Army preps STEM asset vehicle

Ot van Daalen

18 oktober 2012 11:13
Door Ot van Daalen

Cybersecurity

Dutch proposal to search and destroy foreign computers

On 15 October, the Dutch ministry of Justice and Security proposed powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands. Dutch digital rights movement Bits of Freedom warns for the unacceptable risks to cybersecurity and calls on other countries to strongly oppose the proposal.

Three new powers: spy, search and destroy

The proposal (Dutch, PDF, see here for an unofficial English translation) would grant powers to the Dutch police to break into computers, including mobile phones, via the internet in order to:

  • install spyware, allowing the police to overtake the computer;
  • search data on the computer, including data on computers located in other countries; and
  • destroy data on the computer, including data on computers located in other countries.

If the location of the computer cannot be determined, for example in the case of Tor-hidden services, the police is not required to submit a request for legal assistance to another country before breaking in. Under the current text, it is uncertain whether a legal assistance request would be legally required, or merely preferred, if the location of the computer is known. The exercise of these powers requires a warrant from a Dutch court.

Hacking proposal poses unacceptable cybersecurity risk

This proposal poses unacceptable risks. If the Dutch government gets the power to break into foreign computers, this gives other governments the basis to break into Dutch computers which infringe the laws of their country. The end result could be less security for all computer users, instead of more. This is even more true with regard to the power to destroy data on foreign computers; it is likely that other governments would be very interested in using such a power against Dutch interests.

Furthermore, providing the government the power to break into computers provides a perverse incentive to keep information security weak. Millions of computers could remain badly secured because the government does not have an incentive to publish vulnerabilities quickly because it needs to exploit these vulnerabilities for enforcement purposes.

In addition, spyware is difficult to control. Research from the Chaos Computer Club demonstrates that, even though spyware from the German police was intended to be used to intercept only Skype calls, it could in practice be extended to take over the entire computer. In addition, the spyware itself could be remotely hacked by criminals as well, allowing them to take over the computer of a suspect.

The risks above do not even touch on the privacy-issues yet. Breaking into a computer infringes the privacy not only of the suspect, but of all non-suspects whose data is also on the computer. And, somewhat related to this, the value of evidence gathered via these methods is at the least less obvious and will be harder to assess in court. The digital nature of the investigation makes it harder to prove that evidence was not fabricated or perhaps destroyed by the police.

International opposition is necessary

A legislative text implementing the highly controversial proposal will be introduced to parliament in the coming months. The law does not only concern the Netherlands: it concerns all countries whose IT-infrastructure may be affected. Bits of Freedom therefore calls on other countries to oppose the proposal. Laws like these make the internet a more dangerous place.

22 reacties

laat een bericht achter

Liam zegt:

I do not believe the Dutch, a reasonable people, would think themselves so high and mighty to break international law. It would obviously be an act of war. This is just another example of government overpowering the will of the people.

If they did this sort of thing in America, would we be wrong in sending a JDAM into the heart of the Netherlands? Poor taste, really. Are you guys out of your mind?

Anoniem zegt:

invasion from another is an act of war !

Cathy Vogan zegt:

“The digital nature of the investigation makes it harder to prove that evidence was not fabricated or perhaps destroyed by the police.” – or fabricated by a third party, either locally or from a remote location.

Peter Westerhof zegt:

The reaction by BoF is misquoting the letter, the letter’s summary to begin with, and is in my opinion suggestive.
This is not helping things, let alone guarding the Rule of Law and the protection of civil liberties.

The letter can be found here https://zoek.officielebekendmakingen.nl/dossier/28684/kst-28684-363
In Dutch, but it should pose no problems to translation robots.

Ot van Daalen zegt:

@Peter: Could you please indicate what we are misquoting?

Peter Westerhof zegt:

Below my comment as posted elsewhere:

++ START QUOTE ++

I really think this is not a entirely fully correct representation of the matter at hand.

- – -

This a letter by the Minister of Security and Justice to the Dutch House of Representatives as a reaction to its request to that effect.

