Dutch proposal to search and destroy foreign computers
On 15 October, the Dutch ministry of Justice and Security proposed powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands. Dutch digital rights movement Bits of Freedom warns for the unacceptable risks to cybersecurity and calls on other countries to strongly oppose the proposal.
Three new powers: spy, search and destroy
The proposal (Dutch, PDF, see here for an unofficial English translation) would grant powers to the Dutch police to break into computers, including mobile phones, via the internet in order to:
- install spyware, allowing the police to overtake the computer;
- search data on the computer, including data on computers located in other countries; and
- destroy data on the computer, including data on computers located in other countries.
If the location of the computer cannot be determined, for example in the case of Tor-hidden services, the police is not required to submit a request for legal assistance to another country before breaking in. Under the current text, it is uncertain whether a legal assistance request would be legally required, or merely preferred, if the location of the computer is known. The exercise of these powers requires a warrant from a Dutch court.
Hacking proposal poses unacceptable cybersecurity risk
This proposal poses unacceptable risks. If the Dutch government gets the power to break into foreign computers, this gives other governments the basis to break into Dutch computers which infringe the laws of their country. The end result could be less security for all computer users, instead of more. This is even more true with regard to the power to destroy data on foreign computers; it is likely that other governments would be very interested in using such a power against Dutch interests.
Furthermore, providing the government the power to break into computers provides a perverse incentive to keep information security weak. Millions of computers could remain badly secured because the government does not have an incentive to publish vulnerabilities quickly because it needs to exploit these vulnerabilities for enforcement purposes.
In addition, spyware is difficult to control. Research from the Chaos Computer Club demonstrates that, even though spyware from the German police was intended to be used to intercept only Skype calls, it could in practice be extended to take over the entire computer. In addition, the spyware itself could be remotely hacked by criminals as well, allowing them to take over the computer of a suspect.
The risks above do not even touch on the privacy-issues yet. Breaking into a computer infringes the privacy not only of the suspect, but of all non-suspects whose data is also on the computer. And, somewhat related to this, the value of evidence gathered via these methods is at the least less obvious and will be harder to assess in court. The digital nature of the investigation makes it harder to prove that evidence was not fabricated or perhaps destroyed by the police.
International opposition is necessary
A legislative text implementing the highly controversial proposal will be introduced to parliament in the coming months. The law does not only concern the Netherlands: it concerns all countries whose IT-infrastructure may be affected. Bits of Freedom therefore calls on other countries to oppose the proposal. Laws like these make the internet a more dangerous place.
Marti Van Lin
How are they going to install this spyware on my GNU/Linux machines without my knowledge and thus the option to cancel the installation?
Isn’t installing spyware a crime?
Sarge Misfit
Can I charge them with cybercrime if I discover that they ahve installed spyware on my ssytem, which is in Canada?
Gee Plaster
And how will they react when an extraction team has captured and brought the warrant issuing judge and dutch police officers who executed that warrant to the country where the performed the cybercrime?
Qualified immunity doesnt extend over borders last I knew.
GD
I hope so…
But why don’t you start by looking at your next door neighbour and maybe your own government too.
ps.
There are many governments where they don’t legislate this but just do it without ‘anyone’ knowing about it.
thomas vesely
the world is going fascist.
ldbroersma
Ter informatie het voorstel van Opstelten zoals gestuurd naar de Kamer:
https://zoek.officielebekendmakingen.nl/kst-28684-363.html?zoekcriteria=%3fzkt%3dUitgebreid%26pst%3dParlementaireDocumenten%26vrt%3djustitie%2ben%2bveiligheid%26zkd%3dInDeGeheleText%26dpr%3dAfgelopenMaand%26spd%3d20120919%26epd%3d20121019%26kmr%3d%26sdt%3dKenmerkendeDatum%26isp%3dtrue%26pnr%3d2%26rpp%3d10%26_page%3d3%26sorttype%3d1%26sortorder%3d4&resultIndex=28&sorttype=1&sortorder=4
Avi Finkneurenstein
In een wereld die zo verdorven, gedachten, ideeën en visies, vlekken van informatie: moet eigendom zijn van controle.
Gonzo
A crime is something defined by governments and a privilage committed by the same.
Access to human rights for people still remains wishful thinking in most parts of the World.
Daniel Knight
The title doesn’t match the aritcle. Anyways, typical government, under Satan’s control.
wow
Unreal!!
Isn’t installing spyware a crime? if they do that like that
yes!!! now… facepalm now go uninsall your life!!
