Over on Wired, Kim Zetter reviews what’s been revealed in court cases and the media about how the FBI hacks individuals’ computers. Some of the names and cases may seem familiar to you, like Carnivore and Magic Lantern, and more recently, the PlayPen operation, but as Kim rightly notes, there’s more that we don’t know than we do know:
For example, what exactly is the government doing with these tools? Are they just grabbing IP addresses and information from a computer’s registry? Or are they doing more invasive things—like activating the webcam to take pictures of anyone using a targeted machine, as they sought to do in a 2013 case? How are the tools tested to make sure they don’t damage the machines they infect? The latter is particularly important if the government installs any tool on the machines of botnet victims, as the recent Rule 41 changes suggest they might do.
Do investigators always obtain a search warrant to use the tools? If yes, do the spy tools remain on systems after the term of the search warrant ends or do the tools self-delete on a specified date? Or do the tools require law enforcement to send a kill command to disable and erase them? How often does the government use zero-day vulnerabilities and exploits to covertly slip their spyware onto systems? And how long do they withhold information about those vulnerabilities from software vendors so they can be exploited instead of patched?
Read more on Wired.
Realistically, there’s no way we will ever know all the tools and methods the FBI uses – at least until such methods are long-retired. Nor would most people want such full disclosure and transparency if it would hamper law enforcement from going after “the bad guys.” The problem, as always, stems from abuses and over-use. If the FBI were really held to getting probable cause warrants before such techniques could be used, and if ISPs were able to notify their users at some point instead of being gagged, would you still be as concerned? I suspect some of my readers would be, but that the majority of Americans might think that as long as such protections were in place, it would be a “reasonable” balance.