original (dutch) letter on http://wordpress.metro.cx/2011/09/15/brandbrief-ict-overheid/
translated via google translate
urgent letter from National hacker community on government IT security
Just below is urgent letter to the Round Table of the House Committee on NASA awarded. The hacker spaces and organizations in the Netherlands speak here specifically about the lack of awareness of ICT security in the Dutch government. The letter was drafted and signed by all Dutch hacker spaces and three Dutch organizations that the hacker community together. The fire also sent a letter to the national media. We hackers are simply tired of repeatedly having to learn that in the implementation of large IT government systems childish mistakes are made that affect the privacy of citizens and sometimes even risk to human life suffers.
The united Dutch hacker spaces and organizations
PO Box 503
2501 HJ Den Haag
To: Members of the Committee on Internal Affairs of the House of Representatives
Subject: urgent letter from National hacker community on government IT security
The Hague, 15 September 2011
Dear members of the permanent Parliamentary Committee NASA,
The Dutch hacker community, represented by the undersigned
organizations, is concerned about the security of ICT systems
Dutch government. Again and again we see how basic security principles
not be applied within existing and new IT systems.
Recent examples include the issue Diginotar and SSL certificates,
OV-chip card, electronic patient records (EPR) and many others
systems and environments. We have an extensive list of examples of
government systems containing personal data or personal questions
citizens that the security is not in order.
These are not complicated hacks, but mistakes uneducated
could exploit. This is standard software available on the Internet.
These basic security principles are not structurally
applied and a blind faith in technology, based on insufficient understanding
the risks. Audits and certifications are paper tigers. It is
sufficiently looked at the systems themselves and blindly relied on statements
example of the developers.
It is not enough to test whether the promises of ICT companies hired
government are realistic and met. Adequate protection of
databases containing personal data is not sufficiently ensured. There is no
thinking about possible abuse of new systems. At the same time to
government-related bodies such as the Data Protection
(CBP) and GOVCERT not sufficiently involved in ICT projects.
The hacker community is moved these items to denounce.
However, there is currently a climate in which the messenger
punished and the relevant departments and businesses are not accountable to
are called. We are therefore reluctant to share information about
these vulnerabilities.
We are concerned about the fact that the vulnerabilities are so elementary
, that it is virtually certain that these are people with bad intentions
awareness and exploit these mistakes. As the recent issue with the
Iranian government has shown. We therefore call on the issue
Diginotar as incident, but as a symptom of a lack of
monitoring the security of ICT systems in government. It is time for the
Members of the House, those who represent the people, believed to be
the people to guard against such mistakes, realize that there
is a structural problem.
The Dutch hacker community has the knowledge and skills with
regarding the above issues, and shares this love with
Representatives.
Sincerely,
Koen Martens
On behalf of the united Dutch hacker spaces and organizations:
Foundation Hack42 Arnhem
ACKspace Foundation, Heerlen
Foundation TkkrLab in Enschede
Bitlair Foundation, Amersfoort
Revelation Space Foundation in The Hague
Random Data Foundation in Utrecht
Frack Foundation in Leeuwarden
Sk1llz Foundation in Almere
Foundation eth0
2600nl.net
Foundation HXX