The procedure that precedes the decision to hack is covered by guarantees. The decision to hack was made after careful consideration in all cases investigated. Virtually all instructions prepared by the prosecution comply with the law and have been properly followed in the investigated cases, both by the police and by the state prosecutors associated with the criminal case where the hacking takes place. However, some shortcomings and bottlenecks have been identified. There is room for improvement. This is the conclusion of the attorney general at the Supreme Court, Edwin Bleichrodt, in the supervisory report ‘Research into automated work’, which he presented to the Minister of Justice and Security today. In the report, the Attorney General makes the following observations and recommendations to, among others, the public prosecutor’s office and the minister.
Recording of communications with secret guards
Hacking can also (unintentionally) record communications with professional secret keepers, such as doctors and lawyers. The rules stipulate that all data obtained during hacking, and therefore also such ‘secret keeper data’, must be stored. At the same time, the Criminal Procedure Act prescribes that such data must be destroyed. In the policy rules drawn up by the prosecution, the prosecution tries to find a solution to this contradiction and to take into account all interests. However, these political rules do not fully meet the requirements of the Criminal Procedure Act. The Attorney General at the Supreme Court advises the Prosecuting Authority to assign the investigating judge a leading role in the selection of confidential information, possibly pending new rules that the Attorney General deems desirable on this point.
The technical tool
During the parliamentary debate on the Computer Crimes Act III, the minister formulated the basic principle that when carrying out a hack preferably use is made of a pre-approved technical tool (hardware and/or software) which has been developed by the police themselves. if possible.. Implementation practices are contrary to this principle. In practice, the police frequently use an unapproved technical tool, purchased on a commercial basis, which exploits possible unknown vulnerabilities in the electronic equipment to be hacked. The decision to make use of this technical aid is carefully made by the prosecution in all cases and always in compliance with the applicable legal rules. The Attorney General notes a contradiction between the implementation practice and the principles formulated by the minister during the parliamentary proceedings of the computer crime act III.
At the same time, the legal definition of the term ‘technical assistance’ leaves room for different interpretations and does not provide sufficient direction for implementation practice. This is important, because different rules apply if no technical aid is used during the hacking, but it is a so-called ‘manual deployment’. The Attorney General therefore proposes in the report to give a different explanation for the term than the prosecution does.
Responsibility for the hacking
In the official reports that the police prepare on the use of hacking, with a view to protection methods, only a very broad and very brief account of the hacking authority’s use is given. The Attorney General recommends that the public prosecutor implement the duty to account for the implementation of the hacking more concretely. The same goes for including the necessary information in the hacking order itself.
The Attorney General’s investigation took place in connection with the supervision by the Attorney General at the Supreme Court of the performance of statutory duties by the public prosecutor’s office (Article 122(1) of the Law on Judicial Organisations). The main question of the investigation is whether the prosecution correctly implements the applicable rules in an automated work. For more information: Supervision of the Public Prosecution Service – Supreme Court
Publication research report ‘Research into automated work’ (pdf, 1 MB)‘