Dutch Gov't Has No Idea How To Delete Tapped Calls 186
McDutchie writes "The law in the Netherlands says that intercepted phone calls between attorneys and their clients must be destroyed. But the Dutch government has been keeping under wraps for years that no one has the foggiest clue how to delete them (Google translation). Now, an email (PDF) from the National Police Services Agency (KLPD) has surfaced, revealing that the working of the technology in question is a NetApp trade secret. The Dutch police are now trying to get their Israeli supplier Verint to tell them how to delete tapped calls and comply with the law. Meanwhile, attorneys in the Netherlands remain afraid to use their phones."
not afraid (Score:5, Interesting)
Lawyers aren't afraid at all to use the phone: If a tapped conversation between them and their client turns up later in court, their client usually walks.
Lawyer client privilege (Score:5, Interesting)
Re:Every knows (Score:1, Interesting)
Sounds more like they are 10 times more honest about it in The Netherlands than in the US.
Conspiracy theory (Score:5, Interesting)
It's a well-known conspiracy theory: that Mossad has created Telco front companies throughout the world to spy on other nations. See The Israeli Spy Ring [whatreallyhappened.com], which talks about the Fox News articles, and another typical story [counterpunch.org]. Of course, a conspiracy theory doesn't make it true...
What then do you call Law Society members? (Score:4, Interesting)
However, your post is utterly uninformed. Solicitors advise clients on law in lower courts. In higher courts barristers will more usually do the work. Commercial clients who don't like solicitor's advice will frequently try to get advice from a QC - a senior barrister - in the hope it will persuade their boss to go on with the case, hence my father's oft-repeated comment to clients "You can have counsel's opinion and it'll cost you £30000, or you can slip me £15000 and I'll tell you that it's 50-50 for half as much."
Re:Delete, Remove, & Drop (Score:1, Interesting)
I would set it up so that when a piece of data is added to the system, it's signed with the investigator's private key and then the file, the signature, and a timestamp are in turn signed by a private key on a central server. With these signatures you can verify in court that a piece of evidence was uploaded by someone with a particular investigator's credentials and that it was uploaded at a particular time (at least, unless someone had access to the central server to modify it, but the central server should presumably be secure).
With a system like that in place, allowing deletion shouldn't allow other modifications to the data. Furthermore, you could design it so that a delete command requires a judges credentials and leaves an audit trail showing the command to delete was signed by a judge.
Re:Lawyer client privilege (Score:3, Interesting)
Re:Lawyer client privilege (Score:1, Interesting)
in the UK if the client tells the lawyer that he did do it, he has to either find a new lawyer or agree to plead guilty and present mitigating circumstances. A lawyer is not allowed to tell actual lies in court.
That is quite bizarre. A lawyer telling lies is quite different from pleading not guilty.
Not guilty isn't a statement, it is a challenge to prove your case. Otherwise every criminal who pled not guilty would be guilty of perjury when they were eventually convicted.
And if the authorities have minimal evidence against you, you CAN tell your lawyer that you did it. Your lawyer isn't allowed to lie in court, but they are allowed to point out flaws in the prosecutor's case, like the evidence was gathered illegally.
I remember a lawyer's lecture where he said, "I'm sure that 90-95% of my clients are guilty. But I don't know which ones are guilty are which are innocent."
Re:Delete, Remove, & Drop (Score:4, Interesting)
If they can figure out a way to delete a 'prohibited conversation' they could theoretically modify the data too.
Technically there is no need to make the conversations themselves immutable. You just need to be able to verify that the recording you have is the one which was originally recorded. A one-way hash can serve this purpose. For each recording, store the conversation itself in an erasable/mutable medium, but record a hash of the conversation in append-only storage (with multiple distributed backups). If you need to show that the recording is legit, compare it with the hash. If you need to delete something, record the deletion in the append-only medium and then remove it from the mutable storage. The hash will remain, but you can't use the hash to obtain information about the conversation without the original recording.
Bonus: You can recognize unauthorized deletions by comparing the mutable and immutable records.