from the that-doesn't-make-you-safer dept
However, the FBI's use of zero day exploits has been much more of a black box. The FBI has a long history of using various hacking tools to break into computers, and the judicial system has been an ever obedient "overseer" in letting the FBI do damn close to whatever it pleases. But, now, for the first time, the FBI has publicly admitted to using zero day exploits. It comes out in a Washington Post profile of Amy Hess, who heads the Operational Technology Division (OTD) of the FBI.
The profile is pretty interesting, and there's lots of technical wizardry that I think most people would agree is good for the FBI to have for investigating crimes. But the surveillance aspects are pretty sketchy, as always. And here, Hess confesses to using zero days, though she insists that they're not really that useful:
Hess acknowledged that the bureau uses zero-days — the first time an official has done so. She said the trade-off is one the bureau wrestles with. “What is the greater good — to be able to identify a person who is threatening public safety?” Or to alert software makers to bugs that, if unpatched, could leave consumers vulnerable?The other tidbit worth reading discusses just how well the FBI informs judges when seeking warrants to use some of its more esoteric spy equipment. The answer, not surprisingly, is that it looks like the FBI frequently misleads the judiciary into the specifics of what it's really doing.
“How do we balance that?” she said. “That is a constant challenge for us.”
She added that hacking computers is not a favored FBI technique. “It’s frail,” she said. As soon as a tech firm updates its software, the tool vanishes. “It clearly is not reliable” in the way a traditional wiretap is, she said.
Another group that remains shrouded is OTD’s Remote Operations Unit. There, technicians with a warrant hack computers to identify suspects. Euphemistically called “network investigative techniques,” that activity has stirred concerns similar to those raised with the use of StingRays.It's these kinds of things that are wide open to abuse -- and the FBI has a very long and very detailed history of abusing its powers.
For one thing, the warrant applications do not describe the technique’s use in detail. So judges may not really understand what they are authorizing. Hess said that agents can describe the process more fully to a judge in closed chambers. That’s if the judge knows to ask.
Again, I think most people would agree that the FBI should have a strong technology team that is able to provide useful tools for criminal investigations. But there's a fine line between an investigation and illegal surveillance. And, at the same time, there's the issue of abusing exploits when they could be making the public safer by getting them patched.