Wanting something and getting it aren't the same thing and it wouldn't be the first time that something like this gets enacted and then gets shut down again.
My main worry would be journalists, those are at some danger from stuff like this especially when they are protecting their sources. If this ever gets abused that's where I would expect it to happen.
I don't follow your logic. It seems to be a circular way of downplaying the laws potential for harm.
I am sure you are right, harmful laws have been passed, and then on the basis of their harm, repealed.
But if we are to be reassured that since the law is harmful it will be repealed, that is an illusionary reassurance. Clearly not all harmful laws are repealed, even if some are.
And even repealed harmful laws are likely not repealed until the harm they cause is very evident. Meaning great harm has been done.
That's not how I read the law with the supplied context.
It basically reads like this - translation/interpretation errors are mine: Any machine that is compromised by a hacker and that leads to other machines that are also compromised by this hacker are fair game in the process of an investigation.
This ensures that the typical chain of wrapped connections can be pierced, even if some of those systems may well be compromised outside of the owners knowledge. Yes, they are also victims, but their unsecured systems and accounts that are currently under the control of the hacker makes them a part of the investigation.
It's no secret that hackers tend to use many layers of obfuscation in order to reach their ultimate target and this attempts to put a stop to that, with the nice side benefit that if one of the machines en-route is a communications server that other accounts found there are fair game (such as what happened with EncroChat, but there are also other examples).
From what I can see this is all relatively straightforward, and as long as the usual safeguards are in place I do not see a problem with it. Investigators are often laughed at for their lack of digital chops, this doesn't match my own experience, the thing I do see is that they are almost always outmatched because of the constraints placed on their ability to investigate when it comes to digital crime. Some balance should be found here and given a relatively careful weighing of the interests of society and law enforcement I think this proposal really does its best to achieve such a balance. If and when it is abused I fully expect that abuse to be smacked down, as has happened numerous times.
There always will be a tension between LE on the one side and society on the other, LE only has as much power as we collectively grant them and oversight is the ultimate arbiter of what is and what isn't permissible.
As for the context: this is NL we're talking about where such oversight really seems to work well, in other countries that may be a completely different story.
Removing huge legal safeguards, vastly expanding law enforcement's legal freedom, without adding back more nuanced safeguards, makes no sense.
The history of good behavior of NL law enforcement took place, itself, under legal safeguards!
What would have been abuses today, will no longer be abuses. So LE can now act in good faith in a far more pervasive manner.
Unless you think the previous safeguards were superfluous, because of LE good sense, there should still be legal safeguards. More nuanced safeguards of course, that take into account the new LE freedoms. But still explicit legal safeguards.
Otherwise, we are not just depending on LE to act in good faith, but to define good faith. Which is not a good system, or the system before, when safeguards were explicit.
This all presupposes that LE is acting in bad faith, which - so far - has not been my experience. There definitely have been exceptions and those have rightfully been smacked down, both AIVD and the regular police forces have seen judgments against them for trying to expand the envelope to the point that it was clear that was not the intent of the law.
Those 'huge legal safeguards' in practice work out to a fairly loosely specified set of laws that are then interpreted as widely as possible by LE and subsequently tested in court whenever a party feels that they have overstepped the line. This method seems to work well enough that it has become standard procedure and of course new laws will be tested in a similar way. The current investigative process is often very dynamic, far more dynamic than the usual warrant process provides for and in that sense I can see the frustration about seeing a crime in progress and not being able to something about it as something that would need addressing. The international nature of the net and the speed with which these situations develop would mean that the online equivalent of 'skipping state lines' would be enough for a perp to always get away with it. This is an undesirable situation. It is also undesirable that law enforcement would be handed tools that give them too much leeway. Whether this tool is one of those or not will depend very much on how it plays out, given what I know about how the oversight system here works I have very good confidence that if there is abuse that it will be stopped. Dutch LE has learned a lot from various incidents in the past, which led to various backlashes. So they stand to lose as much as they stand to gain here.
The PRIMARY purpose for safeguards, is to document what good faith means, so it has some objective agreed upon ethical meaning.
(The fallback purpose for safeguards is for when bad faith occurs, to provide a documentable reason for taking corrective action.)
"Good faith" with legally defined safeguards is a much clearer and safer situation than "good faith" without a clear definition of what standards, if any, impact what "good faith" could possibly mean.
That's a fair criticism, they really do, and any kind of law tends to disproportionally target minorities.
That said, I fail to see how this particular law could be abused in that way, after all, the typical hacking investigation doesn't really know much about the perp until the moment of apprehension. It's after that moment that most of the concern for minorities should kick in, because most of the real life trouble has to do with abusive treatment by the authorities once someone became an identified target. Racial profiling and all kinds of other abuses have been heaped upon minorities time and again, but in the context of hacking suspects prior to apprehension I have no evidence that this has happened.
Usually the problem that this phase of an investigation focuses on (the access to systems that are compromised) is when the hacker is still unknown other than that the authorities are aware they exist.
But I don't doubt that if someone does get arrested and they happen to be a minority that the system will not treat them equally compared to someone who is not a minority. This is a systemic problem that needs addressing, but it isn't directly connected to this law.
Yes, and clearly there should be a very pointed note about journalists in this law if it is to be put into practice. But for the likes that use(d) EncroChat I'm all for it.
Btw, both lawyers and journalists have quite a few special protections under Dutch law and it isn't clear to me that this proposal would trump those protections, in fact if challenged I would expect the judiciary to affirm that those protections carry the most weight.
Author here - the protections remain in theory, but will not longer be active beforehand. It is possible that the oversight committee finds the time to check afterwards, but they aren't obliged to do so. Also, by then the damage is done.
Yes, that's the risk, but: similar issues have been flagged in the past and in the end oversight won out so I'm not quite as worried as you are.
A typical scenario is that a hacker is using a series of nested accesses to compromised systems, if the original warrant allows for tracking the hacker on the first system then there is no time to obtain warrants for the systems that are uncloaked as the result of the investigation, this happens pretty much in real time. So this provision allows the investigation to proceed and will have a reasonable time allowed to 'catch up'.
It definitely is possible that it will be abused, but that will lead to this provision being disbanded, as has happened in the past when dutch LE overstepped their authority. I'm fairly sure that those lessons - and the cases thrown out as a result - have been learned, but of course it is very well possible that we'll see a re-run.
I'm on the fence on this one, I'd say let's see where it leads because it is clear to me that the digital world is moving much faster than law enforcement can normally speaking keep up with and a lot of crime is perpetrated because of that. The risk of abuse of such methods is always present, and 'protections in theory' that are abused tend to find very unsympathetic judges in this country. It's fairly clear that something will have to change if LE is to keep up with the increase in online crime, whether this overshoots the mark or not remains - in my view - to be seen. It definitely has that risk, but then again, so would every other proposal short of the status quo and that clearly isn't effective enough.
Now they want free reign to spy on everyone.