's assessment"

Uhm, they already updated firefox august 30th to remove the certificates:

"Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see bug 682927 and the security advisory)"

Making all their certificates null and void I would surmise

Ironic that we actually did some checking on them when one of our communication parties (we use certificates for SFTP) wanted us to use certificate signed by them. Fortunately we said no as they didn't at the time even have an English website or support team. I wonder if anyone other than the Dutch use them?