Minister Opstelten strengthens the approach of computer crime

To strengthen the investigation and prosecution of computer crime, the minister of Security and Justice Opstelten takes measures that better match the quick developments in the field of technology, internet and computer crime. The existing legislation is out of date and offers insufficient options to for instance crack encrypted data, tackle illegal actions on internet of fight child pornography online. This is stated in the bill he has sent for advice to different bodies, such as the Public Prosecution and the Council for the Judiciary.

The minister wants the police and the judiciary to conduct remote investigation in criminals' computers and, if necessary, to take over data or to render them inaccessible. it concerns the so called 'investigating automated work' that enables criminal investigators to apply various forms of inquiry in the investigation of serious crimes.
It is not only about rendering data inaccessible or taking them over, such as child pornography or stored email messages with information on crimes, but also about tapping communication or observation. Strict guarantees apply to the use of of the new power, such as a prior judicial review and certification of the software being used and data logging.  

An earlier letter to Paliament reports that the developments in cyber crime force to action. When criminals are paralysing vital parts of society using botnets, it must be possible to take better action against it, says Mr Opstelten. Botnets are largescale networks of semi-autonomously working software robots on 'zombie computers' that can be operated from a distance to carry out illegal actions, such as sending spam, collecting (company) secrets, credit card details and passwords. DDos attacks and the spreading of malware also belong to the options. To render a botnet harmless, it is necessary to get access to the servers that are a part of it. Taking action in cyber space may result in data being rendered inaccessible, also when they are on a server abroad. This may be the case if the actual location of the data cannot reasonably be traced back, as applies for example to data in the Cloud.   

When tapping communication, police and the judiciary are more and more bothered by electronic data being encrypted. Special programmes are offered on internet to encrypt data files. Information systems and software often have standard settings for encrypted forms of communication, such as a Gmail and Twitter. Internet users can even transport data anonymously through certain services. This plays into the hands of criminals. The provider is obliged to cooperate in cracking encrypted communication, but he is sometimes not even able to do that or the provider is established abroad. That is why Mr Opstelten wants police and the judiciary to be able to tap the machine instead of the connection under strict conditions. The investigation in automated work makes that possible.

The bill also allows for the possiblity to oblige suspects of the possession and trade in child pornography or of terrorist activities to cooperate in opening encrypted files in their computer. The Public Prosecutor will give a decryption order to the suspect in that case. Police and judiciary will get access then to shielded data and can fight the production, spreading and possession of child pornography more effectively and offer help to the victims. Strict guarantees apply here such as prior judicial review.  Ignoring a decryption order from the Public Prosecutor will result in a maximum prison sentence of three years.  

Mr Opstelten will further see to it that healing of computer data will be a criminal offence. With that he wants to prevent third parties having access to the stolen information after intrusion in a computer and place it on websites. It is important for a conviction that the suspect knew or could have suspected that the information concerned stems from a crime. In practice, computer data are regularly used which were obtained through crime, such as computer hacking or clever snatching of passwords and user access codes. There will be a maximum prison sentence of one year for it.