Earlier this week Spain’s new Criminal Procedure Act came into force. Although this is an update to an old law from 1882, it legalizes the use of some of the most modern digital snooping techniques around, as an article in El País explains (original in Spanish). For example, one option under the new law is to install malware on a suspect’s devices, a really bad idea we warnedtwo years ago might happen. The new law specifies that surveillance can be carried on equipment used habitually or occasionally by a suspect, but does not clarify what happens with networks or a shared family computer. The Spanish police will also now be able to deploy undercover agents online who can interact with other users, and record their conversations, even if those take place with members of the public in their own homes.
The new powers generally require judicial authorization, and the exact nature of the permitted surveillance will depend on the seriousness of the alleged crime. But the law also allows the Spanish Interior Minister and, in her or his absence, the Secretary of State for Security, to grant permission to the police to snoop on private communications in an “emergency”, or when the alleged crimes relate to terrorism or armed groups.
Such permission must then be quickly confirmed or revoked by a judge, but in the latter case, there’s a nasty twist in the new law. Even though the police would be unable to use in court any evidence they found…