Hacking Techniques for Law Enforcement - A good idea or asking for trouble?
Mikko @ F-Secure made a post on their blog about whether or not law enforcement organizations should be permitted to utilize security tools and hacking techniques in investigations that got me thinking. To me the answer to this question is very clear -- NO WAY JOSE! -- not unless proper oversight can be implemented and safe guards to protect our privacy are devised. EFF, help us on this one!
Given that police have been abusing laws made to combat terrorism to violate the rights of US citizens that are not members of terrorist organizations, I think that opening the gates to allowing the use of hacking techniques and malware invites a whole host of other problems.
The first problem that I have with this is the cost of training. Will training police in computer security be cost-effective? I would be leaning more towards saying no. Learning security techniques is not something that they can create two week training courses on. Also, will the cost of providing advanced security training to police provide enough benefit to us to justify the spending?
The second problem that I have with this is the risk associated with police using these tools and techniques without proper understanding of the tools and their effects. Will Joe Blow Officer here in Phoenix know what he's doing or will he be damaging my server I have at home while he tries to install his spyware?
Another problem that I have with this is how will prosecutors be able to prove that the data collected by investigators hasn't been tampered with or fabricated. Without proper controls and oversight for these types of operations officers with an axe to grind will be able to go penetrate computers and plant fabricated evidence. Will companies be forced through legislation to preinstall the software onto computers prior to shipping them to consumers? and if so, will it be a felony to remove it?
Lastly, if we properly secure our systems against what I feel is a gross violation of my rights to privacy, will there be legal ramifications? Will I get sent to jail because I have a proper firewall and IDS? Will they 'disarm' us of security tools like Britain did to their citizens when taking firearms? Will security tools be outlawed without a license to own them? We need to think about things like this and tell our local government officials what we think before it's too late.
blog comments powered by Disqus