Government Hacking Tools Drive Records Demand

(CN) – Suing nearly a dozen federal agencies on Friday, four privacy groups want law enforcement to open up about the hacking tools and methods used in investigations.

“Government hacking presents unique and grave threats to our privacy and undermines the security of our devices,” Scarlet Kim, the legal officer for the U.K.-based charity Privacy International, said in a statement. 

“If the FBI can get into our phones and laptops, so can scammers or foreign adversaries,” Kim continued. “The public has a right to know how and how often the government is exploiting security holes in our personal devices to access intimate information about us or surveil us, often without our knowledge.”

Filed Friday in Buffalo, the 32-page complaint points to a Nov. 26 report titled “The FBI Created a Fake FedEx Website to Unmask a Cybercriminal.”

Vice reported in the article that the FBI snared a scammer last year with a booby-trapped Word document that revealed the perpetrator’s IP address when opened.

Privacy International and its co-plaintiffs, the American Civil Liberties Union, the ACLU Foundation, and the Civil Liberties and Transparency Clinic at the University at Buffalo School of Law, note that federal investigators have other hacking tools at their disposal.

“For example, one technique, commonly known as a ‘watering hole attack,’ involves commandeering and reconfiguring a website or internet service in order to deliver software to any device visiting the site,” the complaint states. “The FBI is known to have deployed this kind of attack on at least two occasions in order to surreptitiously gather information from infected computers and send it back to the FBI.”

The ACLU says that U.S. government agencies spend millions on the latest hacking tools, with the Drug Enforcement Agency paying nearly $1 million to the Italian surveillance company Hacking Team.

Immigration and Customs Enforcement and the FBI have paid at least $2 million apiece to the Israeli surveillance company Cellebrite, according to the complaint.

The privacy groups contend that such law enforcement techniques present a “unique threat to individual privacy.”

“Hacking can be used to obtain volumes of personal information about individuals that would never previously have been available to law enforcement,” the complaint states. “Devices like cell phones and laptops store vast amounts of vital and extraordinarily sensitive information: detailed location records, intimate details of private communications, logs of everything that a person has read, written, or seen online, financial information, health information, and more. The notion that the government can access and obtain all of this information quickly and easily simply by running software on a person’s device — and that it can even do so remotely and surreptitiously — represents a remarkable expansion of the government’s surveillance powers.”

In September, the privacy groups filed Freedom of Information Act requests to seven law enforcement agencies and four inspectors general overseeing them, but the agencies and watchdogs allegedly withheld records.

The defendants include the FBI, Drug Enforcement Administration, Immigration and Customs Enforcement, Customs and Border Protection, Internal Revenue Service, and U.S. Secret Service. The inspectors general named in the lawsuit watch over the Department of Justice, Department of Homeland Security, Department of the Treasury, and the Treasury Department’s office of Tax Administration.

Jonathan Manes, an attorney with the Civil Liberties and Transparency Clinic, signed the complaint.

The Department of Justice did not immediately respond to a request for comment.

%d bloggers like this: