LAS VEGAS — The governments of 30 countries scattered around the globe have voted to allow their municipal police departments to use malware in their arsenals of crime fighting tools, computer security experts said at this week’s hacker conference.
Malware is now being used in criminal investigations by remotely inserting tracking technology into mobile phones and following suspects with geolocation technology remotely installed. It’s also used to infect suspects machines directly, noted security expert Mikko Hypponen.
[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1522265,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"A"}']The U.S. and Germany, with court-sanctioned green lights, have been using malware for years in investigations. Now many countries in Europe, Scandinavia in particular, and Asia are using malware alongside guns, ballistic vests, surveillance operations, and drones.
This raises all sorts of pertinent questions about civil liberties, security researcher Adam Kujawa of Malwarebytes said. And the practice is ripe for abusing by unscrupulous cops and investigators in their zeal to makes cases. This raises the specter that malware-surfaced information will increasingly be used in court cases as evidence, however questionable.
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
For Hyponnen, the issue is a worrisome one and invites myriad questions about civil liberties and the blatant potential for abuse of power.
“Finland passed a law allowing police to infect peoples computer’s with malware. If tools like these are being used, we need to have a conversation about it,” Hypponen, a security researcher at F-Secure, said.
Kujawa of Malwarebytes said the use of malware in criminal investigations is unavoidable. In fact, more than 2 billion people are using the Internet, and invariably, some of them are caught up in criminal enterprises.
“It makes sense. A lot of what you’re dealing with these days has a cyber connection, like email. Having controlled spyware would be beneficial to what law enforcement can do” in investigations, Kujawa said.
But Kujawa said the potential for abuse needs to be kept in check by authorities. Otherwise, you’re going to see cases tossed because of unsavory cops doing things they’re not supposed to do in criminal cases. Or innocent people wrongly locked up.
Hypponen said there’s already cases where cops have been called out.
[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":1522265,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"A"}']
“Demand transparency. If you’re investigated, they [police] have to tell you. If you’re innocent, they have to say they’re sorry,” he said.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More