Clueless Spanish Politicians Want To Join The Government Malware Club

from the dedicated-follower-of-fashion dept

As we've noted before, when it comes to the Internet, governments around the world have an unfortunate habit of copying each other's worst ideas. Thus the punitive three-strikes approach based on accusations, not proof, was pioneered by France, and then spread to the UK, South Korea, New Zealand and finally the US (where, naturally, it became the bigger and better "six strikes" scheme). France appears to be about to abandon this unworkable and ineffective approach, leaving other countries to deal with all the problems it has since discovered.

Now there seems to be a new craze amongst ill-informed policy-makers: the use of government-sanctioned malware to spy on citizens. We wrote about Germany's trojan software back in October last year. Australia's spies want the same capability, and New Europe is reporting that Spain too is planning to pass a law that will allow its police to install malware on the systems of citizens:

According to the article 350 of the proposed draft, prosecutors may ask the judge for "the installation of a software that allows the remote examination and without knowledge of the owner of the content in computers, electronical devices, computer systems, instruments of massive storage or databases."
The key concern raised for similar projects of other countries applies here too: intentionally placing malware on computers increases the risk that others will be able to take control of those systems thanks to vulnerabilities in the code. That's no theoretical issue, as evidenced by major flaws discovered in Germany's trojan software. But it turns out that Spain's proposed malware scheme has an additional bad idea:
Furthermore, the article 351 of the text explains that official agents may require cooperation from "anyone who knows the operation of the computer system or measures applied in order to protect data held there". This means that Spanish authorities might require services from experts, "hackers" or computer companies.
Clearly that could be applied to Google or Facebook, say, which might be forced to provide user passwords or maybe even actively cooperate in attempts to infect a user's system. Given the current revelations about Internet companies' complicity in spying on huge numbers of people around the world, there seems little reason to hope that they would refuse to do so, despite protestations to the contrary, even if they -- unlike the Spanish politicians proposing this law -- understood the extreme stupidity of this approach.

Follow me @glynmoody on Twitter or identi.ca, and on Google+



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Ninja (profile), Jun 25th, 2013 @ 12:57pm

    Full scale war against the people and the Internet. Orwell was a prophet it seems. I hope the people are able to stop this madness.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Not an Electronic Rodent (profile), Jun 25th, 2013 @ 2:51pm

    Wow!

    Who knew governments could be so chock-full of DUMB?

    This is so mind-bendingly dumb you have to wonder if it's deliberate.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jun 25th, 2013 @ 2:58pm

    The governments of the world are systematically destroying the internet.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jun 25th, 2013 @ 3:05pm

    so, it's an offence to infect a computer with malware or similar, but ok for the government to do it! that nearly makes sense. so what happens when malware of some sort gets on to a computer belonging to a government official then, installed by a competitor of one sort or another? i dont suppose it will be revealed until well after the 'infection' has been neutralized and whatever damage done has been well and truly covered up. however, i think an 'official' machine will be one of the first to be caught, once it is apparent that this malware is around. and bloody good job too! i still wonder at how we manage to always vote complete fucking numbskulls into such important positions!

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    leader of 3000 class A hackers says BOO, Jun 25th, 2013 @ 3:11pm

    process now for a pc desktop

    buy pc
    take home
    wipe it totally clean 7 times
    then put a pirated operating system on it.

    yup thanks for spying come again....
    see all the old farts are getting scared of my kind

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    John Fenderson (profile), Jun 25th, 2013 @ 3:25pm

    Re: process now for a pc desktop

    Why put a pirated OS on it? That gains you nothing in terms of security and potentially opens you up to further mischief, depending on where you got the pirated OS. Not to mention being the wrong thing to do for a few other reasons.

    You have numerous options for nonpirated, safer, better operating systems that you can maintain control over.

    Also, you should have a solid tripwire system on your computers to spot any unwanted tampering with your files, and the most restrictive firewall you can stand so if some malware does infect your system it will have problems phoning home.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jun 25th, 2013 @ 3:26pm

    Re: leader of 3000 class A hackers says BOO

    then put a pirated operating system on it.

    Multics today
    Could Multics be ported to a modern micro?
    Yes. As a matter of fact…

    Could an emulator be written for a Multics CPU?
    Yes. Now that…

    So there you go.


    see all the old farts are getting scared of my kind
    Terrified. Absolutely terrified.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Chris Brand, Jun 25th, 2013 @ 3:38pm

    Trigger for "Reasonable doubt" ?

    If I was prosecuted for something using evidence obtained in this way, I'd use the fact that there was software that I had not installed, was unaware of, and had no control over to show reasonable doubt that I was actually responsible for whatever was done on the machine. Who's to say that the malware itself, or somebody (intentionally or otherwise) in control of it didn't do whatever the bad deed is ?

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    PlagueSD (profile), Jun 25th, 2013 @ 4:16pm

    Time to go download Tor...You remember that program provided by the US Government to prevent foreign governments from spying on thier citizens? Guess we need to start using it now...

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Jun 25th, 2013 @ 4:44pm

    Open Source

    The more governments start relying on back doors and unpatched vulnerabilities, the more it makes sense to run open source software under Linux. Also, in light of Google's cooperation with the NSA, it also makes sense to avoid Chrome in favor of Firefox.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    McCrea (profile), Jun 25th, 2013 @ 8:59pm

    Re: process now for a pc desktop

    I figure the govts are the pirates. They're uploading infected versions of popular software such as OS's under the pretense of tracking copyright infringements rather than the blatant cause of bypassing civil privacy rights.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    Seegras (profile), Jun 26th, 2013 @ 1:22am

    Broken chain of evidence

    I'm completely baffled why _law enforcement agencies_ are backing these hare-brained schemes.

    Any forensic technician can tell you, that with such malware on a computer, you've got a broken chain of evidence. You cannot prove anymore that the user of that computer was actually committing a crime. It could just as well been perpetrated by the agent controlling the malware.

    So any government installed malware is completely, utterly, unusable for law enforcement purposes.

    Of course, intelligence agencies give a damn about any chains of evidence; so they might like it.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    frank, Jun 26th, 2013 @ 3:46am

    Message to the Dutch readers

    This kind of law is drawn up in the Netherlands: please speak up at: http://www.internetconsultatie.nl/computercriminaliteit

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Pragmatic, Jun 26th, 2013 @ 6:02am

    Re: Re: process now for a pc desktop

    Uh, a tripwire system? Could you give us some more information on those, please?

    I'm not sure I've got one and think I probably need one.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jun 26th, 2013 @ 6:59am

    and New Europe is reporting that Spain too is planning

    New Europe, I did not know about that place, it is near New York ?

    Europe is a group of many countries, it cannot 'report' anything.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jun 26th, 2013 @ 7:08am

    Re:

    It'll be funny once the government malware is flagged and removed by standard tools just like other malware, it rises to the top of leading security threats, then someone leaks that it's the government created malware.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    John Fenderson (profile), Jun 26th, 2013 @ 9:57am

    Re: Re: Re: process now for a pc desktop

    This is a common one: http://en.wikipedia.org/wiki/Open_Source_Tripwire, although there are others.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Jun 26th, 2013 @ 6:54pm

    Re:

    Dear Idiot,

    New Europe is the name of a website.

    Sincerely,
    Techdirt's Unofficial Clue Department

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This