Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Contrary to common opinion here I think this is a small thing. The way these things work in the Netherlands, an intelligence agency would currently not intercept any communication from a "stepping stone" hacked by a criminal organisation, because it would be outside the scope of their warrant. That's a stupid limitation to have because it's very common to perform attacks from other hacked machines and not your own. (And for the bad guy's connection to such a server to be encrypted and useless to intercept)

What's a bit bigger in this thing is that they would be allowed to actively hack into such a machine themselves instead of just intercepting communications. However that has to be proportional with extra emphasis on the rights of the non-target. That practically means they can only do it in severe cases and not to get information on the non-target.

Those suggesting this could be used to "just" hack random citizens are exaggerating. That would not be accepted by the oversight agencies.



> Those suggesting this could be used to "just" hack random citizens are exaggerating. That would not be accepted by the oversight agencies.

In most countries, good governance is considered to be writing laws in such a way that abuse by the government is a violation of the written word of the law, not merely in opposition to its spirit or intent as interpreted by the government's own agencies.


Such things are easier said than done. Humans aren't computers. They have far more behaviors, and infinite corner cases. Writing laws that cover all of them is incredibly difficult, and as soon as you do something pops up that you didn't anticipate.

It's the reason all of your license agreements and other contracts are so long. Every phrase and sentence is there because something went wrong.

It doesn't let them off the hook for the fact that legislatures often do badly. But even with the best of intentions and the best skill things are still never as thorough as a programmer would like them to be, because programming people is way harder.


> They have far more behaviors, and infinite corner cases. Writing laws that cover all of them is incredibly difficult, and as soon as you do something pops up that you didn't anticipate.

Pretty irrelevant in this case, where we're talking about easy, obvious ways to abuse this rule. Your "it's all so complicated" argument relies on ignoring the substance of the objections to making ones victimization an opportunity to reduce their civil rights, and moving into generalization and vague abstraction.


This blog is written by someone who used to work for such an oversight committee, but left after being ignored.

https://berthub.eu/articles/posts/vertrek-tib/


This paragraph captures the crux of the problem for me:

> In addition, whereas previously there was an elevated standard for applying powers to non-targets, there is now actually a vastly reduced standard compared to actual targets. The ex-ante regulator TIB will need to be convinced that it is proportional to target organization X. However, any non-targets now no longer benefit from an elevated standard. The non-targets in fact benefit from no standards at all anymore.

They're going from a situation where it was considered an extreme measure to get a warrant to break into a victim's machine to a situation where it's now a given that all victims of the target organization are themselves targets unless the oversight body takes affirmative action to deny it in a specific case. If the concern were just about red tape, it would make more sense to remove the special protections that victims previously had and allow the warrant to be extended through the regular warrant process.

This automatic extension solution is a problem because it treats the rights of the victims as lesser than the rights of the suspected criminals. It treats them as collateral damage that can be safely ignored unless someone from higher up specifically decides it's a problem.


> because it would be outside the scope of their warrant.

And? Unless the scope of the warrant is immutable then what's the issue? It might be a bit slower to get the scope extended or get the victim's consent, but it seems far less abusable of a situation. It appears as a big deal to me because it is part of authoritative creep. Authoritarian powers don't come out of democracies overnight, but rather because the pathway to hell is paved with good intentions that are abused. The whole point of democracy is to distribute power and set up significant speedbumps for someone to agglomerate control. Things may seem small, but a few small things can form a big thing. If we just say that it is small in each of those situations, then the big thing happens unnoticed. The better question is how ripe a power is for abuse and what could an abuser do with such power. This is far more important than intent or even the size of the matter.


When the intelligence agencies will eventually abuse the law and lose their goodwill, the law will stay there and you will get nothing in return for your trust.


> Those suggesting this could be used to "just" hack random citizens are exaggerating. That would not be accepted by the oversight agencies.

They wouldn’t have to accept it. It would be automatically allowed. That is the consequence of removing oversight processes like getting a warrant.


