On 21 December 2018, Privacy International, together with the American Civil Liberties Union and the Civil Liberties & Transparency Clinic of the University at Buffalo School of Law, filed a lawsuit demanding U.S. federal law enforcement and immigration authorities turn over information about the nature and extent of their hacking activities.
The lawsuit was filed against 11 federal agencies, including the FBI, U.S. Customs and Border Protection, Drug Enforcement Administration, and ICE. We are requesting these agencies disclose what hacking tools and methods they are using, how often such tools and methods are used, the legal interpretations used to justify hacking, and any internal rules and protocols that govern this intrusive practice.
Recent reports indicate the government is increasingly deploying powerful hacking tools to conduct criminal and immigration investigations. The tools often take advantage of security vulnerabilities in everyday personal devices, including cell phones and laptops.
In many instances, hacking involves installing malicious software on a target device, which then sends information back to law enforcement or allows agents to control the device. For example, some hacking tools allow a government agent to activate a device’s camera and microphone, to log keystrokes, or to otherwise remotely control a device’s functions. Crucially, hacking is often conducted without users being aware that they are being searched or surveilled by authorities.
Hacking tools and services are increasingly widespread and commercially accessible. U.S. federal agencies have already spent millions of dollars on hacking. The DEA, for example, has reportedly spent almost $1 million on hacking technology sold by the Italian surveillance technology company, Hacking Team, and was reportedly in discussions with another company, NSO Group.