The Dutch government has proposed that the police should be allowed to hack into mobile phones and computers, even when these are located abroad. This proposal has been passed in the Lower House and now lies before the Senate. While this appears to be a powerful asset for law enforcement, in reality it creates unnecessary vulnerabilities for citizens.
Also, the proposal ignores several alternative solutions. The police already has the necessary means to fight cyber crime, but fails to apply them, due to limited resources and knowledge. Cyber crime must be addressed by expanding the resources of the police. Therefore the solution lies in expanding these resources rather than expanding the powers of the police. The controversial proposalThe latest version of the proposal (in Dutch) doesn’t only allow the hacking of mobile phones and computers, it extends to spying on users and the deletion of data. It would also include devices which are located abroad. Combating cyber crime is important, but through this proposal we’re rushed into legislation which is unnecessary and raises serious safety risks for citizens.
The police lacks knowledge and resources
The police already has the necessary powers to act against cyber crime, but fails to act adequately. A recent publication by McAfee stated that over one hundred command & control servers are located in the NetherlandsResearch by McAfee on command & control servers. It is possible to take those servers off line, investigate the data trail and block the internet connection of the server. But apparently none of this is being done, due to the lack of expertise and capacity.
Innocent civilians become victims
Instead the Dutch minister of Justice, focuses on a very infringing hacking methods which turns civilians into victims by introducing additional safety risks. Examples from Germany show how easily the spyware used by the police could be abusedMore information about the German 'Staatstrojaner' from CCC by criminals. The same goes for backdoors in software, which are necessary to enable the police to hack computers. Furthermore, it is unclear how anti virus software should (and will) respond when it traces this spyware.
At the same time other countries, such as China, will use the powers as a justification for their own activities. They will follow the Dutch example by allowing their police to use the same methods, including hacking abroad, in order to delete controversial data. Civilians will become the victims in an arms race between hacking governments. International cooperation, especially in the field of cybercrime, will be at stake. Therefore, it’s not surprising that an earlier version of the proposal was met with global oppositionAn international coalition against the Dutch hacking proposal.
The government should withdraw this proposal
In conclusion: the proposal of the government is bad for our cyber security. The government should be fixing security problems instead of creating them. Furthermore, more attention should be paid to improving the basic security of computers. Bits of Freedom urges the government to reconsider this proposal.