Dutch Gov't Has No Idea How To Delete Tapped Calls

McDutchie writes "The law in the Netherlands says that intercepted phone calls between attorneys and their clients must be destroyed. But the Dutch government has been keeping under wraps for years that no one has the foggiest clue how to delete them (Google translation). Now, an email (PDF) from the National Police Services Agency (KLPD) has surfaced, revealing that the working of the technology in question is a NetApp trade secret. The Dutch police are now trying to get their Israeli supplier Verint to tell them how to delete tapped calls and comply with the law. Meanwhile, attorneys in the Netherlands remain afraid to use their phones."

You can't make this stuff up

[Finallyjoined!!!]

Absolutely superb.

Re:You can't make this stuff up

[rvw]

I thought a Dutch Delete only applied to torrents?

No no! The Dutch Police used to share all phone taps via torrents, and now they don't know how to delete those. That's the real reason why The Pirate Bay should be shut down.

Re:You can't make this stuff up

[ZeRu]

"Meanwhile, attorneys in the Netherlands remain afraid to use their phones." Apparently they need some Dutch courage.

Re:You can't make this stuff up

[MrNaz]

Dutch courage eh? /me hands the Dutch legal fraternity a nice, cold glass of encryption.

Seriously, why don't we all just move to encrypted SIP clients? It's not like there aren't a pile of open source ones out there.Yes, it'll never be mass market, but it's now easy enough for anyone clued up enough to know that they need to be using it.

Failing that, there's always encrypted email. Thunderbird + Enigmail is a no-brainer.

not afraid

[Djinh]

Lawyers aren't afraid at all to use the phone: If a tapped conversation between them and their client turns up later in court, their client usually walks.

Re:not afraid

[ledow]

I think you're only looking at the simple case. What about: I find out the intimate details of what you and your client were talking about on the phone and then use those details to dig deeper and find evidence I never would have without that phone call? Then I turn up in court, destroy your case, have nothing but hard evidence and you have no way of knowing that I used your taped conversation to do so (and probably couldn't prove it even if you thought that).

It'd be immoral and illegal but it *would* destroy your case outright and the chances of me getting caught are probably quite low if I'm someone with intelligence and knowledge of legal workings like, say, another lawyer?

Re:not afraid

The police wouldn't be dumb enough to use that as evidence.

What they are more concerned about is the police hearing "Oh, you did do it? Right, this is how we'll get you off..."

Once they know you did it, even if they can't use that recording, you can bet your bottom dollar they will put every resource to use in finding the proof you did it, where without that taped call they may see no surface evidence and move on to the next suspect.

Re:not afraid

That may be true, but if the police / the prosecution is smart, they don't use the tapped calls themselves as evidence, but simply use them during their own investigation, and to better prepare their rebuttal to the defense attorney's arguments.

Regardless of lawyers' feelings, this is a major violation of a basic right to have a private conversation with your defense attorney. The fact that these calls are tapped at all is outrageous. If those calls were occasionally accidentally stored that would be even more outrageous. But if they are not only recorded but even impossible to delete, ... well I can't think of a word.

Re:not afraid

[dajak]

The conversation between lawyer and client may be confidential, but the extent of the protective perimeter you set up around it is a practical matter.

You may declare prison and law office phones sacred altogether in order to make sure you don't record such conversations, missing a lot of useful conversations, but if you don't, you will have to listen to the conversations to establish, firstly, that it is a confidential conversation, and secondly, that the recording doesn't contain parts you presumably may use (for instance the lawyer dictating something to a secretary in the background).

Dutch practice is that you may not use or store it in principle but you may listen to the recording and store it until you did. After that, you have to destroy it, and the suspicion is now that the system only deletes it.

Having said that, this whole thing became an issue after it was discovered confidential phone conversations were actually copied to DVD by the police in one high profile case, which is indeed outrageous.

Easy

[L4t3r4lu5]

Take media with recorded conversations, place in a pile, load it up with a half-tonne of aluminium filings and iron oxide, and apply a high temperature heat source.

You might want to wear safety goggles.

Re:Easy

[MichaelSmith]

The best place to set fire to your mixture is in the basement of your houses of parliament.

Just put an average user at the console ...

... and tell them that there's no way they could ever delete anything. Trust me, they'll find a way.

So many telcos

[AHuxley]

Use Israeli telco supply firms for outsourced backend billing and interception.
Fox new did a report on it
http://www.youtube.com/watch?v=kle7ZgmFcpQ (pt 1)
http://www.youtube.com/watch?v=ZeaXlrldqwo (pt 2)
Why or how so many national telcos let interception drift away from core in house responsibilities is just strange.
If your an attorney and your client is literate, buy a note pad, write out your work, read and then destroy (with a few pages under the written page too).
With fusion centres in the US and any suspect now a "terrorist" most of the attorney client privilege protection is getting blurred.

any slashdot reader surprised?

