The UK police and security services have frequently touted the necessity of “equipment interference” techniques — cyberweapons used to infect suspects’ computers — in their investigations, but they have refused to release any information about their use in response to 40 Freedom of Information requests from Motherboard.
All of these tools leverage vulnerabilities in widely used systems. There’s a roaring trade in discovering these vulnerabilities, weaponizing them, and selling them to police forces (EU companies like Hacking Team have been revealed as suppliers of these weapons to torturing, autocratic regimes around the world). The weapons rely on these vulnerabilities remaining intact and unpatched, which means that they’re exploitable by criminals, other countries’ spies, corporate espionage firms, griefers and voyeurs.
This contradiction between cyberweapon development and public safety makes the UK police’s lack of transparency all the more grave.
“The head of MI5 called for a ‘mature debate’ on investigatory powers. Point blank refusing to provide even basic answers to straightforward questions makes that debate impossible,” surveillance expert and privacy activist Eric King told Motherboard in an email in response to the unanswered FOIA requests.
“The cold winds of transparency are clearly making the police uncomfortable, but if they want a democratic mandate for these powers, they will need to tell Parliament and public more about how they’ve used them in the past. For capabilities as intrusive as computer hacking, continuing to pretend they don’t exist just won’t do.”
UK Police Are Using Hacking Tools, But Refuse to Say How
[Joseph Cox/Motherboard]
(Image: The famous revolving sign outside the current New Scotland Yard building, located in Victoria, London., Man Vyi, public domain)