Slashdot Mirror
Dutch Bill Seeks To Give Law Enforcement Hacking Powers
An anonymous reader writes "The Dutch government today presented a draft bill that aims to give law enforcement the power to hack into computer systems — including those located in foreign countries — to do research, gather and copy evidence or block access to certain data. Law enforcement should be allowed to block access to child pornography, read emails that contain information exchanged between criminals and also be able to place taps on communication, according to a draft bill published Thursday and signed by Ivo Opstelten, the Minister of Security and Justice. Government agents should also be able to engage in activities such as turning on a suspect's phone GPS to track their location, the bill said. Opstelten announced last October he was planning to craft this bill."
What is good for the goose must be good for the gander. This is a clear green light.
Ah good - they've been paying attention and made sure to include the good ol' "child pornography" bit in the list of reasons as justification for breaking into someone else's machine. No bill can be taken seriously without that think-of-the-children element added to it.
they would still be criminals in the other countries. might be troublesome if they plan to travel, while having wire fraud and computer crime charges on their heads...
and well, they're part of the eu so that too, might be unavoidable to remain and not extradite to other eu countries.
world was created 5 seconds before this post as it is.
Really no difference to Chinese state-sponsored hackers. For anybody else, these people are just an (advanced) persistent threat, as they will not go to jail if identified, at least not in their own country. Treat them no different than any other criminal hackers from a different country.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The key word is suspect here. Not a convicted or tried person that has been found guilty.
Cool, so now they can program flashy new code and release it under a free software license. Perhaps even do some hardware hacks, like make your cell phone a bat detector!
https://en.wikipedia.org/wiki/Hacker_(programmer_subculture)
The white hat, grey hat and black hat experts will be all over this.
Identify the product sold to the police, how its injected into a users OS.
How to protect, what it phone homes too....
This was tried in Australia in the past:
http://www.smh.com.au/technology/security/hackers-break-into-police-computer-as-sting-backfires-20090818-eohc.html
i.e. just a "phone home" computer in suburbia.
But will some consumer OS be enough the Dutch? Or will they need to link to Big Iron?
or 100's of empty rented homes with a few desktops running day and night?
Domestic spying is now "Benign Information Gathering"
The Netherlands has seen some high profile DDOS attacks on both its banks and a government service that allows login to government sites (DigiID), The re emerging of this idea is therefor no surprise. It has not been successful so far.
The reason is simple, Americans might complain about the two-party system... well... we got about a dozen. And not all that different in size either. Our current government is "VVD" (Think business rules all democrats) and PvDA which used to be the labour party (socialist) but only if you think Blair was a socialist.
And that is just the politicians. VVD is often the socially acceptable extreme right wing party (same as Republican is the socially acceptable alternative to the KKK) and many a PvDA member is still red and jealous of the red of the SP (Socialist Party).
You can possibly imagine there is some strive, not between the politicians perse but in the fight for both parties to keep their members believing their party is still their party. An example is the current attempt to make being present in Holland illegaly, illegal... it is part of the agreement between the two ruling parties BUT the PvDA has a hard time selling it to some of its backers. (PvDA is really a mix between the Blair type, hard-core sociasts (who were against immigration to begin with) and bleeding hearts, constantly fighting over who is the REAL PvDA).
To understand Dutch politics you got to look at its drugs policy. Blowing, smoking pot, isn't actually legal, it is condoned. But mayors (responsible for the police in their city) want to combat excesses like drug dealers near schools. So they introduced local ordinances to ban selling in some areas.
HOWEVER, Dutch law prohibits the passing of local laws that make things illegal that are ALREADY illegal to begin with. Smoking pot is already illegal so you can't pass a local ordinance banning it near schools. BUT it is also condones, so you can't act against it either. Meaning drug sellers actually won a court case banning them from selling in some areas...
Remember Americans, you might not like your two party system but are you ready for a system in which EVERYONE must be kept happy/miserable?
This new law has little chance, it is just a way to get in the papers.
I'm interested in hearing your views on US based government sponsored hackers. Should they expect to be arrested and jailed when travelling to the EU as well?
If not, why not?