>That would not be accepted by the oversight agencies.

I needed a good laugh this evening, and this was it.


First of all you are assuming that the laws themselves are obeyed by the government in the Netherlands. They are not. All of the written guidelines are simply ignored. No one checks that they obey them and no one can getting any consequences applied to the violation of them.

The Dutch government is in a race to the bottom with respect to human rights over the last 20 years. It started around 2005, 4x years ago what was called the IRT affaire scandal in which the government themselves had become the biggest drug imported in Europe.

After then was discovered and cause a media fallout, 4 years later they started again but using a new approach in which they spread the blame and make it even harder to become accountable. In 2006, the councils started signing documents like the "Integrated approach to dealing with hennep plantations" in which they centralized the control of the intelligence, but spread the blame and the actions associated with this across the police, the council, the tax department and now there are about 9 partners or so.

This became so successful in their eyes that they formalized this at the end of 2008 and formed the RIEC, which stands for regional information and expertise centrum, which is an intelligence agency that is formed with a human representative so you cannot legally take this organisation to court under Dutch law and this organization does it's dirty work through it's parters, the police, council, tax department etc.

In addition, they expanded the scope of what they do. They no longer just find evidence and convict. Now they are able to "Interfere" with who they claim is involved with organised crime. And they are no limits to what interference means and there's no evidence required to do this, simple what's called "A reasonable suspicion". i.e. nothing.

Then in 2020 they changed to the law so that any one that works in a job that has an obligation to secrecy cannot be found guilty of perjury. They example they came at the time was "For example, a lawyer has an obligation to secrecy for his client". However, that was just a smoke screen. What they did was make it so that everyone in government now can lie in court under oath and not be prosecuted. Including prosecutors themselves. And if you don't believe this I've seen a document written by the attorney general in which he quite plainly states that a prosecutor cannnot be found guilty of perjury.

And believe me, even in places like the UK of the US prosecutors can be found guilty of obstruction of justice. Not in the Netherlands.

By allowing prosecutors and any government official to lie in court, they have effectively simply made all of the court proceedings in the Netherlands be a shame. As there is zero integrity. Clearly this also includes the international criminal court. It's located in the Netherlands after all.


Lots of typos in my text above sorry for that. But an important one, the RIEC is formed WITHOUT a human person as a representation and under Dutch law that means you cannot take the organisation to court. There's jurisprudence established to show this. And because their stated way of working is that they only give advice and their partners carry out actions they push responsibility away. Additionally, their state way of working is that their partners are forbidden to enter any information received by them into their computer systems unless it's it's operationally required to do so. Which is never the case. See what they have done here? They keep information on their computers but the RIEC cannot be taken to court. Any information that comes from the RIEC is not allowed to be stored in the computers of their partners, which can be taken to court.

Apparently, the partners are primarily just given orders to execute, without so much explanation. Need to know basis and all that. Without an explanation as to what the actions are used for the partners will simply get in the habit of executing without asking questions.

So all in any, unlawful and morally bankrupt operations with zero accountability and hundreds of millions of euros of budget. What could possibly go wrong? Basically, the Netherlands is screwed, there's no fixing this. It's not a functioning democratic state of law anymore. Not by a long shot. And the sad thing is that the public (And apparently the press) have not even begun to understand how bad it is yet.

Although not in connection with hacking operations, I was one of the people that was targetting simply by being close to their target. I lived "next door to" someone that was busted by a drug bust in 2005. Then next 10 years I spent more than 30,000 euros in court costs and preventative measures trying to protect myself from the actions of the other neighbor who was being deliberately run by the Dutch government!! And they are completely immune from repercusions I've discovered to my disgust.

The prosecutor that obstructed justice said in a phone call with me the next day. "Even if you complain... what did you possibly hope to achieve by complaining?"

So because I objected to the harrassment that I received by the Dutch government's illegal use of a civilian to harrass an already convicted weed grower I received 10 years+ of criminality carried out against me effectively by the Dutch government by proxy.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: