Slashdot Mirror
Dutch Bill Seeks To Give Law Enforcement Hacking Powers
An anonymous reader writes "The Dutch government today presented a draft bill that aims to give law enforcement the power to hack into computer systems — including those located in foreign countries — to do research, gather and copy evidence or block access to certain data. Law enforcement should be allowed to block access to child pornography, read emails that contain information exchanged between criminals and also be able to place taps on communication, according to a draft bill published Thursday and signed by Ivo Opstelten, the Minister of Security and Justice. Government agents should also be able to engage in activities such as turning on a suspect's phone GPS to track their location, the bill said. Opstelten announced last October he was planning to craft this bill."
Ah good - they've been paying attention and made sure to include the good ol' "child pornography" bit in the list of reasons as justification for breaking into someone else's machine. No bill can be taken seriously without that think-of-the-children element added to it.
they would still be criminals in the other countries. might be troublesome if they plan to travel, while having wire fraud and computer crime charges on their heads...
and well, they're part of the eu so that too, might be unavoidable to remain and not extradite to other eu countries.
world was created 5 seconds before this post as it is.
Really no difference to Chinese state-sponsored hackers. For anybody else, these people are just an (advanced) persistent threat, as they will not go to jail if identified, at least not in their own country. Treat them no different than any other criminal hackers from a different country.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The key word is suspect here. Not a convicted or tried person that has been found guilty.
The white hat, grey hat and black hat experts will be all over this.
Identify the product sold to the police, how its injected into a users OS.
How to protect, what it phone homes too....
This was tried in Australia in the past:
http://www.smh.com.au/technology/security/hackers-break-into-police-computer-as-sting-backfires-20090818-eohc.html
i.e. just a "phone home" computer in suburbia.
But will some consumer OS be enough the Dutch? Or will they need to link to Big Iron?
or 100's of empty rented homes with a few desktops running day and night?
Domestic spying is now "Benign Information Gathering"
Yep, mod parent up please. Not that it'll do any good, I think it's probably too late to take back the definition of 'hacker' in the public mind. I think the only thing to do is use it in the original sense as much as possible to at least give it a dual meaning.
I get funny looks when I bemoan the lack of a hackerspace in my local area, but it does give me an opportunity to educate.
In a cybernetic fit of rage she pissed off to another age...
The Netherlands has seen some high profile DDOS attacks on both its banks and a government service that allows login to government sites (DigiID), The re emerging of this idea is therefor no surprise. It has not been successful so far.
The reason is simple, Americans might complain about the two-party system... well... we got about a dozen. And not all that different in size either. Our current government is "VVD" (Think business rules all democrats) and PvDA which used to be the labour party (socialist) but only if you think Blair was a socialist.
And that is just the politicians. VVD is often the socially acceptable extreme right wing party (same as Republican is the socially acceptable alternative to the KKK) and many a PvDA member is still red and jealous of the red of the SP (Socialist Party).
You can possibly imagine there is some strive, not between the politicians perse but in the fight for both parties to keep their members believing their party is still their party. An example is the current attempt to make being present in Holland illegaly, illegal... it is part of the agreement between the two ruling parties BUT the PvDA has a hard time selling it to some of its backers. (PvDA is really a mix between the Blair type, hard-core sociasts (who were against immigration to begin with) and bleeding hearts, constantly fighting over who is the REAL PvDA).
To understand Dutch politics you got to look at its drugs policy. Blowing, smoking pot, isn't actually legal, it is condoned. But mayors (responsible for the police in their city) want to combat excesses like drug dealers near schools. So they introduced local ordinances to ban selling in some areas.
HOWEVER, Dutch law prohibits the passing of local laws that make things illegal that are ALREADY illegal to begin with. Smoking pot is already illegal so you can't pass a local ordinance banning it near schools. BUT it is also condones, so you can't act against it either. Meaning drug sellers actually won a court case banning them from selling in some areas...
Remember Americans, you might not like your two party system but are you ready for a system in which EVERYONE must be kept happy/miserable?
This new law has little chance, it is just a way to get in the papers.
