Skip to navigation
Latest News

Antivirus firms "won't co-operate" with PC-hacking police

handcuffs on a keyboard

By Nicole Kobie

Posted on 3 May 2013 at 15:49

Dutch police are set to get the power to hack people's computers as part of investigations - but antivirus experts say they won't help police reach their targets.

A bill before the Dutch government will give police the power to hack computers, read email and other files, and install spyware, according to the BBC. It would also give police the power to legally hack into overseas servers, if they were part of a denial-of-service attack, for example.

Mikko Hypponen, chief research officer at F-Secure, said such requests won't only come from Dutch police, as authorities in other countries will increasingly ask for such powers - not least as most investigations already involve looking through smartphones or PCs.

"This isn't going to go away, it's only going to get more and more important. All countries will be wanting rights and regulations," he told PC Pro. "But the Dutch already had an unusually strong powers for the local police. They seem to be the forerunners in Europe, in how much rights police have to fight crime."

Hypponen said it's understandable why police want such powers, and admitted few would complain if it's used sparingly and only against guilty parties. However, there's no question that innocent people would get caught up in police investigations, making transparency key.

"They should have to have serious enough crimes to even request such strong tools to be used," he said. "And then, they should have to get a judge or court order, and even more importantly, they should afterwards make public how many citizens were hacked, and how many turned out to be guilty or innocent."

That last point is the most important, Hypponen said. "This is the key thing: if the police hack into your systems, the public needs to know," he said, calling for police to disclose what type of crimes the powers are used on, whether the police were successful in their hacking, and whether the targets turned out to be guilty or innocent.

He doesn't see such investigative hacking powers leading to an "arms race" between police and criminals, but between police and all citizens. "There will be guilty citizens and innocent citizens, and they will both be wanting to keep malware away from their computers."

That raises a problem for antivirus firms like his own, with antivirus firms potentially asked to cooperate with authorities to let an attack reach the target. So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request, and said his own firm wouldn't want to take part. Purely for business reasons, it doesn't make sense to fail to protect customers and let malware through "regardless of the source".

Bounty hunters

Whether police have the skills to successful hack into computers isn't clear, but Hypponen said it wouldn't be ideal for them to outsource such tasks. However, it's likely police would follow the lead of other government agencies - such as intelligence and security - and buy vulnerabilities from third-party firms.

"It’s not just government in this picture," he said. "Many of the exploits being stockpiled are actually being developed by third parties, such as defence contractors or private companies looking for vulnerabilities." And they, of course, have no motivation to hand flaws in software over to the affected companies.

"I don’t like this development in general," he said. "It used to be black and white. If you were breaking into systems, you were the bad guy – you were the evil one. Now, over the past five years, the situation is changing very rapidly, with governments entering the picture."

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

He is right...

If an AV company co-operated with the police and it came out, they would be out of business inside a week!

By big_D on 3 May 2013


" and admitted few would complain if it's used sparingly and only against guilty parties"

So they would only be able to use the powers AFTER the case has gone to court.

Seems a little pointless.

By qpw3141 on 3 May 2013

Not subject to Dutch law

Another thing to note is that because NONE of the antivirus companies are headquartered in the Netherlands, they are NOT SUBJECT to Dutch laws. So there is no way the Dutch police could force any anti-virus firm to cooperate.

Becuase F-secure is in Finland they are only subject to Finnish law, and NOT SUBJECT to Dutch laws. The Dutch police have no jurisdiction in Finland.

By AlphaCrucisRadio on 5 May 2013

This isn't going to happen

Way too many privacy issues and international questions. I don't think any av firm will cooperate. One comment above is inaccurate. AVG Technologies is headquartered in the Netherlands. If a suspected crime were taking place within a given country, and the individual was operating in that country, you could argue that this was like a wire tap.

By ckensek on 7 May 2013


The idea of local Police needing these kinds of powers seems a little odd.

Surely the type of crimes where these steps are required should be covered at the new Europol Cybercrime EC3 division.

Going above that the CIA et al have been on with this for decades, with backdoors into everything from AOL, Windows, Firefox, etc. etc.

By Gindylow on 7 May 2013

Leave a comment

You need to Login or Register to comment.



Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing


Sponsored Links

Your email:

Your password:

remember me


Hitwise Top 10 Website 2010

PCPro-Computing in the Real World Printed from

Register to receive our regular email newsletter at

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.