Dutch Consider Allowing Police To Legally Hack Back

Tom Brewster is TechWeek Europe’s Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Dutch police could get the power to hack criminals’ equipment, even if they are based abroad

A bill proposed by Dutch politicians would amend the law to make it legal to hack cyber criminals’ infrastructure.

According to the bill, it would be acceptable for law enforcement to “penetrate” suspects’ systems where serious criminal offences are suspected. It would also allow for secret installation of spyware on the suspects’ systems to watch over them.

What will concern onlookers outside of the nation most, however, is the bill’s provision allowing police to “hack back” – penetrating systems in foreign territories which are being used for crime affecting  those in the Netherlands.

van der valk dutch detective
1970s Dutch detective Van der Valk never had to worry about hacking back

Hack back

The law, if it passed through the Dutch Parliament as it is, would also force suspects into unlocking encrypted data when asked, whilst allowing police to delete data on target systems too.

Critics have already lambasted the bill, claiming it would grant too much power to law enforcement, and result in breaches of privacy of innocent citizens.

Netherlands-based Bits of Freedom, which has been one of the biggest voices fighting seemingly legitimate malware sellers, said the bill wouldn’t just harm privacy, it would paradoxically work against efforts to counter cyber crime.

“Countries, such as China, will use the powers as a justification for their own activities. They will follow the Dutch example by allowing their police to use the same methods, including hacking abroad, in order to delete controversial data,” a blog post from the organisation read.

“Civilians will become the victims in an arms race between hacking governments. International cooperation, especially in the field of cyber crime, will be at stake.”

But there has been a shift in attitude within the private sector when it comes to hacking back too. The most prominent firm in the space, CrowdStrike, which consists of ex-FBI and McAfee chiefs, is exploring how far current US law would allow it to compromise cyber crooks’ systems. However, it says it isn’t hacking back right now.

It’s clear governments are already using malware to break into computers of citizens. Companies such as British firm Gamma International and Italian outfit Hacking Team are selling sophisticated spyware. The German government has reportedly splashed €150,000 on FinFisher gear made by Gamma.

That’s despite evidence of alleged abuse of such software by repressive governments, and opposition to spyware pushers from major non-profits such as Privacy International and members of the tech community, including Mozilla.

The draft law is expected to be put before parliament later this year.

What do you know about Internet security? Find out with our quiz!