Dutch Propose Powers For Police To Break Into Computers, Install Spyware And Destroy Data -- Anywhere In The World
from the mutually-assured-destruction dept
Techdirt readers with long memories may recall a fantasy proposal from Orrin Hatch that would have seen technological means deployed to destroy the computers of those who downloaded unauthorized copies of files. Of course, the idea was so ridiculous it went nowhere. Now, nine years later, a similar idea has turned up, but with a rather better chance of being implemented, since it comes from a national government:
On 15 October, the Dutch ministry of Justice and Security proposed powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands.
The plan of allowing the police to break into domestic computers and install spyware is bad enough, as the German experience shows. There, it turned out that the malware employed had such serious flaws that anyone could take control of a machine infected with it.
But the idea of giving Dutch investigators permission to break into computers anywhere in the world is even worse. The article from the digital rights group Bits of Freedom, quoted above, explains why:
If the Dutch government gets the power to break into foreign computers, this gives other governments the basis to break into Dutch computers which infringe the laws of their country. The end result could be less security for all computer users, instead of more. This is even more true with regard to the power to destroy data on foreign computers; it is likely that other governments would be very interested in using such a power against Dutch interests.
Even totally law-abiding users might be caught up in this digital war:
Furthermore, providing the government the power to break into computers provides a perverse incentive to keep information security weak. Millions of computers could remain badly secured because the government does not have an incentive to publish vulnerabilities quickly because it needs to exploit these vulnerabilities for enforcement purposes.
It's not really down to governments to publish details of flaws, but it's possible they might be less inclined to encourage the public to patch them, if they want to use the vulnerabilities themselves. This would doubtless lead to criminals taking advantage of widespread holes in security, with personal data being stolen, and financial systems compromised.
All-in-all, the Dutch proposal has to be one of the most foolish ever presented by a government in this area, and shows the folly of trying to come up with quick fixes for the currently-fashionable issue of "cybercrime", instead of really thinking through the consequences. Let's hope calmer heads prevail, and the proposal is withdrawn.