Worried About Spying? It's Not Just the NSA Anymore

Impact

Aug. 3, 2013

Law-enforcement officials are expanding the range of methods and means they use for surveillance purposes. Now they are using tools routinely used by computer hackers while engaging in criminal acts. Federal agencies have largely kept quiet about these capabilities, but court documents and interviews with people involved in the programs provide new details about the hacking tools, including spyware delivered to computers and phones through email or web links. Such techniques are more commonly associated with attacks by criminals than surveillance conducted by law enforcement agencies.

According to a Wall Street Journal report, the FBI hires people with a know-how of hacking and these people in turn purchase hacking tools and use them for surveillance at the behest of the FBI. Most alarmingly, the FBI can now remotely activate microphones in Android devices. Once activated, the bureau can record conversations without the device's owner knowing. Apparently this tool can do the same thing with laptop microphones.

With all the hurly-burly surrounding the NSA’s surveillance mechanisms, now the FBI is facing criticism for doing the same. The sheer secrecy of the programs maintained by the authorities and their continuous lethargy in making any effort to comment on the allegations is only leading to more controversy and more public disapproval. The authorities need to clarify once and for all precisely what criteria and protocols are used to deem somebody a legitimate target for surveillance, how these standards are maintained, and what steps can be taken for greater accountability.

The bureau typically uses hacking in cases involving organized crime, child pornography, or counterterrorism, a former U.S. official said. The use of such surveillance methods has increased as the number of criminals using new communications technology and encryption tools has increased. Since 2005, the FBI has been using "web bugs" that can gather a computer's internet address, lists of programs running, and other data, according to documents disclosed in 2011. The FBI used that type of tool in 2007 to trace a person who was eventually convicted of emailing bomb threats in Washington, for example.

A search warrant would be required to get content such as files from a suspect's computer, said Mark Eckenwiler, a senior counsel at Perkins Coie LLP who until December was the Justice Department's primary authority on federal criminal surveillance law. Continuing surveillance would necessitate an even stricter standard, the kind used to grant wiretaps.

But if the software gathers only communications-routing "metadata," like internet protocol addresses or the "to" and "from" lines in emails, a court order under a lower standard might suffice if the program is delivered remotely, such as through an internet link. That is because nobody is physically touching the suspect's property, he added.

The FBI has long used the aforementioned Washington bomb threat case as a means of justifying its actions. It has also diverted general criticism upon the issue of surveillance as an invasion of privacy by sticking to the claim that a case-by-case examination is more pertinent as some cases demand a stricter surveillance system in place.

Still, as civil-liberties advocates have repeatedly said, there should be clear legal guidelines to ensure hacking tools aren't misused. If the authorities are so sure that they are not in the wrong by using such methods they should have no trouble making their system public in a way that does not compromise their effectiveness.