November 25, 2024

Dutch Officials Widen Inquiry Into Hacking

The Dutch government said Tuesday that it was widening its investigation into an Internet security breach in an effort to learn whether the private data of Dutch citizens, many of whom file income tax returns online, had been compromised.

The Dutch data protection agency has asked the government security contractor at the center of the controversy, DigiNotar, to report whether the integrity of special digital certificates that guarantee the authenticity of interactions with government computers had been breached.

“We are hoping to receive an answer from DigiNotar within a few days,” said Harriet Garvelink, a spokeswoman for the agency in The Hague, who said the request was made Friday.

The hacking scandal in the Netherlands, one of the most digitally advanced countries in Europe, erupted last week when DigiNotar disclosed that hackers had broken into its systems in July and issued fraudulent digital certificates, which are used to verify the authenticity of Web sites. An independent report released Monday traced the origin of the breach to Iran.

“DigiNotar found evidence on July 28th that rogue certificates were verified by Internet addresses originating from Iran,” said the report prepared by Fox-IT, a company hired by the government to investigate the breaches.

Google said last week that users of its services “primarily located in Iran” may have been affected by the use of fraudulent certificates issued by DigiNotar. These could allow a hacker to intercept information moving between a user and a service like Gmail that appeared to be secure.

The Fox-IT report said that DigiNotar discovered 333 fraudulent “rogue certificates” circulating from July 19 to July 28, many of which were for the sites of major Internet companies. The company subsequently revoked and invalidated the certificates.

The Dutch interior minister, Piet Hein Donner, told members of Parliament on Tuesday that the government so far had no evidence that the hackers had used the certificates to obtain the personal information of Dutch citizens from government sites.

Vincent van Steen, a spokesman for Mr. Donner, said the interior ministry was working to learn more about how the intrusion occurred and how to prevent a future attack. “This matter shows us how vulnerable we are,” Mr. van Steen said.

Several security experts have speculated that the Iranian government may have orchestrated the hacking, which would have required the control of an Internet service provider, to spy on dissidents. The Iranian government has not commented on the situation.

DigiNotar, a unit of the American company Vasco Data Security International, has been criticized by Dutch lawmakers for not immediately informing the government of the certificate theft. Dutch prosecutors told The Associated Press on Tuesday that they were investigating DigiNotar for possible criminal negligence.

Vasco said in a statement that it was cooperating with the Dutch government.

Article source: http://www.nytimes.com/2011/09/07/technology/dutch-widen-probe-into-hacking-of-official-sites.html?partner=rss&emc=rss

On Its Own, Europe Backs Web Privacy Fights

Among them was a victim of domestic violence who discovered that her address could easily be found through Google. Another, well into middle age now, thought it was unfair that a few computer key strokes could unearth an account of her arrest in her college days.

They might not have received much of a hearing in the United States, where Google is based. But here, as elsewhere in Europe, an idea has taken hold —individuals should have a “right to be forgotten” on the Web.

Spain’s government is now championing this cause. It has ordered Google to stop indexing information about 90 citizens who filed formal complaints with its Data Protection Agency. The case is now in court and being watched closely across Europe for how it might affect the control citizens will have over information they posted, or which was posted about them, on the Web.

Whatever the ruling in the Spanish case, the European Union is also expected to weigh in with new “right to be forgotten” regulations this fall. Viviane Reding, the European Union’s justice commissioner, has offered few details of what she has in mind. But she has made clear she is determined to give privacy watchdogs greater power.

“I cannot accept that individuals have no say over their data once it has been launched into cyberspace,” she said last month. She said she had heard the argument that more control was impossible, and that Europeans should “get over it.”

But, Ms. Reding said, “I don’t agree.”

On this issue, experts say, Europe and the United States have largely parted company.

“What you really have here is a trans-Atlantic clash,” said Franz Werro, who was born and raised in Switzerland and is now a law professor at Georgetown University. “The two cultures really aren’t going in the same direction when it comes to privacy rights. “

For instance, in the United States, Mr. Werro said, courts have consistently found that the right to publish the truth about someone’s past supersedes any right to privacy. Europeans, he said, see things differently: “In Europe you don’t have the right to say anything about anybody, even if it is true.”

Mr. Werro says Europe sees the need to balance freedom of speech and the right to know against a person’s right to privacy or dignity, concepts often enshrined in European laws. The European perspective was shaped by the way information was collected and used against individuals under dictators like Franco and Hitler and under Communism. Government agencies routinely compiled dossiers on citizens as a means of control.

Court cases over these issues have popped up in many corners of Europe.

In Germany, for instance, Wolfgang Werlé and Manfred Lauber, who became infamous for killing a German actor in 1990, are suing Wikipedia to drop the entry about them. German privacy laws allow suppression of criminal identities in news accounts once people have paid their debt to society. The lawyer for the two killers argues that criminals have a right to privacy too, and a right to be left alone.

Google has also faced suits in several countries, including Germany, Switzerland and the Czech Republic, over its efforts to collect street-by-street photographs for its Street View feature. In Germany, where courts found that Street View was legal, Google allowed individuals and businesses to opt out, and about 250,000 have.

The issue, however, has had no traction in the United States, where anyone has the right to take pictures of anything in plain sight from the street.

Google declined to discuss the Spanish cases, instead issuing a statement saying that requiring search engines to ignore some data “would have a profound chilling effect on free expression without protecting people’s privacy.”

Rachel Chaundler contributed reporting.

Article source: http://feeds.nytimes.com/click.phdo?i=a1205114951fcadc930ddca1806dfb8f