The Dutch government is proposing a bill that would allow the government to hack anyone’s computer – including those located outside of the Netherlands. The bill was signed by Ivo Opstelten and published.
There has been no shortage of hacking going around in the last few years, but is it right that government officials be allowed to do it? That’s the kind of question that is floating around in the Netherlands right now as the Dutch government has proposed a bill that would allow authorities to do just that – including for those users who are located outside of the country. From ITWorld:
Encryption of electronic data is increasingly becoming a problem for the police if they want to place taps, the draft reads. Services like Gmail and Twitter use standard encryption and many other services like Facebook and Hotmail provide encryption as an option while some smartphones automatically encrypt communication, it said. Moreover, services like Skype, WhatsApp and VPN-services can easily be encrypted.
Right now, the law enforcement agencies do not have the ability to adequately cope with encryption during criminal investigations, and this needs to change, according to the bill.
Another problem is tackling distributed denial-of-service (DDoS) attacks that recently have been used to cripple the online services of Dutch banks and DigiD, an identity management platform used by Dutch government agencies. Criminals can use botnets paralyze vital parts of society and law enforcement needs better measures to deal with them, the bill’s authors argued.
The bill also aims to force suspects who possess child pornography and suspects who are linked to terrorism activities to decrypt files on their computers. Ignoring such a decryption demand can lead to a maximum penalty of three years imprisonment.
This raises a number of interesting questions. An overarching theme here is that it appears as though Dutch authorities would be exerting local laws and applying them to everyone in the world. This is extremely problematic because what might be legal in one country could be illegal in another country. On what authority does anyone acting on behalf of the government attack another individuals computer if their activity is technically legal in the country they reside in?
Another troubling question is this: does this mean that citizens should fear the government as well as individual criminals who could be hacking into their computers? An even murkier question would be: What roll do anti-malware companies play in all of this? If there are exceptions put in place for government investigation in the software itself, what is there to stop the criminals from getting their hands on these exceptions and utilizing them for criminal purposes?
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
There are plenty of other ways looking at this latest move, but those are a few ways of looking at it.
Similar idea’s were being floated by the French government in 2009. The proposed bill back then was known as LOPPSI 2 which would allow authorities to upload malware to an individuals computer. The debate, at the time, was certainly fierce, but the bill eventually made its way to the Constitutional council which invalidated some of the provisions (French).
We’re not sure what the odds are on this bill passing, but it’s certainly reasonable for some to be troubled by it.