[kubitus]

Israels IT industry is world champion in wiretapping everything.

And I am not sure if they are interested in having tapped calls deleted

I mean really deleted!

Re:Every knows

[badfish99]

Have you tried a tinfoil hat?

Nuke it from orbit its the only way to be sure

[MichaelSmith]

rm -rf /

Re:Nuke it from orbit its the only way to be sure

[Linker3000]

Store the data on your Sidekick device?

No joke, it's hard

[Odo]

Deleting data is really really hard. If one is storing large amounts of data it is difficult to put a system in place which can prove that every copy in your posession has been deleted. Think about the work of sifting through thousands of write-once offline backups, be it tapes or CDs or whatever, locating the data, copying the original minus the data and destroying the originals. If that's not hard enough, what about data that's not in discrete files. Say there's a PostgreSQL database that's zipped and spans a thousand peices of physical media. The only way to delete a record is to load the whole database then redump it. And don't forget about regenerating all the index files. And dealing with obsolete file formats.

This sounds like a stupid problem, but in reality it is really tough to delete something and be certain that you've got it all.

Re:No joke, it's hard

[petrossa]

And, the Netherlands have about the most all encompassing citizens database on the globe. So all data is cross referenced all over the place amongst databases of all civil governmental and semi-governmental agencies . It's so vast that indeed it's not only hard, but virtually impossible to remove data completely. As an example: The colour, structure and density of pubescent children is stored. All this data is directly accessible via the misnomed 'Citizen Service Number'. We dutch tend to call it the 'Citizens Spying Number'.

Re:No joke, it's hard

[Sycraft-fu]

I think what it is easy to forget as geeks is just how hard everything works to keep data. All our technology is designed around the assumption that you never want to lose any data. Thus completely removing it gets harder all the time.

As another example snapshot backups are now real common. NetApps can be configured, and often are, to take periodic snapshots of your data. That way, if something is accidentally deleted or modified, there are point in time shots to go back to. Likewise Windows Vista and 7 now keep revisions of files automatically. If you change a file, a new version is written and the old one is kept, by default, so long as there's free space on the drive.

Now none of this is stuff you can't turn off or remove but it is all stuff that adds to the complexity. Just deleting the file, and even overwriting it, doesn't necessarily do it. The computer may still have a copy. It is designed such to try and keep you from losing your data accidentally.

None of this is to excuse the government, if they have a requirement to delete these things they need to work out a way to do so, however that doesn't mean I don't sympathize with the problem. It isn't trivial to ensure all copies have been delete and have been done so in a provable fashion.

This is why when we surplus old computers, the harddrives never go with. They are taken to be wiped and/or destroyed later. We are just not interested in screwing around with making sure the data is gone and then screwing that up. Instead a simple visual inspection tells you there is no data (since there are no drives).

Wish i was surprised...

[Veneratio]

But im not, really. Having worked for the Dutch police twice now, I can safely say that the majority of their IT staff are completely clueless. A few years ago they "outsourced" their IT to a seperate entity to handle all their IT, but this entity was staffed mostly with the people they already had, so there wasn't any actual increase of knowledge (as far as I could tell). They got a nice fat bag of money and an unclear manifest, all paid for by us - the Dutch taxpayer - and this is what we get.

The Netherlands: No privacy, no competence and instead of capable beatcops we get highway robbery in the form of a cop with a lasergun having his daylong break sitting behind a bush next to our highways. And they wonder why the populace is starting to hate law enforcement.

Do yourself a favor and do a search on Google for "C2000", another one of the Dutch police success stories.

I could weep. Or well....puke really.

Re:Every knows

Whatever his mental state, according to the official numbers (which don't include the secret service) in the Netherlands the number of wire taps is over 10 times that of the number in the US and we've only got 15 million people...

Lawyer client privilege

[Kupfernigk]

I don't know if the law is different in the Netherlands, but in the UK if the client tells the lawyer that he did do it, he has to either find a new lawyer or agree to plead guilty and present mitigating circumstances. A lawyer is not allowed to tell actual lies in court.I doubt it is different elsewhere in the EU.

Re:Lawyer client privilege

[Hognoxious]

I don't know if the law is different in the Netherlands

Since most of mainland Europe uses the Napoleonic legal system then yes, it is.

A lawyer is not allowed to tell actual lies in court.

Apart from summing up[1], lawyers[2] ask questions which by definition are neither true nor false. It's witnesses who answer them, under oath.

[1] And from what I've seen, they always talk in a strange indirect manner - "we have shown that...", "if foo then you must acquit", "witness X's testimony is unreliable" etc. They never actually say that he did or didn't do it.

[2] Using that as a blanket term, since solicitors can sometimes appear in court now.

Re:Lawyer client privilege

[brillow]

Lawyers in the US cannot lie either, nor can they knowingly prompt clients to lie. They cannot allow clients to testify information they know to be false. There are ways around this however, as only the client and lawyer know about the lie, its easy to hide and I imagine its done all the time. The client can also recant the truth they made to the lawyer and the lawyer can then claim they believed it (though if they end up in front of a bar they will have to be pretty persuasive in why they beleived the 2nd story and not the first.) >What about: I find out the intimate details of what you and your client were talking about on the phone and then use those details to dig deeper and >find evidence I never would have without that phone call? Then I turn up in court, destroy your case, have nothing but hard evidence and you have >no way of knowing that I used your taped conversation to do so (and probably couldn't prove it even if you thought that). Youd have to be pretty persuasive, evidence obtained through illegal means is itself inadmissible. Search a house without a warrant and find a dead body, and you get a murderer that walks free. It would be difficult to find physical evidence in this manner due to chain of custody. If youheard a call explaining that the gun was buried in the woods, and went and found it, a judge would want to know how you knew to look there. If you were pointed to evidence, like bank records etc, that would be easier. However, a prosecutor would be stupid to try this unless it was perfectly air-tight. That kind of misconduct (at least in the US) can give retroactive grounds for appeal for every case they've done, it would unwind much justice. Not to mention your career would be over and you would probably serve some jail time for contempt.

Re:Lawyer client privilege

[Bredero]

Well obviously the law is different since it is a different country. In the Netherlands talks between clients and their lawyers are private (dutch: beroepsgeheim; lit. professional secret). This obligates lawyers to secrecy and they do not have to incriminate their clients even in court. This means that the defendant, their next of kin and his or her lawyer do not have to testify. A similar secrecy obligation applies to healthcare professionals for obvious reasons.

Delete, Remove, & Drop

[blavallee]

For those who are offering commands to get rid of the data, you need to understand the why they will not work.

This issue is that the storage system used is designed is such a way that you CAN NOT modify any data once it is written to the disk.

Once the data is written, it can not be modified or deleted. Now, the reasoning behind this is so the police can not digitally manipulate the timestamps or data in any way. This is to protect the integrity of the data so it can withstand legal challenges.

They are faced with a 'catch 22' situation. If they can figure out a way to delete a 'prohibited conversation' they could theoretically modify the data too. Opening up the possibility of having a criminal conversation being invalidated.

Re:Delete, Remove, & Drop

[JesseMcDonald]

If they can figure out a way to delete a 'prohibited conversation' they could theoretically modify the data too.

Technically there is no need to make the conversations themselves immutable. You just need to be able to verify that the recording you have is the one which was originally recorded. A one-way hash can serve this purpose. For each recording, store the conversation itself in an erasable/mutable medium, but record a hash of the conversation in append-only storage (with multiple distributed backups). If you need to show that the recording is legit, compare it with the hash. If you need to delete something, record the deletion in the append-only medium and then remove it from the mutable storage. The hash will remain, but you can't use the hash to obtain information about the conversation without the original recording.

Bonus: You can recognize unauthorized deletions by comparing the mutable and immutable records.

Dutch justice...

[AlXtreme]

Over the past few years quite a few criminal cases were lost exactly because of this problem. In Amsterdam a huge case against Hell's Angels went south in 2007 (everyone was set free) because they didn't destroy tapped recordings with attorneys. Last year it happened again (dutch links, sorry).

I hope someone got canned because of this, but given our incompetent justice department I really can't see that happening. Phone tapping has reached epidemic proportions over here (highest number of taps per person in the western world), as it's much easier than actually investigating a case based on given evidence.

Funny that this is the second article on our incapable justice system within a day on /., go us \o/

Conspiracy theory

[chrb]

It's a well-known conspiracy theory: that Mossad has created Telco front companies throughout the world to spy on other nations. See The Israeli Spy Ring, which talks about the Fox News articles, and another typical story. Of course, a conspiracy theory doesn't make it true...

What then do you call Law Society members?

[Kupfernigk]

Members of the Law Society are lawyers. I have both branches of the profession in my family, and I think I know the difference. At the level of criminals stupid enough to tell someone they did it, the solicitor will typically be representing them in court as well. At higher levels, the solicitor cannot be told by the client the he did it and withhold this information from the barrister.

However, your post is utterly uninformed. Solicitors advise clients on law in lower courts. In higher courts barristers will more usually do the work. Commercial clients who don't like solicitor's advice will frequently try to get advice from a QC - a senior barrister - in the hope it will persuade their boss to go on with the case, hence my father's oft-repeated comment to clients "You can have counsel's opinion and it'll cost you £30000, or you can slip me £15000 and I'll tell you that it's 50-50 for half as much."

Re:WORM drive

[alexo]

When I worked at fortune 500 company we had these Write Once Ream Many [sic] dive systems to record images of contracts.

What company was that? Goatse?