The letter’s summary states : “This letter contains proposals to, within the framework of the rule of law, proportionality, subsidiarity and respect for the privacy of citizens, a number of issues to be worked out into in legislation to strengthen the powers for the investigation and prosecution of cybercrime. The goal of this new legislation is to adapt the legal framework for the investigation and prosecution of cybercrime, by the services responsible for the investigation and prosecution of cybercrime, to identified needs.”

- – -

So the letter states the intention to undertake preparations which may serve to design proposals for new law in a catch-up effort to strengthen the investigation and prosecution of cybercrime.
The letter specifically targets issues with obstructions to law enforcements efforts ; f.i. encrypted storage of child porn.

So, mind you, this is a 3-stage effort and not law to take effect very shortly. This is therefore something entirely different than “powers proposed”.
Also stating “powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands.” is misquoting the letter, the letter’s summary to begin with, and is in my opinion suggestive.
This is not helping things, let alone guarding the Rule of Law and the protection of civil liberties.

- – -

The letter can be found here https://zoek.officielebekendmakingen.nl/dossier/28684/kst-28684-363
In Dutch, but it should pose no problems to translation robots.

++ END QUOTE ++

Ot van Daalen zegt:

@Peter: Thank you for your valuable comments. You’re right: the government did not yet introduce a legislative text. However, the powers envisaged in the letter are crystal clear: to break into computers, to search computers and to destroy data on computers. I agree that exaggeration only has an adverse effect, but we do not exaggerate (unfortunately). And to be sure: the goal of the proposal is entirely legitimate, but even then, these measures have to comply with human rights law and broader effects on cybersecurity need to be investigated.

Anoniem zegt:

The fact they are asking for it to be made legal strongly suggests that they are already doing it.

Van Gaal zegt:

This is called The Longshanks Proposal

erminio zegt:

What do you know about this?

Daniel Lyons zegt:

Did I miss something? Why does the Dutch government want to invade our computers? What would they be looking for that would justify using totalitarian tactics upon a free people who have the right to privacy unless there is reasonable cause to suspect a crime being committed?

AwE130 zegt:

They look for anything that is not confirming their standards. In the old days the elite rulers burned the books of some people, but that is so nineties today. By destroying the information they try to stop people from getting to information they do not want you to see. Like the moon landings or 9-11 just to name a few.
Peace to you all

wow zegt:

Unreal!!

Isn’t installing spyware a crime? if they do that like that
yes!!! now… facepalm now go uninsall your life!!

The title doesn’t match the aritcle. Anyways, typical government, under Satan’s control.

Gonzo zegt:

A crime is something defined by governments and a privilage committed by the same.

Access to human rights for people still remains wishful thinking in most parts of the World.

Avi Finkneurenstein zegt:

In een wereld die zo verdorven, gedachten, ideeën en visies, vlekken van informatie: moet eigendom zijn van controle.

the world is going fascist.

Gee Plaster zegt:

And how will they react when an extraction team has captured and brought the warrant issuing judge and dutch police officers who executed that warrant to the country where the performed the cybercrime?

Qualified immunity doesnt extend over borders last I knew.

Sarge Misfit zegt:

Can I charge them with cybercrime if I discover that they ahve installed spyware on my ssytem, which is in Canada?

GD zegt:

I hope so…
But why don’t you start by looking at your next door neighbour and maybe your own government too.

ps.
There are many governments where they don’t legislate this but just do it without ‘anyone’ knowing about it.

How are they going to install this spyware on my GNU/Linux machines without my knowledge and thus the option to cancel the installation?

Isn’t installing spyware a crime?

Geef een reactie

Het e-mailadres wordt niet gepubliceerd.

De volgende HTML-tags en -attributen zijn toegestaan: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

WORD DONATEUR

Zoek in blog

MEEST GELEZEN

  1. Drie redenen waarom overname WhatsApp slecht nieuws is
    20 februari 2014 / 17:13
  2. Hoe kies ik de beste chat-app?
    28 februari 2014 / 17:12
  3. Drie vragen over Big Data, privacy en de ING
    10 maart 2014 / 13:40
  4. Maandag D-Day voor netneutraliteit
    21 februari 2014 / 17:02
  5. Thanks for all the fish
    21 februari 2014 / 13:37