Dutch Gov't Has No Idea How To Delete Tapped Calls

McDutchie writes "The law in the Netherlands says that intercepted phone calls between attorneys and their clients must be destroyed. But the Dutch government has been keeping under wraps for years that no one has the foggiest clue how to delete them (Google translation). Now, an email (PDF) from the National Police Services Agency (KLPD) has surfaced, revealing that the working of the technology in question is a NetApp trade secret. The Dutch police are now trying to get their Israeli supplier Verint to tell them how to delete tapped calls and comply with the law. Meanwhile, attorneys in the Netherlands remain afraid to use their phones."

So many telcos

[AHuxley]

Use Israeli telco supply firms for outsourced backend billing and interception.
Fox new did a report on it
http://www.youtube.com/watch?v=kle7ZgmFcpQ [youtube.com] (pt 1)
http://www.youtube.com/watch?v=ZeaXlrldqwo [youtube.com] (pt 2)
Why or how so many national telcos let interception drift away from core in house responsibilities is just strange.
If your an attorney and your client is literate, buy a note pad, write out your work, read and then destroy (with a few pages under the written page too).
With fusion centres in the US and any suspect now a "terrorist" most of the attorney client privilege protection is getting blurred.

any slashdot reader surprised?

[kubitus]

Israels IT industry is world champion in wiretapping everything.

And I am not sure if they are interested in having tapped calls deleted

I mean really deleted!

Re:Every knows

[Anonymous Coward]

Whatever his mental state, according to the official numbers (which don't include the secret service) in the Netherlands the number of wire taps is over 10 times that of the number in the US and we've only got 15 million people...

Re:No joke, it's hard

[petrossa]

And, the Netherlands have about the most all encompassing citizens database on the globe. So all data is cross referenced all over the place amongst databases of all civil governmental and semi-governmental agencies . It's so vast that indeed it's not only hard, but virtually impossible to remove data completely. As an example: The colour, structure and density of pubescent children is stored. All this data is directly accessible via the misnomed 'Citizen Service Number'. We dutch tend to call it the 'Citizens Spying Number'.

Re:No joke, it's hard

[Sycraft-fu]

I think what it is easy to forget as geeks is just how hard everything works to keep data. All our technology is designed around the assumption that you never want to lose any data. Thus completely removing it gets harder all the time.

As another example snapshot backups are now real common. NetApps can be configured, and often are, to take periodic snapshots of your data. That way, if something is accidentally deleted or modified, there are point in time shots to go back to. Likewise Windows Vista and 7 now keep revisions of files automatically. If you change a file, a new version is written and the old one is kept, by default, so long as there's free space on the drive.

Now none of this is stuff you can't turn off or remove but it is all stuff that adds to the complexity. Just deleting the file, and even overwriting it, doesn't necessarily do it. The computer may still have a copy. It is designed such to try and keep you from losing your data accidentally.

None of this is to excuse the government, if they have a requirement to delete these things they need to work out a way to do so, however that doesn't mean I don't sympathize with the problem. It isn't trivial to ensure all copies have been delete and have been done so in a provable fashion.

This is why when we surplus old computers, the harddrives never go with. They are taken to be wiped and/or destroyed later. We are just not interested in screwing around with making sure the data is gone and then screwing that up. Instead a simple visual inspection tells you there is no data (since there are no drives).

Dutch justice...

[AlXtreme]

Over the past few years quite a few criminal cases were lost exactly because of this problem. In Amsterdam a huge case against Hell's Angels [www.nos.nl] went south in 2007 (everyone was set free) because they didn't destroy tapped recordings with attorneys. Last year it happened again [www.nos.nl] (dutch links, sorry).

I hope someone got canned because of this, but given our incompetent justice department I really can't see that happening. Phone tapping has reached epidemic proportions over here (highest number of taps per person in the western world), as it's much easier than actually investigating a case based on given evidence.

Funny that this is the second article on our incapable justice system within a day on /., go us \o/

Re:not afraid

[dajak]

The conversation between lawyer and client may be confidential, but the extent of the protective perimeter you set up around it is a practical matter.

You may declare prison and law office phones sacred altogether in order to make sure you don't record such conversations, missing a lot of useful conversations, but if you don't, you will have to listen to the conversations to establish, firstly, that it is a confidential conversation, and secondly, that the recording doesn't contain parts you presumably may use (for instance the lawyer dictating something to a secretary in the background).

Dutch practice is that you may not use or store it in principle but you may listen to the recording and store it until you did. After that, you have to destroy it, and the suspicion is now that the system only deletes it.

Having said that, this whole thing became an issue after it was discovered confidential phone conversations were actually copied to DVD by the police in one high profile case, which is indeed outrageous.

I have designed systems just like this

[Anonymous Coward]

Once the data is written, it can not be modified or deleted. Now, the reasoning behind this is so the police can not digitally manipulate the timestamps or data in any way. This is to protect the integrity of the data so it can withstand legal challenges.

The way (the only way) to remove protected data from this class of enterprise storage system is to copy off all data except the data you need to delete/destroy, bring the vendor in to do what is essentially a low-level reformat of the entire enterprise storage system and then copy back the subset of data that was saved. Is it expensive? yes. Is it time-consuming? Double yes. Is it a major PITA? Triple yes, because of all the paperwork and manual effort you have to do to retain the chain of custody for the evidence data that you're taking through this process. DOES IT ACHIEVE THE LEGALLY-REQUIRED RESULT? YES.

Deleting and modifying are two distinctly separate things. It shouldn't be a problem for a system to allow deletions but not modifications.

Combined with proper backups and auditing, that should be sufficient to retain the legal value of any digital data.

Tell that to O.J.'s lawyers and anybody else who wants to claim, or actually believes, that the police might want to tamper with evidence to frame them. Or tell that to all the commentators on fark who are certain that the police would delete evidence to help protect one of their own. You should understand that these kind of enterprise storage systems that protect data from any kind of tampering (and "losing" data is a kind of tampering) even by system administrators are intended to be used in lieu of mountains of WORM media. When you've properly designed for their use they offer a worthwhile benefit.

It's hard to be sure because I don't read dutch, but it may be that the designers of this Dutch system botched it. The system should have had the Verint recording software tag recordings with a limited duration retention flag at the time the recording is made and then required human intervention to mark for longer retention any specific recordings that can and should be held on to. That partially re-opens the window for "losing" data, but that is necessary to allow legally-required data to be deleted.

Now if you want to tie the whole discussion back to rights in the U.S. ... how many police departments do you think actually have the technological ability to "purge" juvenile records? (hint: not that many) Of those which do, how many do you think actually know how to use that ability?

Re:Lawyer client privilege

[Hognoxious]

I don't know if the law is different in the Netherlands

Since most of mainland Europe uses the Napoleonic legal system then yes, it is.

A lawyer is not allowed to tell actual lies in court.

Apart from summing up[1], lawyers[2] ask questions which by definition are neither true nor false. It's witnesses who answer them, under oath.

[1] And from what I've seen, they always talk in a strange indirect manner - "we have shown that...", "if foo then you must acquit", "witness X's testimony is unreliable" etc. They never actually say that he did or didn't do it.

[2] Using that as a blanket term, since solicitors can sometimes appear in court now.

Re:Lawyer client privilege

[Bredero]

Well obviously the law is different since it is a different country. In the Netherlands talks between clients and their lawyers are private (dutch: beroepsgeheim; lit. professional secret). This obligates lawyers to secrecy and they do not have to incriminate their clients even in court. This means that the defendant, their next of kin and his or her lawyer do not have to testify. A similar secrecy obligation applies to healthcare professionals for obvious reasons.