Such plans are always extremely controversial and there is so much to consider, seeing as how a)hacking is hacking, i.e., illegal; b) there is an ever finer growing line between that and the methods law enforcement, at least in this case, aims to use to prevent crime or gather evidence; c) on the other hand, criminals are going to keep using the web and new technology just like everyone else... so the question mark is of course hanging between protecting citizens' privacy and identifying those online accounts, communications etc. that really do need to be examined? There's also the point of hacking in to accounts located in foreign countries - doesn't that involve some interaction with laws of said countries, not just basing actions on the Dutch bill alone?
Exactly. When governments give themselves freedoms while taking the same freedoms away from their citizens, something is wrong. Unfortunately this seems to be de rigueur, lately.
If the hack is at such a level that they have system write access (e.g.. to place taps on communications) then the defence case has a much stronger case just by asking whether the the same channel could be use to plant evidence, whether by the law enforcement agency or by a third party.
This sig is a figment of your imagination.
And the same politicians will wine "that never again" on liberation day (May 5th).
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
- The proposed bill gives police the right to hack -- in collaboration with local authorities if the location of the server is known.
Basically: only unknown server location might involve hacking not allowed by local jurisdiction.
- The proposed bill allows the police to place spyware on suspect's PCs to eavesdrop on e.g. Skype.
- There is apparently a clause to require decryption for child terrorists / porn suspects. Punishable by up to 3 years jailtime.
The second one is bad enough, but the last one ticks me off. They just claim you're a terrorist suspect (and, frankly, the way governments have been treating their populations: who isn't?), and then either you decrypt or you end up in jail.
And I really doubt anyone will say "oh, you were a child terrorist suspect, never convicted." I think they will say "you served 3 years in prison for pornography."
I thought WW3 was supposed to be starting somewhere in the Middle East? If Dutch cops think they can hack around the globe - and announce they'll be doing so whenever the mood takes them - won't that upset any country who has already stated that incoming hacks will be treated as an act of war?
They must be smoking some good shit there these days!
Exactly. When governments give themselves freedoms while taking the same freedoms away from their citizens, something is wrong.
You mean like the ability to tax people?
Yep, mod parent up please. Not that it'll do any good, I think it's probably too late to take back the definition of 'hacker' in the public mind. I think the only thing to do is use it in the original sense as much as possible to at least give it a dual meaning.
I get funny looks when I bemoan the lack of a hackerspace in my local area, but it does give me an opportunity to educate.
You'll pay for your treachery! 1337 HAXOR spaces will be the fall of civilization.
It has been argued that one of the real reasons behind this bill is the lack of resources with the police to follow-up all the now already available means of tracking down offenders. Appearantly, it is much cheaper to use hacking tools than to do some old style research and detective work. Or at least that is the impression given by those marketing these hacking tools.
I mean, sorry, yeah, it's a felony, but we've authorized our people to do this. No we won't extradite our police officers to you, ...
What makes me really wonder about this in the context of the EU warrant, I mean, compromising computer security is a felony everywhere, so by the rules of the EU warrant the NL would be required to extradite their own police officers?
Sadly, I have to admit he IS just that stupid.
He's been busy trying to kill privacy while turning a dozen bureaucratic police corpses into a single grand paper mill with vast investigative powers and near-zero investigative ability. Percentage of crimes solved is historically low. Priority appears to be crimes that aren't (example: 440 man DAYS burned on a single 4Chan message of a schoolkid threatening to set his school on fire), as well as traffic violations (effectively turning the police into an extended tax collection agency).
Sadly, he's not going anywhere until the next elections.
"... give the the power to hack into computer systems ..."
Why stop there?
They should also give them the power to leap tall buildings, x-ray vision, run faster than a speeding bullet. I mean if we are talking about legislating that they be able to do things they are innately incapable of doing, why just stop at the ability to hack?
No, this is completely normal. For example, governments have a monopoly on violence (see wikipedia). Citizens don't have the freedom to shoot each other, for example. A police officer does have the right to shoot under certain circumstances.
This isn't something from the past few years. Governments have reserved certain rights to itself for many centuries, in order to maintain civil order and sovereignty.