Daniel Lyons
Did I miss something? Why does the Dutch government want to invade our computers? What would they be looking for that would justify using totalitarian tactics upon a free people who have the right to privacy unless there is reasonable cause to suspect a crime being committed?
erminio
What do you know about this?
AwE130
They look for anything that is not confirming their standards. In the old days the elite rulers burned the books of some people, but that is so nineties today. By destroying the information they try to stop people from getting to information they do not want you to see. Like the moon landings or 9-11 just to name a few.
Peace to you all
Van Gaal
This is called The Longshanks Proposal
Anoniem
The fact they are asking for it to be made legal strongly suggests that they are already doing it.
Peter Westerhof
The reaction by BoF is misquoting the letter, the letter’s summary to begin with, and is in my opinion suggestive.
This is not helping things, let alone guarding the Rule of Law and the protection of civil liberties.
The letter can be found here https://zoek.officielebekendmakingen.nl/dossier/28684/kst-28684-363
In Dutch, but it should pose no problems to translation robots.
Ot van Daalen
@Peter: Could you please indicate what we are misquoting?
Peter Westerhof
Below my comment as posted elsewhere:
++ START QUOTE ++
I really think this is not a entirely fully correct representation of the matter at hand.
– – –
This a letter by the Minister of Security and Justice to the Dutch House of Representatives as a reaction to its request to that effect.
The letter’s summary states : “This letter contains proposals to, within the framework of the rule of law, proportionality, subsidiarity and respect for the privacy of citizens, a number of issues to be worked out into in legislation to strengthen the powers for the investigation and prosecution of cybercrime. The goal of this new legislation is to adapt the legal framework for the investigation and prosecution of cybercrime, by the services responsible for the investigation and prosecution of cybercrime, to identified needs.”
– – –
So the letter states the intention to undertake preparations which may serve to design proposals for new law in a catch-up effort to strengthen the investigation and prosecution of cybercrime.
The letter specifically targets issues with obstructions to law enforcements efforts ; f.i. encrypted storage of child porn.
So, mind you, this is a 3-stage effort and not law to take effect very shortly. This is therefore something entirely different than “powers proposed”.
Also stating “powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands.” is misquoting the letter, the letter’s summary to begin with, and is in my opinion suggestive.
This is not helping things, let alone guarding the Rule of Law and the protection of civil liberties.
– – –
The letter can be found here https://zoek.officielebekendmakingen.nl/dossier/28684/kst-28684-363
In Dutch, but it should pose no problems to translation robots.
++ END QUOTE ++
Ot van Daalen
@Peter: Thank you for your valuable comments. You’re right: the government did not yet introduce a legislative text. However, the powers envisaged in the letter are crystal clear: to break into computers, to search computers and to destroy data on computers. I agree that exaggeration only has an adverse effect, but we do not exaggerate (unfortunately). And to be sure: the goal of the proposal is entirely legitimate, but even then, these measures have to comply with human rights law and broader effects on cybersecurity need to be investigated.
Cathy Vogan
“The digital nature of the investigation makes it harder to prove that evidence was not fabricated or perhaps destroyed by the police.” – or fabricated by a third party, either locally or from a remote location.
Anoniem
invasion from another is an act of war !
Liam
I do not believe the Dutch, a reasonable people, would think themselves so high and mighty to break international law. It would obviously be an act of war. This is just another example of government overpowering the will of the people.
If they did this sort of thing in America, would we be wrong in sending a JDAM into the heart of the Netherlands? Poor taste, really. Are you guys out of your mind?
Netizen Report: Cyber-Police Edition - Global Voices Advocacy
[…] in cyberspace for the sake of fighting and preventing crime. In the Netherlands, the government has pushed the parliament to pass a law to facilitate police surveillance across international borders. […]
In early 2015, Dutch govt will ask parliament to grant hacking power to law enforcement | Matthijs R. Koot's notebook
[…] (computers, phones, etc.), under certain circumstances. The proposal was covered on Slashdot and criticized by Bits of Freedom. In May 2013, the Dutch govt submitted the proposal for public consultation. […]
EFF takes up call of Bits of Freedom | Random musings, rambling opinions
[…] linked to an article by Bits of Freedom last week, calling for international opposition against the latest plan by […]
Bits of Freedom calls for international opposition against Dutch proposal | Random musings, rambling opinions
[…] wanting to grant police the right to hack into suspects computers, even across borders. In an article on their blog, they outline the cybersecurity risks related to this proposal. I’m also hoping for a lot of […]
Dutch proposal to search and destroy foreign computers « Bits of Freedom – Amalgamated Contemplation
[…] Dutch proposal to search and destroy foreign computers « Bits of Freedom […]