Clueless Spanish Politicians Want To Join The Government Malware Club
from the dedicated-follower-of-fashion dept
As we've noted before, when it comes to the Internet, governments around the world have an unfortunate habit of copying each other's worst ideas. Thus the punitive three-strikes approach based on accusations, not proof, was pioneered by France, and then spread to the UK, South Korea, New Zealand and finally the US (where, naturally, it became the bigger and better "six strikes" scheme). France appears to be about to abandon this unworkable and ineffective approach, leaving other countries to deal with all the problems it has since discovered.
Now there seems to be a new craze amongst ill-informed policy-makers: the use of government-sanctioned malware to spy on citizens. We wrote about Germany's trojan software back in October last year. Australia's spies want the same capability, and New Europe is reporting that Spain too is planning to pass a law that will allow its police to install malware on the systems of citizens:
According to the article 350 of the proposed draft, prosecutors may ask the judge for "the installation of a software that allows the remote examination and without knowledge of the owner of the content in computers, electronical devices, computer systems, instruments of massive storage or databases."
The key concern raised for similar projects of other countries applies here too: intentionally placing malware on computers increases the risk that others will be able to take control of those systems thanks to vulnerabilities in the code. That's no theoretical issue, as evidenced by major flaws discovered in Germany's trojan software. But it turns out that Spain's proposed malware scheme has an additional bad idea:
Furthermore, the article 351 of the text explains that official agents may require cooperation from "anyone who knows the operation of the computer system or measures applied in order to protect data held there". This means that Spanish authorities might require services from experts, "hackers" or computer companies.
Clearly that could be applied to Google or Facebook, say, which might be forced to provide user passwords or maybe even actively cooperate in attempts to infect a user's system. Given the current revelations about Internet companies' complicity in spying on huge numbers of people around the world, there seems little reason to hope that they would refuse to do so, despite protestations to the contrary, even if they -- unlike the Spanish politicians proposing this law -- understood the extreme stupidity of this approach.
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: malware, spain, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Wow!
This is so mind-bendingly dumb you have to wonder if it's deliberate.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
process now for a pc desktop
take home
wipe it totally clean 7 times
then put a pirated operating system on it.
yup thanks for spying come again....
see all the old farts are getting scared of my kind
[ link to this | view in chronology ]
Re: process now for a pc desktop
You have numerous options for nonpirated, safer, better operating systems that you can maintain control over.
Also, you should have a solid tripwire system on your computers to spot any unwanted tampering with your files, and the most restrictive firewall you can stand so if some malware does infect your system it will have problems phoning home.
[ link to this | view in chronology ]
Re: Re: process now for a pc desktop
I'm not sure I've got one and think I probably need one.
[ link to this | view in chronology ]
Re: Re: Re: process now for a pc desktop
[ link to this | view in chronology ]
Re: leader of 3000 class A hackers says BOO
Multics today
So there you go.
Terrified. Absolutely terrified.
[ link to this | view in chronology ]
Re: process now for a pc desktop
[ link to this | view in chronology ]
Trigger for "Reasonable doubt" ?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Open Source
[ link to this | view in chronology ]
Broken chain of evidence
Any forensic technician can tell you, that with such malware on a computer, you've got a broken chain of evidence. You cannot prove anymore that the user of that computer was actually committing a crime. It could just as well been perpetrated by the agent controlling the malware.
So any government installed malware is completely, utterly, unusable for law enforcement purposes.
Of course, intelligence agencies give a damn about any chains of evidence; so they might like it.
[ link to this | view in chronology ]
Message to the Dutch readers
[ link to this | view in chronology ]
New Europe, I did not know about that place, it is near New York ?
Europe is a group of many countries, it cannot 'report' anything.
[ link to this | view in chronology ]
Re:
New Europe is the name of a website.
Sincerely,
Techdirt's Unofficial Clue Department
[ link to this | view in chronology ]