Slashdot Mirror
Dutch Ministry Proposes Powers For Police To Hack Computers, Install Spyware
hypnosec writes "The Dutch Ministry of Justice and Security has proposed some rather over the line measures and wants to extend such powers to the police that would allow them to break into computers and mobile phones in any part of the world. According to the proposal (PDF in Dutch), dated October 15, the ministry has asked for powers that would allow police to not only break into computers, but also allow them to install spyware, search for data in those computers, and destroy data. As explained by digital rights group 'Bits of Freedom,' which obtained the copy of the proposal, if the Dutch police get such powers, the security of computer users would be lessened and there will be a 'perverse incentive to keep information security weak.'"
This sounds a lot like the idiotic stuff formulated in the preliminary list of internet security legislation that was posted two months ago.
Fuck you.
I'm American and ignorant of the Dutch system, but isn't this the kind of thing a court would grant permission for on a case-by-base basis?
But what do I know?
I'm sick and tired of seeing these new laws proposed almost weekly! What the heck is going and who is pushing towards all these new law propositions for allowing breaking into users computers, reading their email, tracking all activity and attempts at controlling the internet.
I wont allow these bastards who know nothing about how things even work to control this network of ours. They are trying take away our basic freedom all the time to communicate freely. They know that free speech is harmful for the powers that be. Enough already!
I call all sysadmins and network administrators to start opposing these law enforcers! We have the power to make the change. We are the ones who install these rules into production, and we are the ones who can stop this madness. And those who continue oppressing us, know this: f*ck you! You will not win. Give up already and let's try to work together instead of assuming everyone is a damn terrorist.
GeoKone.NET
What happens if the police do actual damage to important infrastructure. Either civic or private?
Or if police introduce a vulnerability that allows the above?
Don't mess with active systems.
This is what happens when 1) make mundane activities (like saying something cheeky online) illegal, and 2) insist that law enforcement do something about it.
Law enforcement says " I need to do X to accomplish Y." Government and public supporters say "ok, just crack down on Y for us, ok?"
Later, government says "cracking down on Y isn't enough! We have to make W P and Q illegal, and work to stop that too, to keep our citizens safe!" (Where "safe" is a ephemeral and impossible goal, like achieving lightspeed. Each increment toward the goal comes at exponentially higher costs, and you can never actually get there anyway.)
Law enforcement says "we need all kinds of expanded powers for that!"
Rinse, repeat, until people need licenses to speak, wear only government sanctioned clothing, are put on government regulated diets, and live with a swarm of automated security drones following them everywhere.
"To infinity and beyond!" Takes on a sharply malign connotation here.
The initial problems are less severe than the consequences of policing it. Rather than capitulate to further erosion of rights and libertis, we should just say no.
1984 Reloaded
What are they going to do? They'd be screwed, right? I've recently thought about building some kind of virtual honeypot fronting as my connection to the outside world, with nothing actually sensitive in it. If someone broke into it, it would be so much fun to play games with the attackers.
Ezekiel 23:20
Solution: Anonymous? Please (pretty please, with a cherry on top) post a few pictures of The Prophet Mohammed on this guy's Facebook and other personal web pages, maybe on the Dutch Ministry of Justice and Security site too. Thanks.
Why not just sit a policeman near every computer in Holland?
OH THAT WOULD BE RIDICULOUS
They would have to somehow get me to run the program on my computer first. Good luck with that.
Privacy is over rated unless you have something to hide.
How is this any different than allowing police to break into homes and install covert cameras? Do they already allow this?
It is pitch black. You are likely to be eaten by a grue.
I can remember a time when the Netherlands was certainly the most laid-back, uncritical country in Europe - possible the world.
Will be illegal to use safe, hack proofer operating systems? Will need to have commercial operating systems some kind of mandated government backdoor to have a chance to be used in Germany?
And there is the problem that if you leave a door for government, even if you trust blindly on them (and in the next government and all the people involved in this), others could eventually use it
We have police to stop crimes, not to commit them. What this dude just did, was proposing the commit of a crime at big scale.
-Woof woof woof!
Provided that no data found on any computer can ever be used as evidence in court. Cause nobody knows who actually put it there...
A question heard is why?
Because Dutch law already allows most of the proposed access under present regulations.
Contrary to often referenced US law Dutch law is written in general terms, we regulate official/police access to 'the home' and that includes things like telephone or internet and a judge can allow such access right now.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
This message was brought to you by People's Party for Freedom and Democracy: http://en.wikipedia.org/wiki/People's_Party_for_Freedom_and_Democracy
Main force behind these kind of laws/proposals are always the parties that have Freedom (to limit others) in their name (we have a couple of them) or from a Christian background (we know that is good for you plebs).
Good thing a country like Iran doesn't want to do this!
Sorry, but gray text on gray background is making my eyes bleed.
...and the guy that proposed this is a total nitwit (1).
Nothing to be excited over, this is all grandstanding
to mask (1).
Your observation is, in fact, a trope: http://tvtropes.org/pmwiki/pmwiki.php/Main/PeoplesRepublicOfTyranny
FreedomBox is the answer!
And for a thought-provoking treatment of the issues, for sci-fi fans (or freedom fans, really), consider reading Cory Doctorow's "Little Brother", downloadable for free.
"Ahh! I see you're in that indeterminate Schrodinger state where - oh, uh
Oh gods yes... VVD is the worst of it all because they have power. VVD = People's Party for Freedom and Democracy. But the PVV (Party for Freedom) are the ones that Wilders is using to spew his nonsense. Actually.. they split off from the VVD, so it's all the same anyway. I'm just glad Wilders didn't get to be the prime minister through the VVD somehow, I guess..
We've also got the CDA (Christian-Democratic Appeal, I guess?) that was in charge at the time the RFID-enabled mandatory ID cards were introduced... Well, I guess that's about it for Christian or Freedom. But there's been a few more, just as evil.
"search for data in those computers, and destroy data"
So they're giving the police the power to destroy evidence? Sounds more like the ministry wants to use these powers to hide their own crimes.
HACK THE PLANET!
Restore the madness of youth's lechery
I don't think this foolish proposal by somehow elected clown Opstelten will ever pass in the next dacade. However, if it does happen after all, we (and the rest of the world) should count ourselves lucky that the Dutch police are on average equally competent in ICT as they are in rocket science.
and how exactly is this not effectively an ACT OF WAR??
I would think that if they are not very very careful %other_nation% might object very forcefully.
Also if they are mucking around with the files on a computer what is to say that they are not going to PLANT evidence??
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Here in the US, that's already happening. Everybody I know just assumes that malware could be installed by spammers, police, or anyone else, and runs client-side firewalls to detect any unauthorized outbound connections or other funniness. In terms of security, it doesn't matter who the spyware is being installed by - you take steps to repel it should it ever happen.
I don't understand how the ire of government sponsored hacking makes information security less secure? If anything it would seem to me to improve it.
If a government is actually willing to burn an unknown capability under a "think of the children" banner the outcomes I see:
1. Vulnerability will become known and patched by vendors making all systems more resilient to attack.
This means the vulnerability may no longer be useful should it really be needed such as the need to take covert action against unfriendly nations.
2. Intrusion may be detected by the accused tipping them off to government investigation.
Obviously the above does not prevent governments from encouraging inherently insecure systems from being deployed yet at the same time the cybersecurity war drum is beating and industry is under incresing pressure to improve security.
From the google translation of the proposal nothing is said about key escro or otherwise demanding systems be inherently insecure.
at least in the US that is actually very True.
