FBI Official Acknowledges Using Top Secret Hacking Weapons by Robert Hackett.
From the post:
The Federal Bureau of Investigation recently made an unprecedented admission: It uses undisclosed software vulnerabilities when hacking suspects’ computers.
Amy Hess, head of the FBI’s science and technology arm, recently went on the record about the practice with the Washington Post. “Hess acknowledged that the bureau uses zero-days,” the Post reported on Tuesday, using industry-speak for generally unknown computer bugs. The name derives from the way such flaws blind side security pros. By the time attackers have begun taking advantage of these coding flubs, software engineers are left with zero days to fix them.
Never before has an FBI official conceded the point, the Post notes. That’s noteworthy. Although the news itself is not exactly a shocker. It is well known among cybersecurity and privacy circles that the agency has had a zero day policy in place since 2010, thanks to documents obtained by the American Civil Liberties Union and published earlier this year on Wired. And working groups had been assembled at least two years earlier to begin mapping out that policy, as a document obtained by the Electronic Frontier Foundation privacy organization and also published on Wired shows. Now though, Hess, an executive assistant director with the FBI, seems to have confirmed the activity.
(People surmised as much after the FBI was outed as a customer of the Italian spyware firm Hacking Team after hackers stole some of its internal documents and published them online this year, too.)
The agency’s “network investigative techniques,” as these hacking operations are known, originate inside the FBI’s Operational Technology Division in an enclave known as its Remote Operations Unit, according to the Post. They’re rarely discussed publicly, and many privacy advocates have a number of concerns about the system, which they say could potentially be abused or have unsavory consequences.
…
Robert does a great job in covering this latest admission by the FBI and pointing to other resources to fill in its background.
It’s hard to think of a better precedent for this use of hacking weapons than of Silverthorne Lumber Co., Inc. v. United States
251 U.S. 385 (1920).
The opinion for the majority of the Supreme Court was delivered by Justice Holmes at the height of his career. It isn’t long so I quote the opinion in full:
This is a writ of error brought to reverse a judgment of the District Court fining the Silverthorne Lumber Company two hundred and fifty dollars for contempt of court and ordering Frederick W. Silverthorne to be imprisoned until he should purge himself of a similar contempt. The contempt in question was a refusal to obey subpoenas and an order of Court to produce books and documents of the company before the grand jury to be used in regard to alleged violation of the statutes of the United States by the said Silverthorne and his father. One ground of the refusal was that the order of the Court infringed the rights of the parties under the Fourth Amendment of the Constitution of the United States.
The facts are simple. An indictment upon a single specific charge having been brought against the two Silverthornes mentioned, they both were arrested at their homes early in the morning of February 25, and were detained in custody a number of hours. While they were thus detained, representatives of the Department of Justice and the United States marshal, without a shadow of authority, went to the office of their company and made a clean sweep of all the books, papers and documents found there. All the employes were taken or directed to go to the office of the District Attorney of the United States, to which also the books, &c., were taken at once. An application, was made as soon as might be to the District
Page 251 U. S. 391
Court for a return of what thus had been taken unlawfully. It was opposed by the District Attorney so far as he had found evidence against the plaintiffs in error, and it was stated that the evidence so obtained was before the grand jury. Color had been given by the District Attorney to the approach of those concerned in the act by an invalid subpoena for certain documents relating to the charge in the indictment then on file. Thus, the case is not that of knowledge acquired through the wrongful act of a stranger, but it must be assumed that the Government planned or at all events ratified, the whole performance. Photographs and copies of material papers were made, and a new indictment was framed based upon the knowledge thus obtained. The District Court ordered a return of the originals, but impounded the photographs and copies. Subpoenas to produce the originals then were served, and, on the refusal of the plaintiffs in error to produce them, the Court made an order that the subpoenas should be complied with, although it had found that all the papers had been seized in violation of the parties’ constitutional rights. The refusal to obey this order is the contempt alleged. The Government now, while in form repudiating and condemning the illegal seizure, seeks to maintain its right to avail itself of the knowledge obtained by that means which otherwise it would not have had.
The proposition could not be presented more nakedly. It is that, although, of course, its seizure was an outrage which the Government now regrets, it may study the papers before it returns them, copy them, and then may use the knowledge that it has gained to call upon the owners in a more regular form to produce them; that the protection of the Constitution covers the physical possession, but not any advantages that the Government can gain over the object of its pursuit by doing the forbidden act. Weeks v. United States, 232 U. S. 383, to be sure, had established that laying the papers directly before the grand jury was
Page 251 U. S. 392
unwarranted, but it is taken to mean only that two steps are required instead of one. In our opinion, such is not the law. It reduces the Fourth Amendment to a form of words. 232 U. S. 232 U.S. 393. The essence of a provision forbidding the acquisition of evidence in a certain way is that not merely evidence so acquired shall not be used before the Court, but that it shall not be used at all. Of course, this does not mean that the facts thus obtained become sacred and inaccessible. If knowledge of them is gained from an independent source they may be proved like any others, but the knowledge gained by the Government’s own wrong cannot be used by it in the way proposed. The numerous decisions, like Adams v. New York, 192 U. S. 585, holding that a collateral inquiry into the mode in which evidence has been got will not be allowed when the question is raised for the first time at the trial, are no authority in the present proceeding, as is explained in Weeks v. United States, 232 U. S. 383, 232 U. S. 394, 232 U. S. 395. Whether some of those decisions have gone too far or have given wrong reasons it is unnecessary to inquire; the principle applicable to the present case seems to us plain. It is stated satisfactorily in Flagg v. United States, 233 Fed.Rep. 481, 483. In Linn v. United States, 251 Fed.Rep. 476, 480, it was thought that a different rule applied to a corporation, on the ground that it was not privileged from producing its books and papers. But the rights of a corporation against unlawful search and seizure are to be protected even if the same result might have been achieved in a lawful way.
In classic Holmes style, the crux of the case mirrors the use of illegal means to gain information, which then shapes the use of more lawful means of investigation:
It is that, although, of course, its seizure was an outrage which the Government now regrets, it may study the papers before it returns them, copy them, and then may use the knowledge that it has gained to call upon the owners in a more regular form to produce them; that the protection of the Constitution covers the physical possession, but not any advantages that the Government can gain over the object of its pursuit by doing the forbidden act.
Concealment of the use of “top secret hacking weapons,” like flight, is more than ample evidence of a corporate “guilty mind” when it comes to illegal gathering of evidence. If it were pursuing lawful means of investigation, the FBI would not go to such lengths to conceal its activities. Interviews with witnesses, physical evidence, records, wiretaps, pen registers, etc. are all lawful and disclosed means of investigation in general and in individual cases.
The FBI as an organization has created a general exception to all criminal laws and the protections offered United States citizens, when and where its agents, not courts, decide such exceptions are necessary.
Privacy of individual citizens is at risk but the greater danger is the FBI being a lawless enterprise where its goals and priorities take precedent over both the laws of the United States and its Constitution.
The United States suffers from murders, rapes and bank robberies every week of the year, yet none of those grim statistics has forced the wholesale abandonment of the rule of law by law enforcement agencies. Prefacing attacks with the word “terrorist” should have no different result.