Dutch Propose Powers For Police To Break Into Computers, Install Spyware And Destroy Data -- Anywhere In The World

from the mutually-assured-destruction dept

Techdirt readers with long memories may recall a fantasy proposal from Orrin Hatch that would have seen technological means deployed to destroy the computers of those who downloaded unauthorized copies of files. Of course, the idea was so ridiculous it went nowhere. Now, nine years later, a similar idea has turned up, but with a rather better chance of being implemented, since it comes from a national government: On 15 October, the Dutch ministry of Justice and Security proposed powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands. The plan of allowing the police to break into domestic computers and install spyware is bad enough, as the German experience shows. There, it turned out that the malware employed had such serious flaws that anyone could take control of a machine infected with it. But the idea of giving Dutch investigators permission to break into computers anywhere in the world is even worse. The article from the digital rights group Bits of Freedom, quoted above, explains why: If the Dutch government gets the power to break into foreign computers, this gives other governments the basis to break into Dutch computers which infringe the laws of their country. The end result could be less security for all computer users, instead of more. This is even more true with regard to the power to destroy data on foreign computers; it is likely that other governments would be very interested in using such a power against Dutch interests. Even totally law-abiding users might be caught up in this digital war: Furthermore, providing the government the power to break into computers provides a perverse incentive to keep information security weak. Millions of computers could remain badly secured because the government does not have an incentive to publish vulnerabilities quickly because it needs to exploit these vulnerabilities for enforcement purposes. It's not really down to governments to publish details of flaws, but it's possible they might be less inclined to encourage the public to patch them, if they want to use the vulnerabilities themselves. This would doubtless lead to criminals taking advantage of widespread holes in security, with personal data being stolen, and financial systems compromised.

All-in-all, the Dutch proposal has to be one of the most foolish ever presented by a government in this area, and shows the folly of trying to come up with quick fixes for the currently-fashionable issue of "cybercrime", instead of really thinking through the consequences. Let's hope calmer heads prevail, and the proposal is withdrawn.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: computers, netherlands, security, spyware, surveillance