Will Dutch police soon be stalking cybercriminals on your computer?

A minister has proposed empowering Dutch law enforcement to access and control the computers of suspected cybercriminals, even if those computers are outside of the Netherlands.

|
Oscar Sosa/AP/File
Confiscated computers and other evidence sit in a Florida cybercrimes unit storeroom in 2006. A Dutch minister has proposed a new law that would allow Dutch law enforcement to access – and even control or disable – suspected cybercriminals' computers, even if they're not located in the Netherlands.

Following a spate of high-profile cyberattacks on Dutch websites and services, the Netherlands is looking to give its police new tools to track down cybercriminals. Key among them? The power to investigate and take over any suspect's computer – even if it is not located in the Netherlands.

Last week, Dutch Minister for Security and Justice Ivo Opstelten proposed a new law that would allow law-enforcement officials to search suspects' computers – or even seize control of or disable them – even if these computers are outside of the Netherlands' territory.

“The existing legislation is out of date,” the ministry wrote in a press release. Mr. Opstelten said the police need broader powers to disable botnets – collections of "zombie computers" from all over the world that are being used by cybercriminals to send spam or overload websites. Ordinary citizens might be part of a botnet without noticing anything other than their computers are running slower than normal.

A key difference with cybercrime, as opposed to the regular variety, is the sense that a criminal's physical presence is no longer necessary, explains Troels Oerting, head of the European Cybercrime Centre in The Hague. The center supports the police forces of the European Union's 27 member states.

“We are so used to the geographical link,” says Mr. Oerting. “The perpetrators always had to be there. There will be a robber, a murderer, a drug dealer in the country. And if he escapes, we'll find him and extradite him.” But a cybercriminal, he notes, might be operating from a remote country or a failed state where he cannot be found by local police forces.

A pressing concern

Although Dutch police had been asking for broader powers in cyberspace for more than a year, the general public only recently became aware of the problems when the Netherlands came under a severe digital attack. Last month, several banks like ING and Rabobank, companies like KLM, and the governmental system for digital identification DigiD, suffered distributed denial-of-service (DDoS) attacks. DDoS attacks make a website unavailable by bombarding it with so many data requests that it becomes unable to respond.

Due to the attacks, many people were unable to pay digitally or access their accounts, sometimes for hours on end. Prospective students who wanted to enroll were unable to use DigiD for several days, as were other people who wanted to access government websites like the tax office with the digital passport.

The attacks were particularly concerning because the Dutch are one of the frontrunners in digital communication and using online services. Last year, 80 percent of Dutch citizens arranged their bank affairs online. Of the 27 EU member states, only Finland has a slightly higher percentage, at 82. The EU average is 40 percent, according to Eurostat.

As for overall Internet access, Eurostat places the Netherlands as highest in the EU: 94 percent of its citizens are online, compared to the European average of 76.

So are the Dutch too dependent on the Internet? No, says Michel van Eeten, a cybersecurity expert at the University of Delft. “You would only answer yes to that question if the Internet gave us more damage than benefit. And it doesn't. Nobody is forcing us to do online banking on our mobile phones. The fact that many people vote with their feet, shows trust is high.”

Going too far?

But Mr. van Eeten says he has “mixed feelings” about the government's plan, which has been sent to several government organizations with requests for advice before it can be legislated further.

“In itself, it presents a straightforward argument. The procedure to get help from local police [in the territory where the cybercriminal is operating from] can sometimes be very time-consuming”, he says.

“But in practice it means that the police will take over computers of people who have nothing to do with cyber attacks," van Eeten warns. "Snooping around in innocent people's computers in other countries, that's far-reaching. I'm not against law enforcement entering other computers, but there have to be procedures that guarantee honest use and accountability.”

Also, he adds that it's a myth that most cyberattacks are carried out through servers in faraway places. “You'd think that cybercriminals only use computers in China or Russia, but in practice it's been proved that they use many servers in the West.” He notes that last month's attacks in the Netherlands “originated mostly from the West.” And a suspect in a large cyberattack on the antispam organization Spamhaus was recently arrested in Spain, another EU member.

And even countries with a bad reputation when it comes to allowing cybercrime, like Russia, have agreements with the Netherlands regarding legal assistance procedures. Van Eeten adds, “The Russian will not be amused with this proposal, which would allow Dutch police to violate Russia's sovereignty.”

The Dutch lobby organization Bits of Freedom, which advocates online civil rights, is against the plan because the methods are “a breach of privacy,” says Tim Toornvliet, spokesperson of the organization. Also, he thinks if the law is passed, it will give other countries the legitimization to also start cross-border hacking.

Van Eeten also warns of the precedent the law might set. “This law would legitimize any state using national security as an excuse for digital trespassing," he says. "The Netherlands will no longer have the right to lecture China on digital trespassing, because China's reason is also protection of national security.”

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Will Dutch police soon be stalking cybercriminals on your computer?
Read this article in
https://www.csmonitor.com/World/Europe/2013/0510/Will-Dutch-police-soon-be-stalking-cybercriminals-on-your-computer
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe