If you are a Skype user living in the Netherlands, watch out. A recently proposed bill, if passed, would give the government wide ranging authority to “hack back” Dutch citizens for various surveillance purposes. The bill is still in draft form but is expected to be brought before the Dutch Parliament by the end of the year. Sources claim the proposal aims to give government investigators a new list of investigative tools, including:

• allowing them to hack private computer systems
• authority to monitor Skype and other VoIP tools
• authority to listen in on mobile phone conversations
• the ability to force suspects to provide access to encrypted data

The Dutch government claims the expanded powers are necessary in order to more effectively combat cybercrime and terrorism. Unfortunately, critics of the legislation point out the definitions of “cybercrime” and “terrorism” within the legislation are too ambiguous. Opponents of the bill claim the current language would give the Dutch government unbridled authority to do just about anything it wanted. Proponents of the legislation site, among other things, point to a recent DDoS attack on Dutch banks as evidence that the expanded powers are necessary. They also aim to use the new authority to combat paedophilia and other predatory crimes. If the bill is approved as is, there is no telling how wide reaching the implications would be. Another major point of contention with the legislation is language that would allow Dutch authorities to hack into servers at data centres physically located outside the Netherlands. The risk of insecure data communications as a result makes many people nervous. In fact, the threat of this type of thing is why so many European companies are fearful of embracing cloud computing.

Just a Bad Idea

To anyone who follows Internet freedom issues around the world, the Dutch legislation is obviously a bad idea. All one needs do is look at places like China to see how what appears to be government goodwill ends up severely restricting the freedoms and privacy of individual citizens. There simply is no justification for government snooping. To believe that Dutch authorities will behave themselves and use their newly found powers responsibly is to believe in a utopian world that doesn't exist. Once the doors of expanded government authority are opened, there is no way to close them. If this legislation becomes law in the Netherlands, Internet security and privacy will no longer exist in that country. For the average citizen there will always be the potential of the Dutch government hacking private communications, listening in on Skype conversations, and even snooping around a computer's hard drive looking for information. For hosting companies, data centres, and collocation providers the threat of government search and seizure will be ever-present. It is in the best interests of everyone involved that this legislation does not see the light of day. Let's hope lawmakers in the Netherlands come to their senses and soundly defeat this bill. To do otherwise is simply inexcusable.