Such plans are always extremely controversial and there is so much to consider, seeing as how a)hacking is hacking, i.e., illegal; b) there is an ever finer growing line between that and the methods law enforcement, at least in this case, aims to use to prevent crime or gather evidence; c) on the other hand, criminals are going to keep using the web and new technology just like everyone else... so the question mark is of course hanging between protecting citizens' privacy and identifying those online accounts, communications etc. that really do need to be examined? There's also the point of hacking in to accounts located in foreign countries - doesn't that involve some interaction with laws of said countries, not just basing actions on the Dutch bill alone?
If the hack is at such a level that they have system write access (e.g.. to place taps on communications) then the defence case has a much stronger case just by asking whether the the same channel could be use to plant evidence, whether by the law enforcement agency or by a third party.
This sig is a figment of your imagination.
I've never trusted Dutch Bill.
And the same politicians will wine "that never again" on liberation day (May 5th).
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
Good point. And please consider that like the Chinese (but unlike European surveillance), they have a history of forwarding commercially sensitive information to their home companies.
Surveillance can be justified by safety concerns, but using the results for other purposes cannot.
- The proposed bill gives police the right to hack -- in collaboration with local authorities if the location of the server is known.
Basically: only unknown server location might involve hacking not allowed by local jurisdiction.
- The proposed bill allows the police to place spyware on suspect's PCs to eavesdrop on e.g. Skype.
- There is apparently a clause to require decryption for child terrorists / porn suspects. Punishable by up to 3 years jailtime.
The second one is bad enough, but the last one ticks me off. They just claim you're a terrorist suspect (and, frankly, the way governments have been treating their populations: who isn't?), and then either you decrypt or you end up in jail.
And I really doubt anyone will say "oh, you were a child terrorist suspect, never convicted." I think they will say "you served 3 years in prison for pornography."
I thought WW3 was supposed to be starting somewhere in the Middle East? If Dutch cops think they can hack around the globe - and announce they'll be doing so whenever the mood takes them - won't that upset any country who has already stated that incoming hacks will be treated as an act of war?
They must be smoking some good shit there these days!
It has been argued that one of the real reasons behind this bill is the lack of resources with the police to follow-up all the now already available means of tracking down offenders. Appearantly, it is much cheaper to use hacking tools than to do some old style research and detective work. Or at least that is the impression given by those marketing these hacking tools.
I mean, sorry, yeah, it's a felony, but we've authorized our people to do this. No we won't extradite our police officers to you, ...
What makes me really wonder about this in the context of the EU warrant, I mean, compromising computer security is a felony everywhere, so by the rules of the EU warrant the NL would be required to extradite their own police officers?
Sadly, I have to admit he IS just that stupid.
He's been busy trying to kill privacy while turning a dozen bureaucratic police corpses into a single grand paper mill with vast investigative powers and near-zero investigative ability. Percentage of crimes solved is historically low. Priority appears to be crimes that aren't (example: 440 man DAYS burned on a single 4Chan message of a schoolkid threatening to set his school on fire), as well as traffic violations (effectively turning the police into an extended tax collection agency).
Sadly, he's not going anywhere until the next elections.
"... give the the power to hack into computer systems ..."
Why stop there?
They should also give them the power to leap tall buildings, x-ray vision, run faster than a speeding bullet. I mean if we are talking about legislating that they be able to do things they are innately incapable of doing, why just stop at the ability to hack?
Nah,
All that will happen is a nice cosy cooperation between police forces, they'll even hack on behalf of each other to get around little local laws.
You won't see any dutch police prosecuted the way you would see a dutch citizen prosecuted if they did the same thing, and broke the same laws.
What is missing in the article is that the same hardline minister also put in that law the option for the prosecutor (not even a judge, just a prosecutor with a vested interest in a case) to order a suspect to decrypt encrypted files, punishable by max. 3 years in prison if he does not comply. It remains to be seem what the judges will do with "I forgot", or "I destroyed the keyfile" or "there is no hidden volume". So he leaves the inconvenient "not guilty until proven guilty" and "you have the right to remain silent". This could be overruled by the European court for the human rights but that takes a lot of time.
Really no difference to Chinese state-sponsored hackers. For anybody else, these people are just an (advanced) persistent threat, as they will not go to jail if identified, at least not in their own country. Treat them no different than any other criminal hackers from a different country.
