NEWS FROM THE LAB - Wednesday, May 30, 2007

Should police hack? Posted by Mikko @ 09:55 GMT

Criminals use computers. Police forces around the world use computers, too. But when police need to investigate a possible crime, the methods they are allowed to use vary a lot from one country to another.

Police authorities in Germany have been prohibited from "hacking" into a suspect's computer by a February 2007 supreme court ruling. The German court determined that hacking techniques couldn't be used because no legal framework exists at present. This ruling leaves room for further debate, and Germany's Interior Minister Wolfgang Sch�uble will reportedly push for the legal changes needed to allow the police to perform such activities, known as "online house searches".

German law enforcement would like to search the contents of suspects' computers without the suspects knowing about it. Privacy advocates are concerned about such measures.

This formed the basis of a survey we conducted � should legitimate law enforcement authorities, such as the police, be allowed to use computer applications that would in other circumstances be considered malware? Should they be allowed to use hacking techniques to investigate suspects?

The February 6th opinion poll specifically asked: Should police authorities be allowed to "hack" a suspect's computer?

Out of the 1,020 respondents, 23% were in favor, 11% were undecided, and 65% were against. Approximately 70% of the responses were from one of five locations: Sweden, Germany, Great Britain, Finland, and the United States.

Over 91% of Germans were against such techniques, while only 56% of Britons were against them.

Considering the geopolitical factors and events such as the 2005 London bombings might explain the differences between these countries.

Respondents' comments noted that many would be willing to allow secret hacking techniques as long as law enforcement first obtained a warrant.

Could such "official" hacking software be a good thing? If the Internet is seen as a training camp for terrorists (as Minister Wolfgang Sch�uble has suggested), then hacking tools would be very useful and a potential benefit. Evidence could be gathered quickly and covertly from individuals operating within isolated cells. Covert collection of evidence is essential if all the cell members are to be identified in a timely fashion.

Recent reports from the UK pronounce that Scotland Yard has uncovered evidence of a bomb plot against the headquarters of Telehouse Europe. Detectives recovered computer files showing that suspects had targeted a "high-security internet hub" in London.

On the other hand -� much of this benefit is predicated on the theory that the tools will be properly handled. Police are generally trained in law enforcement and criminal investigation, not data security. It could be exceedingly difficult to corral and maintain hacking software. Once a suspect's computer is compromised, it might be infected by malware that then causes harm to innocent others

There is also the problem of the amount of data collected. "Online house searches" could yield such quantities of data that it overwhelms the signal with noise. The UK plot was uncovered with a series of raids. Police are trained to do physical investigations. Does the potential benefit of data collection with hack tools outweigh the potential distraction from the police's primary task?

And how should antivirus companies react to the existence of such malware? Detect it? Avoid detecting it on purpose? Avoid detecting hacking software used by goverments�of which country? Germany? USA? Israel? Egypt? Iran?

So should police hack? As it often is in life, even if the question is simple and straightforward, it might be hard to come up with a simple answer for it.

Mikko Hypponen

This article originally appeared in SC Magazine US