Spain Brings In New Snooping Law; Allows Wide-Ranging Surveillance — And Government Malware
from the making-the-digital-world-as-bad-as-the-analog-one dept
Earlier this week Spain’s new Criminal Procedure Act came into force. Although this is an update to an old law from 1882, it legalizes the use of some of the most modern digital snooping techniques around, as an article in El País explains (original in Spanish). For example, one option under the new law is to install malware on a suspect’s devices, a really bad idea we warned two years ago might happen. The new law specifies that surveillance can be carried on equipment used habitually or occasionally by a suspect, but does not clarify what happens with networks or a shared family computer. The Spanish police will also now be able to deploy undercover agents online who can interact with other users, and record their conversations, even if those take place with members of the public in their own homes.
The new powers generally require judicial authorization, and the exact nature of the permitted surveillance will depend on the seriousness of the alleged crime. But the law also allows the Spanish Interior Minister and, in her or his absence, the Secretary of State for Security, to grant permission to the police to snoop on private communications in an “emergency”, or when the alleged crimes relate to terrorism or armed groups.
Such permission must then be quickly confirmed or revoked by a judge, but in the latter case, there’s a nasty twist in the new law. Even though the police would be unable to use in court any evidence they found during surveillance whose authorization was later cancelled, they could use it to help them ask for permission to carry out more surveillance, taking advantage of the knowledge they gained. As El País notes, the new law will allow:
police and judicial use of “incidental findings”: those crimes which are not suspected, and discovered investigating other [crimes]. Now, the parties may bring these findings as evidence in a different judicial process from the one that led to the initial investigation, and may also be used in other investigations, although for that, specific authorization from a judge will be required.
A few months ago, Techdirt wrote about Spain’s terrible new “gag” law that imposed all kinds of ridiculous constraints on everyday activities in the physical world. It seems that bad things are starting to happen in the country’s digital realm too.