In the physical world, a police officer has the power to detain suspects for 24 hours, search their bodies for evidence, search their houses for evidence, use violence against suspects if they don't comply with orders and even shoot them in certain circumstances, Oerting said. "We accept this because we have a transparent system, we have rules and we have the rule of law."
Why is it, then, that if they do some of those same things on a computer, it suddenly becomes such a big privacy issue and those actions should be banned? he asked. "I think that we need to have a balance between privacy, which I think we should respect, and anonymity, which I think is dangerous."
Lawful interception and intrusion, done in a very strict and transparent manner, will be necessary because in many cases cybercriminals will not be from neighboring countries and may not even be from the European Union, Oerting said. "They will be from areas where it will be very hard to gather evidence from, and we might not even be able to call the police force that has the capacity to help us."
Oerting warned against drawing comparisons between the alleged hacking activities of national intelligence agencies such as the U.S. National Security Agency and lawful intrusions conducted by the police, arguing that unlike intelligence services, police forces operate in a much more transparent manner and have better oversight.
Bart Jacobs, a professor of computer security at Radboud University Nijmegen and member of the Dutch National Cybersecurity Council, told the panel he is concerned about the privacy implications of the Dutch legislative proposal, but more fundamentally about how it will affect the integrity of the legal process.
Police should follow technological advances, but not everything that is technologically possible should be done by a technologically advanced society, he said. "For example, in the Netherlands we have the technological capability to build nuclear weapons, but we choose not to do it."
If police officers enter someone's computer, the distinction between passive and active actions they take on that computer is difficult to draw, Jacobs said. Every lawyer defending a suspect accused of a crime based on evidence obtained through such lawful computer intrusion could argue that the evidence was planted there, and it would be difficult for the police to defend themselves against such accusations, he said.
When police are doing roadside checks for speeding cars, those are passive measurements, but when they intrude into a computer, they can do whatever they want, Jacobs said. "Theoretically, by simply being on a computer, you've changed the log files, so that's no longer passive."
"We should think hard about this before we go down this road, because it will complicate the legal process in a very serious way," he said.
Sign up for CIO Asia eNewsletters.