While the FBI and other security agencies claim that encryption is preventing law enforcement officials from doing their jobs, they actually have a proven method to get around encryption. That method is good old-fashioned hacking.
The practice is perfectly legal for law enforcement officials when they have a warrant.
Officials are able to hack into encrypted devices by installing viruses and malicious codes onto the devices of their suspects. Once they have hacked the device, they are able to access communications that were previously encrypted, or protected.
Security officials do not like mentioning their ability to hack for two reasons. For one, hacking takes a considerable amount of effort. The process is slow and tedious. Weakening encryption would make the process of obtaining information much easier.
Secondly, confessing to the public about their use of legalized hacking makes the officials look bad.
However, security officials don’t deny the benefits of hacking. Executive director of the FBI’s Science and Technology branch recently said that hacking might be something for them to consider.
While the cases of hacking by the government are few and far between, they do exist.
One high school student in Lacey, WA who was making repeated bomb threats in 2007 was legally hacked by FBI agents in order to reveal his identity.
Another case occurred in 2013, when the FBI tricked alleged viewers of child pornography into exposing their personal information. However, many of these accused individuals were innocent, having never intentionally looked at the content.
The practice even goes back to 2001 when the FBI hacked into the computer of Nicodemo Scarfo Jr. in order to spy on the American Mafia.
The FBI has its own brand of malware. It is known as the Computer and IP Address Verifier (CIPAV). The malware is able to obtain valuable information about any device that accesses the internet, such as its browser activity, IP address, operating system, and more. The FBI also makes use of hacking applications, such as one called Metasploit.
The government has even worked malware developers, including the Hacking Team, a controversial Italian company that develops viruses.
Recently, a working group of the Obama administration that was examining different methods of unlocking encrypted devices proposed the idea of installing malware onto the devices of suspects through automatic updates.
Meanwhile, the NSA maintains another secret program that enables officials to hack computers on a large scale basis. The program allegedly uses automating processes to use various methods to access the information of millions of computers. The NSA has also invested into the development of its own malware programs.
And of course, the United States government hacked Iran using the Stuxnet virus to stop the country’s nuclear program in 2007.
However, there was a case where the FBI was denied its request to hack a suspected criminal. The FBI requested permission to hack everything from photos to personal emails. The courts denied the request from the FBI as a violation of Rule 41.
So far, the FBI has never succeeded in receiving a warrant to hack in an overly intrusive way. The FBI is required to list specific things that it wants to access when hacking legally.
Despite this, the FBI often hacks without receiving a warrant. The FBI has theorized that the Fourth Amendment, protection against unreasonable searches and seizures, does not apply when they attempt to find information that is not constitutionally protected, such as someone’s name. The FBI has been known to deploy malware in order to determine the owner of a suspicious device.
Additionally, federal investigators have argued that targeted hacking does not necessarily constitute a search. According to them, it shouldn’t require a warrant. With ideologies like this, additional protections are severely needed.
So while the FBI continues to lobby for weakening encryption, the organization can still hack its way into almost whatever it wants to.