Dutch Internet Providers Made Deal With Law Enforcement On Assistance In Criminal Investigations

Dutch providers say they did not want to give law enforcement 'a hard time'

Der folgende Beitrag ist vor 2021 erschienen. Unsere Redaktion hat seither ein neues Leitbild und redaktionelle Standards. Weitere Informationen finden Sie hier.

Dutch internet providers made in 1998 a deal with the Public Prosecutor about the provision of confidential client information in the case of cybercrime investigations. This is revealed in a recent study by Edwin Mac Gillavry of the University of Groningen. He investigated the way financial institutes and internet service providers are assisting law enforcement authorities in case of criminal investigations.

Mac Gillavry spoke with seven internet providers on a confidential base. It turned out that the organisation of Dutch internet providers NLIP, that represents 60 Dutch providers, closed a deal with the Public Prosecutor in 1998 to cooperate voluntary in providing confidential client information. The Dutch Public Prosecutor can force providers to cooperate, but this is by law limited to specific cases and circumstances. The law enforcement authorities found these requirements too restrictive, and made a deal with the providers on voluntary cooperation.

According to the deal, providers give the name, adress, residence of their clients, and information on their use of internet if requested by the public prosecutor, on the condition the client is accused of a crime that can be punished with at least four years of imprisonment. According to Mac Gillavry, this is inconsistent with Dutch privacy law. The privacy law states that if a company wants to provide on a voluntary base confidential personal information, it has to consider carefully if there are 'important and urgent' reasons to do so. They have the legal liability to do so and a client can ask a court to rule if the consideration made by a company was justified. The internet providers however don't make this assesment, but leave it to the public prosecutor.

The study shows that this isn't the only way Dutch providers are assisting law enforcement on a voluntary base. For instance, one provider saved for a long time logfiles of a client, when asked to do so by the police. Two other providers continued accounts of clients they orginally wanted to close, because they were used for the distribution of child pornography. The law enforcement authorities asked for this to be able to investigate the case further. In another cited case, the provider first made a copy of a website, before closing down the account. Also, a provider gave website material, that was secured by a password, to law enforcement. Police officers interviewed in the study stated the deal with the Dutch providers isn't going far enough. They find the limitation to crimes punishable with four years or more too restrictive. Also, they want to be able to ask themselves providers to cooperate, instead of the public prosecutor.

Dutch providers are not legally required to save information on their clients and their internet behaviour. However, all providers keep information on the name, adress and residence of their client, the study shows. In the case of free internet providers, however, it is unclear if those data are correct, because they don't check it. According to the interviewed providers, the public prosecutor asks 12 to 15 times a year to provide these kind of client information. The providers also save logfiles. Usually, they register the general IP-adress of the user, the beginning and ending of a internet session, and the date and login name. Providers can use these information to find out which client used their services on a specific date and time, and can reveil the identity of that client by comparing the information with the name and adress of users.

With the exception of one free access provider, all providers also registrated the telephone number the clients used to get access. This Calling Line Identification (CLI) is transferred automatically by the telephone company whenever a connection is made. However, users can switch off their CLI-number and ask the telephone company not to transfer the number. But one provider who is closelly linked with a telephone company, told Mac Gillavry that telephone companies can always trace down the CLI of a user, because it is always registrated in the phone central itself.

Two providers also took measures against 'spoofing'. In such a case, a user forges the IP-number which is in the header of email messages and changes the system time of the computer. If the police investigates these messages, all they have is a fake IP-number and a fake date and time, so it is merely impossible to trace the real user. To prevent this, the providers use so called X-tracing. The computer of the providers automatically fill in the real IP-number of an user in the header, and the correct time and date. A client cannot prevent this. In this way, a message contains the fake IP-number, as well as the correct IP-number.

According to the study, the Dutch providers legitimized their voluntary cooperation by saying that they did not want to give law enforcement 'a hard time'.