D66 Member of Parliament Kees Verhoeven wants stricter rules for the use of certain weapons for hacking by the police, secret services and the army. This specifically concerns tools that can abuse zero days – vulnerabilities in software that are not yet known. That’s what the NOS says.
Zero day errors are wanted by hackers, because they are not yet known and the makers of the software have not yet done anything to close them. That’s why they can be abused to get in on secure computers. Government hackers also like to use these kinds of leaks. But because the leaks are not closed, citizens are also at risk of attack.
Verhoeven therefore wants an independent committee to monitor the use of this type of vulnerability. He submitted a private member’s bill for that today. The committee should consist of a number of relevant organisations, such as the National Cyber Security Centre and the Personal Data Authority. The committee must consider whether a vulnerability can be used if the police want to hack a suspect.
In addition, according to Verhoeven, the errors must always ultimately be reported to the software manufacturers. In addition, he wants no commercial ready-made hacking tools that are not known how they work to be used by public authorities.
Current rules
At the moment, there are already rules on the use of the vulnerabilities. The AIVD now has an internal committee to consider how to deal with zero days. But there is no legislation yet.
The AIVD has told the NIS that it will consider the resources to be deployed in each situation. It may be the case that a vulnerability is not reported to its creator, because it may jeopardise national security.
Verhoeven’s proposal is being studied by the Ministry of Defence.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.