It is really scary the accelerating trend of creating regulations to restrict or violate basic human rights on the basis of straw man national security reasons...<p>What is nice with this law is that they can look for things not related to the hack on target devices. If they see something incriminating against you not related to the case, they can still use it against you in a new procedure. Without warrant. How convenient.<p>In addition, I can easily guess that they don't have to prove that you were really hacked, but mere suspicion or being a potential victim of the hackers might be enough.
So to my understanding what they are proposing is allowing you to be hacked by the government if you are a victim of hacking by another actor. I can see the value of this being able to access log files and other data that could assist in investigating the original hackers. I suppose they wouldn't want to always tip off the victim of hacking because the victim might change something that could scare aware the original hackers or delete useful metadata before the investigation could be carried out. But it essentially could become a free pass for the state to hack anybody. Because 1.) Anyone with a public facing server knows there are bot hacking attempts made against them 24/7 or 2.) Just hire a 3rd party to hack someone then you have immediate cause to get access to their data. This article didn't seem to have a definite answers what kind of protections would be put in place in these events. It sounded like they previously did try to word the law to only pertain to the original investigation but one can only wonder.
Author here - I mirrored the page on <a href="https://berthub.eu/articles/posts/dutch-intel-law-about-intel/" rel="nofollow">https://berthub.eu/articles/posts/dutch-intel-law-about-inte...</a> since y'all managed to take out the about:intel server!
The author of the article is Bert Hubert, starred frequently on HN [1] and has expertise in many fields, including the world of intelligence agencies.<p>[1]: <a href="https://news.ycombinator.com/from?site=berthub.eu" rel="nofollow">https://news.ycombinator.com/from?site=berthub.eu</a>
I'm having issues loading the page. <a href="https://archive.is/J3ieO" rel="nofollow">https://archive.is/J3ieO</a> if it helps anyone.
Assuming a security analyst is allowed to look at content that's been identified as malicious beyond some threshold like 99.9%...<p>And in order to address emerging threats, they should be able to apply their judgement based on threat indicators like known bad hashes, origin from known bad email addresses or IPs, etc. to call something malicious beyond that threshold...<p>Does that mean that if they know your account is under attack they can just read all of your emails?<p>I would give that a big "no" because unless your account has 999 malicious emails in it for every benign one, they have not met the criteria.
It sounds really scary, but it’s so they can actually collect evidence. Now they target a hacking group but can’t break in with their targets to actually collect evidence.<p>They still need a judge to provide a warrant, there is still oversight.<p>In practice not much will change, except they only have to ask for 1 warrant instead of 10 like they do now.
One example of where this would apply is for instance against criminals whose medium of information exchange has been compromised. Yes, they are 'victims', but they are also perps and probably in much worse crimes than the original hack of their comms.<p>An example of such a situation is the EncroChat hack.
The omitted detail is that it's "NL national security [from its people] ..." The state, and those individuals in unholy union with it, understands very well that it's different from its people and in order to defend from its people all measures are justifiable.
I suspect this is also to provide a legal framework to automatically remove malware from victim's computers, as has been done before by Dutch authorities without any law permitting such actions, and removing malware is obviously good for society.