While the Justice department shares legal code with the Department of Defense if you are in the military then you go before the Judge Advocate General and they use the Uniform Code Of Military Justice.
true fact a guy in the process of doing a crime could choose which court he wants by making sure he does/does not wait until he is separated from the military.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
So, some Dutch bureaucrats want to give their cops the authority to commit acts of war? Who do they think they are, the USA?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
http://www.google.com/url?sa=t&rct=j&q=&source=web&cd=1&cad=rja&ved=0CB4QtwIwAA&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DIRfluaMKoOY&ei=s9GBUJ-yEorG0QX864CgBQ&usg=AFQjCNF19tP_HhAF6GLxvQRq1fFV-Cr2sQ
Serious, if a computer is
a) So easily broken into
b) Now infected with spyware
How could evidence from it not be considered tainted?
So far on the list...
Most of China
Most of Eastern Europe
Africa
Soon... the Netherlands....
Guess I'll add a whole new set of ip ranges to be banned. China and Latvia are already blocked, dutchland will now too.
No, i'm not aware of proxy. Pretty soon, i'll allow no other country but mine to talk to my home router. Fuck all y'all
For the Police to be able to successfully install spyware and hack into computers, the security software providers must include some back door entry into the system, for the Police to use. Otherwise their software will block their attempts, just as it would with any other hacking attempt. Now, knowing that there is a back door entry for Police use embedded into user systems, any sane hacker will set out to attempt to somehow use these back doors in their exploits. And no matter how secure this entry would be, some will succeed and the whole idea of making life in the Internet safer, will backfire badly.
When they want to make IPs and patents profitable, they make the borders between countries sacred, and any attempt at crossing those is "counterfeiting" or IP theft or unlicensed use.
But when it comes to spying on the citizens, suddenly we are a global village, where a Police force of one country can freely penetrate a computer of a citizen of another country, and snoop on them, or even erase their holiday photos if they feel like it. So which one is it? Are we a global village, or a group of separate countries?
At least we're not The Netherlands!
Solution: FIX THE HOLES!
The problem here is not that the government can legally 'hack' (take advantage of vulnerabilities to gain unauthorized access). It's that we are reliant on insecure and vulnerable software. We should not try and govern the Internet. 'hacking', piracy, pornography, hate speech, and other communications should run rampant. If you don't want to see, hear it, or use it don't go looking for it. Freedom of association and communications should be a right held above all others.
What makes you think the US is not already doing this?
Have two computers one for using the internet and keeping basic software, also for downloading (laptop) And another that stays offline.. It is pretty laughable the Dutch are doing this, of course the question is if the "Big Media" have pushed for something this extreme?
When those charged with our safety and protection, ask for the right to commit crimes and atrocities against the very people whom they're deign to protect, it is fair to say the machine is broken. The appropriate answer to this request is "HELL NO!!! Are you smoking crack!!! You can't enforce the law by wiping your ass on it, and you can't protect liberty by gutting it. NO, HELL NO!!!!
Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware
In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87
How many rootkits does the US[2] use officially or unofficially?
How much of the free but proprietary software in the US spies on you?
Which software would that be?
Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.
How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?
If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?
I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:
APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.
Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.
The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.
Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.
Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT
.. any politician who is in support of increased intercept powers with lesser controls MUSt agree to have these applied to his or her own life for a period no shorter than a full year, and the results published.
If that test year worked, maybe it's worth considering. If they are not prepared to do that, it means that there are problems with the law which means any OTHER citizen should not be exposed to it either.
Please feel free to post improvements, but in a democratic state I think some more direct control over politicians and the state is warranted.
Oh, sorry, did I use the word "democratic"? Yeah, sorry. My bad.
Insert
Since hacking into others computers is against the law, then the people trying to over ride this law should be arrested for treason and arrested as spies. Installing anything in anyone else's computers without their express permission is a direct violation of a persons rights of privacy. These people trying to get these powers should be arrested right now...not later.....They have already violated the peoples rights to privacy by even coming public with this line of thought. Maybe Anonymous should hack into their computers and make public what he finds. I bet they are hiding all kinds of illegal things on their computers. Arrest them for trying to become spies of their own people. They must want a war between the people and the government. Privacy is privacy.