The FBI should have the legal authority to hack into suspects’ computers and smartphones if, for no other reason, hacking is less intrusive than other methods of scooping up data, some legal experts now argue.
With FBI Director James Comey and other Obama administration officials pushing in recent months for access to encrypted data on smartphones, targeted hacking by the FBI and other law enforcement agencies may be “the least crazy option,” said Robert Knake, a former director of cybersecurity policy at the U.S. National Security Council.
A targeted, court-supervised hacking program at the FBI would be better for privacy than mass surveillance programs or the government-mandated encryption backdoors for which Comey has seemed to push, Knake said Tuesday at the Computers, Freedom, and Privacy Conference near Washington, D.C.
“There are real threats,” said Knake, senior fellow for cyberpolicy at the Council on Foreign Relations. “We do need to have intelligence capabilities. We live in a world where we can’t say we don’t need or want these capabilities.”
The FBI is already in the hacking game. The existence of a hacking team at the agency was reported in 2013, though the agency has been mum about the unit’s mission and authority.
“Hacking is too dangerous for law enforcement to use.” — Chris Soghoian, senior technologist at the American Civil Liberties Union
Law enforcement hacking teams are a terrible idea for several reasons, countered Chris Soghoian, senior technologist at the American Civil Liberties Union. Among his questions: Which courts will decide which hacking techniques are legal and whom can be targeted? Will thousands of state and local police departments start hacking computers? Can the government guarantee that those hacking techniques won’t be leaked to cybercriminals?
“Hacking is too dangerous for law enforcement to use,” Soghoian said. “Hacking is so sensitive, so intrusive, yet also so prone to abuse, that it should not be used.”
Knake suggested that opponents present government hacking as an alternative to the “worst evil” of encryption backdoors.
But the FBI is unlikely to end its quest for encryption work-arounds, even with a formal hacking program in place, Soghoian said.
“What about [another] option: living in a world where police are unable to spy into people’s bedrooms?” Soghoian added. “Crazy idea, right?”
Instead of defeating technologies, law enforcement agencies should put more resources into old-fashioned police work, like tailing suspects, suggested Ross Schulman, senior policy counsel at the New America Foundation’s Open Technology Institute.
But in cases where police cannot gather evidence against criminals in other ways, a court-supervised hacking program may be necessary, Schulman said.
While the FBI may still argue for encryption backdoors, a formalized hacking program would allow legislators and privacy advocates to argue against the agency’s contention that it doesn’t have the tools necessary to collect digital evidence, he said.
“I want to make sure that the availability of strong cryptography is maintained, and the government’s ability to do mass surveillance is curtailed,” Schulman said. “It seems to me, at least for the moment, that the way to make that happen is through strongly restricted, but available to hack, individual devices by the government.”