Last week, a Texas judge denied a warrant request from the FBI that would have enabled federal gumshoes to snoop through his webcam, raising a question: Should the FBI be allowed to spy on you through your webcam?
An Ars Technica report noted that the practice requested by the bureau was similar to surveillance methods used by an online community called Ratters.
Named after the surveillance software called Remote Access Tools (RAT), Ratters trade secrets on how to hack into and take over webcams on personal computers.
They also trade photos of their targets, often unsuspecting women caught undressing, taken by the compromised webcams.
Texas Judge Stephen Smith denied the FBI request because the methods used would not only give the FBI access to the camera, but it would give them full control of the suspect’s computer, allowing them to access other files.
The judge also did not think that the bureau had provided him with enough information. Smith said he was not sure whether he even had the authority to permit a search that could occur outside of his district. All the FBI had was an email address.
“We continue to study the court’s opinion and have no further comment at this time,” a Justice Department spokesperson told The Daily Caller regarding Smith’s decision.
The invasive power that computer hacking enables makes it “really important that the courts and Congress be able to perform effective oversight over its use,” Chris Soghoian, principal technologist and senior policy analyst at the American Civil Liberties Union, told The Daily Caller.
“Our view is that hacking is such an invasive power, that judges really need to be kept in the loop — not just to authorize the sort of higher level concept of hacking, but to authorize how they’re going to do it too,” said Soghoian.
“If the FBI is going to pretend to be a U.S. company, the judge should be told; if the FBI is going to release a virus so it can spread from one computer to the next, the judge should be told because of the potential that it could spread to the computers of innocent people,” he said.
“If they’re going to leave a backdoor so that they can get access a week or a month or a year later, the judge should be told and should have to authorize that,” he said.
“Judges have security clearances,” said Soghoian. “The government can trust the judge; he’s not going to go off and blab to the press or tell the target,” he said.
The idea of government agencies using hacking methods to ascertain evidence is not, however, a foreign, or even unwelcome, concept in the tech community.
Security researcher Matt Blaze argued in a January piece in Wired that the federal government should focus on developing its hacking skills instead of mandating companies to create backdoors that they can use.
Blaze explained that mandated backdoors jeopardize the security of Internet users everywhere because criminals could find and exploit them.
Mandated backdoors, however, are only one form of risky government surveillance.
A multibillion dollar black market has existed for several years in which security research companies sell software vulnerabilities to foreign and domestic government agencies through defense contractors.
Recent reports by The Economist and MIT Technology Review found that software vulnerabilities are being sold on this market for prices ranging from tens of thousands of dollars to hundreds of thousands of dollars.
The buyers are western governments including the U.S. and Western European governments. The software vulnerabilities allow hackers access to consumer systems such as the Apple iPhone, Google Chrome and Microsoft Internet Explorer.
Director of National Intelligence James Clapper warned the Senate Select Committee on Intelligence in March that foreign governments “already use some of these tools to target U.S. systems.”
Such a black market only delays the improvements of cybersecurity for software companies and their customers, since governments will often pay more for an exploit than the vulnerable company.
While not much is known about the FBI’s hacking capabilities, Soghoian said that since the government had the target’s email in the case of the warrant request, it would most likely use a phishing email to enter the target’s computer systems.
Phishing emails are meant to trick the target into downloading a file or clicking on a link that installs a computer virus onto their system.
However, in order to seem legitimate to a target, an agency might pose as a friendly U.S. company — like Google, Facebook or PayPal.
Soghoian described both that tactic and the digital black market itself as “problematic” for cybersecurity development.
“I think it’s important for the public to understand that the FBI is in the hacking business, and that’s something the FBI hasn’t been too keen to advertise,” said.
“They describe themselves as the good guys, but they are in fact doing the same kind of stuff that the bad guys are doing, and in many cases are not keeping judges fully informed,” said
The FBI declined The Daily Caller’s request for comment.
