Dutch government seeks to let law enforcement hack foreign computers

Dutch government wants to give law enforcement agencies investigative powers that involve hacking, installing spyware and destroying data

The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations.

In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the government's plan to draft a bill in upcoming months that would provide law enforcement authorities with new investigative powers on the Internet.

According to the letter, the new legislation would allow cybercrime investigators to remotely infiltrate computers in order to install monitoring software or to search them for evidence. Investigators would also be allowed to destroy illegal content, like child pornography, found during such searches.

These investigative powers would not only cover computers located in the Netherlands, but also computers located in other countries, if the location of those computers cannot be determined.

However, if the investigators can establish that a computer of interest is located in a foreign country, they will have to ask for assistance from the authorities in that country.

In his proposal, Opstelten used a case in which investigators from the Dutch National Police infiltrated "hidden" Tor websites that hosted child pornography, as an example of a situation in which the geographical location of the computers couldn't be determined.

The Tor network allows its users to set up so-called "hidden services" that are only accessible from within the network using special addresses. When accessing such a service, a user's connection is routed through several random Tor nodes, which prevents him from determining the real Internet Protocol (IP) address of the server hosting the service.

The Dutch police investigation referenced by Opstelten in his letter took place in August 2011 and two of the infiltrated Tor websites were hosted on servers located in the U.S.

The new legislation will provide strict safeguards for the proposed investigative powers, Opstelten said. Law enforcement authorities will only be able to exercise such powers when investigating offenses that carry a maximum prison sentence of four years or more and only after obtaining authorization from a judge, he said. Furthermore, all such actions will be automatically logged and the logs will be accessible for later review.

Cybercrime is a serious problem that needs to be tackled, but the proposed measures are not the right ones and they pose a serious risk to cybersecurity, Ot van Daalen, the director of Dutch digital rights organization Bits of Freedom, said Friday.

First of all, allowing police investigators to hack computers in other countries might encourage other governments to introduce similar legislation, but not necessarily with the same limitations, van Daalen said. "This could escalate into a digital arms race."

The proposed legislation would create an incentive for governments to keep software vulnerabilities secret because they would need to exploit those vulnerabilities to attack systems used by cybercriminals, van Daalen said.

There are already security companies and independent researchers that sell zero-day exploits -- exploits for unpatched vulnerabilities -- to governments instead of reporting the vulnerabilities to vendors. In addition, some governments have openly admitted to developing military cyberoffensive capabilities.

Van Daalen believes that expanding the potential use of such exploits by law enforcement agencies will help the zero-day exploit market grow, which in turn will result in fewer vulnerabilities being reported and patched.

Governments could also pressure vendors to delay fixing vulnerabilities, van Daalen said. An example of this was when the Dutch government convinced Microsoft to delay the blacklisting of the DigiNotar digital certificates on Windows computers in the Netherlands for a few days in order to allow the government to take measures, despite the fact that the issue represented a security risk for all Windows users in the country, he said.

"There's no doubt that there's already a growing (and disquieting) market in the for-fee disclosure and exploitation of vulnerabilities, and this proposal could certainly further legitimize it: the possible advantages in terms of action against criminals (leaving aside ethical objections) have to be balanced against the likely, deleterious effects on the community of Internet users as a whole," said David Harley, a senior research fellow at antivirus vendor ESET, via email on Friday.

Harley agrees with van Daalen that the proposed legislation could have a global impact. "It's not possible to guarantee that the effects of these measures will be restricted to criminal elements: if the proposal succeeds in its present form, collateral damage in terms of the application of monitoring and attack technologies could be worldwide," he said.

"Is it really feasible to take this approach effectively without breaching the sovereignty of other states? Even if agreement could be reached with other states on international legislation, does this proposal take into account the quid pro quo of giving foreign agencies such sweeping rights of access to the systems of its own citizens?," Harley asked. "It seems to me that there's a parallel here with the fact that many in the U.S. seem quite happy with alleged cyberespionage and sabotage against Iran yet show surprise and discontent that those claims have been used as justification for similar action by other nations."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Government use of ITsecurityMicrosoftBits of FreedomlegallegislationgovernmentesetExploits / vulnerabilitiescybercrimeCriminal

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?