So, it's also completely normal that the government reserves the right to hack into computers under certain circumstances. For example, permission from a judge is needed. You can compare this to a search warrent for a private home, also the exclusive right for the government.
This is your sig. There are thousands more, but this one is yours.
Lately? That's the dumbest thing I've ever heard. Every government in human history has enjoyed powers that were denied to individual citizens. That's pretty much the point of the institution we call a government. We don't want individuals making and enforcing their own laws or drafting people into private armies...
Life needs more saving throws.
http://www.smbc-comics.com/index.php?db=comics&id=2961
No sig today...
What is good for the goose must be good for the gander. This is a clear green light.
The bad guys have always abused other people's systems to steal data. Anyone who sets up systems connected to the internet should expect sustained attacks from the bad guys.
The only thing that is happening here is that the Dutch government is stepping out of the shadows and going 'Look at me! I'm a bad guy! I'm going to h4x0r j00 with my l33t skillz!' Personally I'd null route the entire Dutch government for this, they admitted an intent to crack other people's systems and steal data.
What is missing in the article is that the same hardline minister also put in that law the option for the prosecutor (not even a judge, just a prosecutor with a vested interest in a case) to order a suspect to decrypt encrypted files, punishable by max. 3 years in prison if he does not comply. It remains to be seem what the judges will do with "I forgot", or "I destroyed the keyfile" or "there is no hidden volume". So he leaves the inconvenient "not guilty until proven guilty" and "you have the right to remain silent". This could be overruled by the European court for the human rights but that takes a lot of time.
That's all fine and dandy as long as they are doing it to Dutch citizens. It's the same as searching a suspect's house, warrant in hand. The problems I can imagine arising from this bill will come when they hack into some foreign entity's computers. Jurisdiction, anyone? "Look boss, our suspect works for the American Department of Defense. Let's go hack the Pentagon!" Next thing you know, Amsterdam is bombed back to the stone age.
I disagree with your simile. It's more like the police getting powers to burgle (with a warrant) rather than knock on the door (and break it if nobody opens). You need an IDS to see what's going on, rather than being served with an order to hand over whatever data they think might suit them as evidence.
The same bill also adds powers to demand decryption. Make of that what you will.
So, as a US citizen who is my representative in Dutch government? I would like to send them a letter.
Really no difference to Chinese state-sponsored hackers. For anybody else, these people are just an (advanced) persistent threat, as they will not go to jail if identified, at least not in their own country. Treat them no different than any other criminal hackers from a different country.
I think that issue here is that law enforcement can use evidence obtained by hacking to prosecute someone. State-sponsored hacking, be it Chinese or American, is used to gather intelligence, but is clandestine by nature and cannot be used as evidence... well, at least in the criminal justice system. Who knows what "secret evidence" is introduced in the kangaroo courts used to try suspected terrorists... As someone else pointed out, the reason behind this bill is probably that it is cheaper to obtain evidence by hacking, but since it's currently inadmissible--because it's illegal--they have to use more expensive, conventional routes to obtain digital evidence.
Actually, I wrote my thesis on life experience.
I disagree on them being comparable. The inhibition threshold is much lower, comparable with "non-lethal" weapons vs. handgun use by police force. A policeman is much more likely to use a taser on a suspect than shoot him.
Since the average judge would see such a "hack" as something much less invasive than a search warrant, he's also more likely to grant it on flimsy, if any, leads. I'd fear that in very short time such hack attempts would be routine when you have some kind of suspect, to break into his computer. Also because such "searches" are far less noticeable. If the police would be doing searches left and right, you'd soon have people complain. With these "hack" searches, I'd highly doubt that you hear about 99% of them (because they didn't turn up anything).
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Yes.
Next question?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Think of it as a public service announcement. This is a government's way of reminding everyone that their computer systems are broken, broken to the point of shocking negligence. When their left hand (law enforcement) does this, it just means you need to ask their right hand (regulators) what they're doing about the known serious problem.
If the government can successfully ask your phone to power up and query GPS and tell them where you are, anyone can ask your phone to tell them where you are. That means your phone has defective security.
Time to ask: who knew what, and when?
Whether the government abuses this flaw or not, you had the problem anyway. The government abuse makes it explicit that the problem exists, in a way that's understandable by laymen rather than just specialists.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It will get out of control and we'll be lucky to live through it!
Since the average judge would see such a "hack" as something much less invasive than a search warrant, he's also more likely to grant it on flimsy, if any, leads.
That makes for an interesting double standard.
(Monday)
Cop: "Your honor, we'd like to hack into this guy's computer to see if he's a criminal."
Judge: "Meh, no biggie. Here's your warrant."
(Tuesday)
Cop: "We got him, Your Honor! Turns out he was hackin the webs and rippin the disks and things."
Judge: "Hax?!? On the computorz?! This for serious! 50 years in a federal 'pound me in the ass prison!' So let it be written. So let it be done. Also, bricks without straw because apparently for the purpose of this joke I'm also Pharaoh."
We don't have a state-run media we have a media-run state.
If police need to break into computers as part of their job, will computer security (firewalls/anti-virus/etc) be considered "obstructing a police officer"?
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Surveillance can be justified by safety concerns
What? What sort of surveillance? Warrantless?
Filthy, filthy copyrapists!
I freakin' knew Beatrix shouldn't have resigned!
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Bad example in any legal jurisdiction in which I've lived with one possible exception which only lasted 22 months. Except for those months spent in Switzerland, I've never lived where the law didn't allow me to use a gun (or other lethal weapon) to defend myself and others if I or they were under imminent threat of death or great bodily harm.
Funny how you seem to take for granted (and seem to agree with) a situation that many other Slashdotters complain is NOT the norm in the US while clamoring loudly for it to become the norm.
Explain to me then why this proposed law is needed. With a proper
warrant in hand, all they seek to do under the new bill is possible,
right now.
No Opstelten is a nitwit with a lot of time on his hands, and his
clueless mind wants to whistle even more to the tune of the United
Distaste of America.
Opstelten furthermore is a guy who without even being aware of
it (there's that dumbsullery again) operates on the principle of class
justice.
For those that don't know him: even the way he speaks is all upper
class pomp (and no content, as is usual for the phenomenon).
They should definitely be arrested and punished. Same the other way round. Allowing "hacking" by states is the road to hell for IT security, no matter whether domestically or abroad.
One problem is that government agents are almost never trustworthy or honorable. The other is that they are universally incompetent. For example, one incarnation of the German "Bundestrojaner" left those spied upon wide open to other attacks. Faked and manipulated digital evidence provided by the authorities is also already a widespread problem.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You need to differentiate a bit more here. The US intelligence community is explicitly allowed to do industrial espionage and provide the info gained to the US industry (no solid evidence available). Same for the French (stole a large contract for high-speed trains that way). I think in Germany and Switzerland, they are forbidden to do that (but no guarantees they don't do it). No idea about the rest of Europe, but don't expect these people to have honor or morale.
Bottom line is that any hacker trying to penetrate your system must be considered an enemy, no matter who pays for it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
There are US state sponsored hackers, it is just that nobody has any interest in outing them and I expect threats and bribes are well known in advance to all potential victims. Also, the US has a lot more experience at this and a history of paying other to do its dirty work. And no, corporation do not give out this type of information freely. In fact, they go to great length to protect it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
good luck navigating between the honeypots then :) stupid idea, lousy diplomacy, who the hell wants foreign police to be able to stick their noses in anything at will ? not even big government wants that, maybe especially not big government. Only good thing i see coming from that is more advanced scanners and blockers or maybe one that gives a clean image of a dekstop with a fish tank screensaver whenever someone tries to peek. Since standard police is usually renowned for its extensive education and knowledge of modern technologies some more advanced beings could just lead them round in circles by the nose while others just go on doing what they do. How the hell is a little country with 15 million people expecting to enforce the right to intrusion to all others. This is so stupid it sounds almost belgian.
Free speech was meant to be free for all... how can anyone grow up in a nanny state ?