Last week, the Dutch Minister of Safety and Justice asked the Parliament of the Netherlands1 to pass a law allowing police to obtain warrants to do the following:
- Install malware on targets’ private computers
- Conduct remote searches on local and foreign computers to collect evidence
- Delete data on remote computers in order to disable the accessibility of “illegal files.”
Requesting assistance from the country where the targetted computer(s) were located would be "preferred" but possibly not required. These proposals are alarming, could have extremely problematic consequences, and may violate European human rights law. As if that wasn't troubling enough, lurking in this letter was a request for something more extreme:
- If the location of a particular computer cannot be determined, the Dutch police would be able to break in without ever contacting foreign authorities.
What would cause the “location of a particular computer” not to be determinable?
The user might be running software to protect their privacy, such as a proxy, VPN or Tor. Alternatively, the data might be stored in a “cloud computing” service like Gmail, or Amazon AWS that keeps copies of your data in many countries. If became law, this proposal would allow Dutch police to launch direct attacks against international cloud computing services. It would allow Dutch police to use exploits and malware against privacy systems like the Tor network, endangering the hundreds of thousand of people who use Tor clients every day, and those who publish hidden services in the network. It would, in short, allow Dutch police to use the methods of cyberwar to enforce Dutch law on people living anywhere in the world.
What would the world look like if every country’s police were allowed and encouraged to break into computers worldwide to enforce their national laws? We would see a wave of attacks against computers everywhere for blasphemy, hate speech, tax evasion, promoting homosexuality, criticizing the King of Thailand or Atatürk, or disagreements about copyright infringement. Nobody wants to live in a world where every country's laws are simultaneously applied by brute force. That chaos would threaten the stability and usability of entire network.
EFF joins Bits of Freedom, a Digital Rights organization in the Netherlands, in calling for international opposition to this outrageous proposal:
"The [plan] concerns all countries whose IT-infrastructure may be affected. Bits of Freedom therefore calls on other countries to oppose the proposal. Laws like these make the Internet a more dangerous place."
The Netherlands has a political culture that usually prides itself on moderation and balance. This is a proposal which discards those principles entirely. Join Bits of Freedom and EFF to ensure that this ill-conceived proposal does not become law.