Dutch parliament approves bill to hack criminal suspects

A majority in the Tweede Kamer on Tuesday approved a bill that allows the police to hack suspects in a criminal case. A stricter variant of the law was voted in, in which the police are obliged to immediately report software vulnerabilities to its developers, NU.nl reports.

The law is called Cybercrime III and states that the police can hack the computers of suspects in criminal investigations. This involves suspects in cybercrime, but also other forms of serious crime that carry a penalty of at least 4 years in prison.

In its original form, the law gave the police the power to make use of software vulnerabilities that the developer are unaware of, so-called zero-days, without reporting the problems to the the developers. This subject had the Tweede Kamer, the lower house of Dutch parliament, divided to the point that the VVD and PvdA had to add an amendment. This amendment, with which the bill was voted in, requires the police to report vulnerabilities to the software developers immediately.

If the police want to keep the vulnerability a secret, a court must give its consent. Before giving consent, the court must do an "independent review" to make sure that the interests of the police investigation are not unnecessarily placed above the safety of software. The D66 wanted the law to prevent the unreported use of vulnerabilities completely, but could not get a majority of parliamentarians to report this.

The legislative proposal will now go to the Eerste Kamer, the Dutch Senate. The PvdA and VVD coalition holds no majority in the Eerste Kamer, and will therefore need support from the opposition parties to pass the bill.