I think that issue here is that law enforcement can use evidence obtained by hacking to prosecute someone. State-sponsored hacking, be it Chinese or American, is used to gather intelligence, but is clandestine by nature and cannot be used as evidence... well, at least in the criminal justice system. Who knows what "secret evidence" is introduced in the kangaroo courts used to try suspected terrorists... As someone else pointed out, the reason behind this bill is probably that it is cheaper to obtain evidence by hacking, but since it's currently inadmissible--because it's illegal--they have to use more expensive, conventional routes to obtain digital evidence.
Actually, I wrote my thesis on life experience.
Allow me the honours: "How could this ever possibly backfire?"
There, it has been said.
Yes.
Next question?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If you are a convicted ~hacker fresh out of prison looking for work..
This would be no different than any other state sponsored criminal activity like Chinese hackers, only the Dutch do not have the military might of China to make it "legal". Many nations might consider this an act of war. If this passes the Dutch government needs to be declared a rogue nation and have heavy UN economic sanctions levied against it.
Think of it as a public service announcement. This is a government's way of reminding everyone that their computer systems are broken, broken to the point of shocking negligence. When their left hand (law enforcement) does this, it just means you need to ask their right hand (regulators) what they're doing about the known serious problem.
If the government can successfully ask your phone to power up and query GPS and tell them where you are, anyone can ask your phone to tell them where you are. That means your phone has defective security.
Time to ask: who knew what, and when?
Whether the government abuses this flaw or not, you had the problem anyway. The government abuse makes it explicit that the problem exists, in a way that's understandable by laymen rather than just specialists.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It will get out of control and we'll be lucky to live through it!
Honestly, it's as if a bunch of Gestapos have bred and then wandered across the borders. WTF?
Oddly, there aren't any US Government sponsored hackers or they are so good as to not be detected at all.
There is one more option of course, which is likely to be the correct one: There is no need for any, as corporations give information away freely.
If police need to break into computers as part of their job, will computer security (firewalls/anti-virus/etc) be considered "obstructing a police officer"?
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Surveillance can be justified by safety concerns
What? What sort of surveillance? Warrantless?
Filthy, filthy copyrapists!
I freakin' knew Beatrix shouldn't have resigned!
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
What's to stop someone from creating honey pot systems, with lots of phony emails, files, encrypted drives with incriminating fake evidence against politicians, etc.
Prosecutor - decrypt that drive Mr Prime Minister or else.
Prime Minister - what drive?
Think of the possibilities.
They should definitely be arrested and punished. Same the other way round. Allowing "hacking" by states is the road to hell for IT security, no matter whether domestically or abroad.
One problem is that government agents are almost never trustworthy or honorable. The other is that they are universally incompetent. For example, one incarnation of the German "Bundestrojaner" left those spied upon wide open to other attacks. Faked and manipulated digital evidence provided by the authorities is also already a widespread problem.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You need to differentiate a bit more here. The US intelligence community is explicitly allowed to do industrial espionage and provide the info gained to the US industry (no solid evidence available). Same for the French (stole a large contract for high-speed trains that way). I think in Germany and Switzerland, they are forbidden to do that (but no guarantees they don't do it). No idea about the rest of Europe, but don't expect these people to have honor or morale.
Bottom line is that any hacker trying to penetrate your system must be considered an enemy, no matter who pays for it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
There are US state sponsored hackers, it is just that nobody has any interest in outing them and I expect threats and bribes are well known in advance to all potential victims. Also, the US has a lot more experience at this and a history of paying other to do its dirty work. And no, corporation do not give out this type of information freely. In fact, they go to great length to protect it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
There's a HUGE difference between surveillance for safety and surveillance for corporate espionage which is illegal.
Yes, I am saying that what the USA does is illegal and anyone travelling to the EU faces the very real risk of being arrested and thrown in prison.
good luck navigating between the honeypots then :) stupid idea, lousy diplomacy, who the hell wants foreign police to be able to stick their noses in anything at will ? not even big government wants that, maybe especially not big government. Only good thing i see coming from that is more advanced scanners and blockers or maybe one that gives a clean image of a dekstop with a fish tank screensaver whenever someone tries to peek. Since standard police is usually renowned for its extensive education and knowledge of modern technologies some more advanced beings could just lead them round in circles by the nose while others just go on doing what they do. How the hell is a little country with 15 million people expecting to enforce the right to intrusion to all others. This is so stupid it sounds almost belgian.
Free speech was meant to be free for all... how can anyone grow up in a nanny state ?